chore: update versions (next-7) (#4474 )

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
fix: render READMEs with correct font and highlighting (#4494 )
2024-02-11 23:16:30 +01:00 · 2024-02-11 18:05:48 +01:00 · 2024-02-11 17:44:31 +01:00 · 2024-02-11 17:08:45 +01:00 · 2024-02-11 16:58:41 +01:00 · 2024-02-11 16:30:26 +01:00
213 changed files with 11762 additions and 10326 deletions
--- a/.changeset/olive-bananas-wink.md
+++ b/.changeset/olive-bananas-wink.md
@@ -0,0 +1,7 @@
+---
+'@verdaccio/store': patch
+'@verdaccio/tarball': patch
+---
+
+- Fixes polynomial regular expression when determining the file name of tarball
+- Add tests for extracting tarball name
--- a/.changeset/pre.json
+++ b/.changeset/pre.json
@@ -1,6 +1,6 @@
 {
  "mode": "pre",
-  "tag": "next",
+  "tag": "next-7",
  "initialVersions": {
    "@verdaccio/test-cli-commons": "1.1.0",
    "@verdaccio/e2e-cli-npm6": "1.0.1",
@@ -64,9 +64,15 @@
    "eight-squids-judge",
    "long-jars-collect",
    "old-turkeys-heal",
+    "olive-bananas-wink",
    "perfect-chairs-act",
+    "real-socks-vanish",
    "shiny-worms-retire",
+    "shy-carrots-compare",
    "shy-garlics-cry",
-    "weak-fans-explain"
+    "strange-points-repair",
+    "weak-fans-explain",
+    "wild-otters-talk",
+    "young-donuts-own"
  ]
 }
--- a/.changeset/real-socks-vanish.md
+++ b/.changeset/real-socks-vanish.md
@@ -0,0 +1,5 @@
+---
+'verdaccio': patch
+---
+
+chore: test release
--- a/.changeset/shy-carrots-compare.md
+++ b/.changeset/shy-carrots-compare.md
@@ -0,0 +1,14 @@
+---
+'@verdaccio/server': minor
+'@verdaccio/test-helper': minor
+'@verdaccio/types': minor
+'@verdaccio/middleware': minor
+'@verdaccio/core': minor
+'@verdaccio/signature': minor
+'@verdaccio/url': minor
+'@verdaccio/config': minor
+'@verdaccio/auth': minor
+'@verdaccio/api': minor
+---
+
+refactor: auth with legacy sign support
--- a/.changeset/strange-points-repair.md
+++ b/.changeset/strange-points-repair.md
@@ -0,0 +1,6 @@
+---
+'@verdaccio/ui-theme': patch
+'@verdaccio/ui-components': patch
+---
+
+fix: render READMEs with correct font and highlighting
--- a/.changeset/wild-otters-talk.md
+++ b/.changeset/wild-otters-talk.md
@@ -0,0 +1,5 @@
+---
+'@verdaccio/api': patch
+---
+
+fix: bug on change password npm profile
--- a/.changeset/young-donuts-own.md
+++ b/.changeset/young-donuts-own.md
@@ -0,0 +1,5 @@
+---
+'@verdaccio/config': patch
+---
+
+chore(config): increase test coverage
--- a/.github/workflows/changesets.yml
+++ b/.github/workflows/changesets.yml
@@ -25,16 +25,16 @@ jobs:
          fetch-depth: 0

      - name: setup node.js
-        uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # tag=v3
+        uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3
        with:
          node-version-file: '.nvmrc'
        env:
          NODE_AUTH_TOKEN: ${{ secrets.REGISTRY_AUTH_TOKEN }}

-      - name: install pnpm
-        run: npm i pnpm@8.9.0 -g
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.REGISTRY_AUTH_TOKEN }}
+      - name: Install pnpm
+        run: |
+          corepack enable
+          corepack install

      - name: setup pnpm config
        run: pnpm config set store-dir $PNPM_CACHE_FOLDER
--- a/.github/workflows/ci-windows.yml
+++ b/.github/workflows/ci-windows.yml
@@ -20,7 +20,7 @@ jobs:
    steps:
    - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
    - name: Node
-      uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # tag=v3
+      uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3
      with:
        node-version-file: '.nvmrc'
    - name: Install pnpm
@@ -36,7 +36,7 @@ jobs:
    - name: Install
      run: pnpm install --registry http://localhost:4873
    - name: Cache .pnpm-store
-      uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+      uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3
      with:
        path: ~/.pnpm-store
        key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
@@ -49,12 +49,12 @@ jobs:
    steps:
      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
      - name: Node
-        uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # tag=v3
+        uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3
        with:
          node-version-file: '.nvmrc'
      - name: Install pnpm
        run: npm i pnpm@latest-8 -g
-      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+      - uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3
        with:
          path: ~/.pnpm-store
          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
@@ -73,12 +73,12 @@ jobs:
    steps:
      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
      - name: Use Node
-        uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # tag=v3
+        uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3
        with:
          node-version-file: '.nvmrc'
      - name: Install pnpm
        run: npm i pnpm@latest-8 -g
-      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+      - uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3
        with:
          path: ~/.pnpm-store
          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
@@ -102,12 +102,12 @@ jobs:
    steps:
      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
      - name: Use Node ${{ matrix.node_version }}
-        uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # tag=v3
+        uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3
        with:
          node-version: ${{ matrix.node_version }}
      - name: Install pnpm
        run: npm i pnpm@latest-8 -g
-      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+      - uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3
        with:
          path: ~/.pnpm-store
          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
@@ -127,12 +127,12 @@ jobs:
    name: UI Test E2E
    steps:
      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
-      - uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # tag=v3
+      - uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3
        with:
          node-version-file: '.nvmrc'
      - name: Install pnpm
        run: npm i pnpm@latest-8 -g
-      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+      - uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3
        with:
          path: ~/.pnpm-store
          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -29,7 +29,7 @@ jobs:
    steps:
      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
      - name: Node
-        uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # tag=v3
+        uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3
        with:
          node-version-file: '.nvmrc'
      - name: Install pnpm
@@ -43,7 +43,7 @@ jobs:
      - name: Install
        run: pnpm install  --registry http://localhost:4873
      - name: Cache .pnpm-store
-        uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+        uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3
        with:
          path: ~/.pnpm-store
          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
@@ -56,14 +56,14 @@ jobs:
    steps:
      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
      - name: Node
-        uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # tag=v3
+        uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3
        with:
          node-version-file: '.nvmrc'
      - name: Install pnpm
        run: |
          corepack enable
          corepack install
-      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+      - uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3
        with:
          path: ~/.pnpm-store
          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
@@ -81,14 +81,14 @@ jobs:
    steps:
      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
      - name: Use Node
-        uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # tag=v3
+        uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3
        with:
          node-version-file: '.nvmrc'
      - name: Install pnpm
        run: |
          corepack enable
          corepack install
-      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+      - uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3
        with:
          path: ~/.pnpm-store
          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
@@ -100,25 +100,25 @@ jobs:
      - name: Lint
        run: pnpm format:check
  test:
-    needs: [format, lint]
+    needs: [prepare]
    strategy:
      fail-fast: true
      matrix:
        os: [ubuntu-latest]
-        node_version: [18, 20]
+        node_version: [18, 20, 21]
    name: ${{ matrix.os }} / Node ${{ matrix.node_version }}
    runs-on: ${{ matrix.os }}
    steps:
      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
      - name: Use Node ${{ matrix.node_version }}
-        uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # tag=v3
+        uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3
        with:
          node-version: ${{ matrix.node_version }}
      - name: Install pnpm
        run: |
          corepack enable
-          corepack prepare --activate pnpm@8.9.0
-      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+          corepack prepare
+      - uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3
        with:
          path: ~/.pnpm-store
          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
@@ -138,14 +138,14 @@ jobs:
    if: (github.event_name == 'push' && github.ref == 'refs/heads/master') || github.event_name == 'workflow_dispatch'
    steps:
      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
-      - uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # tag=v3
+      - uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3
        with:
          node-version-file: '.nvmrc'
      - name: Install pnpm
        run: |
          corepack enable
          corepack install
-      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+      - uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3
        with:
          path: ~/.pnpm-store
          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -34,7 +34,7 @@ jobs:

      # Initializes the CodeQL tools for scanning.
      - name: Initialize CodeQL
-        uses: github/codeql-action/init@74483a38d39275f33fcff5f35b679b5ca4a26a99 # v2
+        uses: github/codeql-action/init@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v2

      # Override language selection by uncommenting this and choosing your languages
      # with:
@@ -42,7 +42,7 @@ jobs:
      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
      # If this step fails, then you should remove it and run the build manually (see below)
      - name: Autobuild
-        uses: github/codeql-action/autobuild@74483a38d39275f33fcff5f35b679b5ca4a26a99 # v2
+        uses: github/codeql-action/autobuild@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v2

      # ℹ️ Command-line programs to run using the OS shell.
      # 📚 https://git.io/JvXDl
@@ -56,4 +56,4 @@ jobs:
      #   make release

      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@74483a38d39275f33fcff5f35b679b5ca4a26a99 # v2
+        uses: github/codeql-action/analyze@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v2
--- a/.github/workflows/docker-proxy-apache-e2e.yml
+++ b/.github/workflows/docker-proxy-apache-e2e.yml
@@ -12,7 +12,8 @@ jobs:
  docker:
    timeout-minutes: 10
    runs-on: ubuntu-latest
-
+    env:
+      NODE_OPTIONS: --max_old_space_size=4096
    steps:
    - name: Checkout
      uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
@@ -21,15 +22,21 @@ jobs:
      run: docker-compose -f "./e2e/docker/apache-verdaccio/docker-compose.yaml" up -d --build

    - name: Install node
-      uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3
+      uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3
      with:
-        node-version: 18
+        node-version-file: '.nvmrc'
+    - name: npm setup
+      run: |
+        npm config set fetch-retries="10"
+        npm config set fetch-retry-factor="50"
+        npm config set fetch-retry-mintimeout="20000"
+        npm config set fetch-retry-maxtimeout="80000"          
    - name: verdaccio cli
      run: npm install -g verdaccio --registry http://localhost
    - name: gastby cli 
      run:  npm install -g gatsby-cli --registry http://localhost
-    - name: netlify cli 
-      run:  npm install -g netlify-cli --registry http://localhost
+    # - name: netlify cli 
+    #   run:  npm install -g netlify-cli --registry http://localhost
    - name: angular cli 
      run:  npm install -g @angular/cli --registry http://localhost

--- a/.github/workflows/docker-proxy-nginx-e2e.yml
+++ b/.github/workflows/docker-proxy-nginx-e2e.yml
@@ -9,7 +9,8 @@ jobs:
  docker:
    timeout-minutes: 10
    runs-on: ubuntu-latest
-
+    env:
+      NODE_OPTIONS: --max_old_space_size=4096
    steps:
    - name: Checkout
      uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
@@ -18,12 +19,12 @@ jobs:
      run: docker-compose -f "./e2e/docker/proxy-nginx/docker-compose.yaml" up -d --build

    - name: Install node
-      uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3
+      uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3
      with:
-        node-version: 18
+        node-version-file: '.nvmrc'
    - name: npm setup
      run: |
-        npm config set fetch-retries="5"
+        npm config set fetch-retries="10"
        npm config set fetch-retry-factor="50"
        npm config set fetch-retry-mintimeout="20000"
        npm config set fetch-retry-maxtimeout="80000"      
@@ -31,8 +32,8 @@ jobs:
      run: npm install -g verdaccio --registry http://localhost
    - name: gastby cli 
      run:  npm install -g gatsby-cli --registry http://localhost
-    - name: netlify cli 
-      run:  npm install -g netlify-cli --registry http://localhost
+    #- name: netlify cli 
+    #  run:  npm install -g netlify-cli --registry http://localhost
    - name: angular cli 
      run:  npm install -g @angular/cli --registry http://localhost

--- a/.github/workflows/e2e-ci.yml
+++ b/.github/workflows/e2e-ci.yml
@@ -17,13 +17,13 @@ jobs:
    steps:
      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
      - name: Use Node
-        uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # tag=v3
+        uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3
        with:
          node-version-file: '.nvmrc'
      - name: Install pnpm
        run: |
          corepack enable
-          corepack prepare --activate pnpm@8.9.0
+          corepack prepare 
      - name: set store
        run: |
          mkdir ~/.pnpm-store
@@ -31,7 +31,7 @@ jobs:
      - name: Install
        run: pnpm install --reporter=silence --ignore-scripts --registry http://localhost:4873
      - name: Cache .pnpm-store
-        uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+        uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3
        with:
          path: ~/.pnpm-store
          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
@@ -43,14 +43,14 @@ jobs:
    steps:
      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
      - name: Use Node 16
-        uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # tag=v3
+        uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3
        with:
          node-version-file: '.nvmrc'
      - name: Install pnpm
        run: |
          corepack enable
-          corepack prepare --activate pnpm@8.9.0
-      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+          corepack prepare 
+      - uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3
        with:
          path: ~/.pnpm-store
          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
@@ -62,7 +62,7 @@ jobs:
      - name: build
        run: pnpm build
      - name: Cache packages
-        uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+        uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3
        id: cache-packages
        with:
          path: ./packages/
@@ -77,7 +77,7 @@ jobs:
      #     key: test-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
      #     restore-keys: |
      #       test-
-  e2e-cli:
+  e2e-cli-npm:
    needs: [prepare, build]
    strategy:
      fail-fast: false
@@ -88,28 +88,21 @@ jobs:
            npm7,
            npm8,
            npm9,
-            npm10,
-            pnpm6,
-            pnpm7,
-            pnpm8,
-            yarn1,
-            yarn2,
-            yarn3,
-            yarn4,
+            npm10
          ]
-        node: [16, 18, 19]
+        node: [20, 21]
    name: ${{ matrix.pkg }}/ ubuntu-latest / ${{ matrix.node }}
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
-      - uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # tag=v3
+      - uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3
        with:
          node-version: ${{ matrix.node }}
      - name: Install pnpm
        run: |
          corepack enable
-          corepack prepare --activate pnpm@8.9.0
-      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+          corepack prepare 
+      - uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3
        with:
          path: ~/.pnpm-store
          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
@@ -118,7 +111,7 @@ jobs:
          pnpm config set store-dir ~/.pnpm-store
      - name: Install
        run: pnpm install --offline --reporter=silence --ignore-scripts --registry http://localhost:4873
-      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+      - uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3
        with:
          path: ./packages/
          key: pkg-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
@@ -130,3 +123,94 @@ jobs:
        run: pnpm --filter @verdaccio/test-cli-commons build
      - name: Test CLI
        run: NODE_ENV=production pnpm test --filter ...@verdaccio/e2e-cli-${{matrix.pkg}}
+  # TODO: fix pnpm setup
+  # e2e-cli-pnpm:
+  #   needs: [prepare, build]
+  #   strategy:
+  #     fail-fast: true
+  #     matrix:
+  #       pkg:
+  #         [          
+  #           pnpm6,
+  #           pnpm7,
+  #           pnpm8          
+  #         ]
+  #       node: [20, 21]
+  #   name: ${{ matrix.pkg }}/ ubuntu-latest / ${{ matrix.node }}
+  #   runs-on: ubuntu-latest
+  #   steps:
+  #     - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
+  #     - uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3
+  #       with:
+  #         node-version: ${{ matrix.node }}
+  #     - name: Install pnpm
+  #       run: |
+  #         corepack enable
+  #         corepack prepare
+  #     - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+  #       with:
+  #         path: ~/.pnpm-store
+  #         key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
+  #     - name: set store
+  #       run: |
+  #         pnpm config set store-dir ~/.pnpm-store
+  #     - name: Install
+  #       run: pnpm install --loglevel debug --ignore-scripts --registry http://localhost:4873
+  #     - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+  #       with:
+  #         path: ./packages/
+  #         key: pkg-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
+  #     # - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # tag=v3
+  #     #   with:
+  #     #     path: ./e2e/
+  #     #     key: test-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
+  #     - name: build e2e
+  #       run: pnpm --filter @verdaccio/test-cli-commons build
+  #     - name: Test CLI
+  #       run: NODE_ENV=production pnpm test --filter ...@verdaccio/e2e-cli-${{matrix.pkg}}
+  e2e-cli-yarn:
+    needs: [prepare, build]
+    strategy:
+      fail-fast: false
+      matrix:
+        pkg:
+          [           
+            yarn1,
+            yarn2,
+            yarn3,
+            yarn4
+          ]
+        node: [20, 21]
+    name: ${{ matrix.pkg }}/ ubuntu-latest / ${{ matrix.node }}
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
+      - uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3
+        with:
+          node-version: ${{ matrix.node }}
+      - name: Install pnpm
+        run: |
+          corepack enable
+          corepack prepare 
+      - uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3
+        with:
+          path: ~/.pnpm-store
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
+      - name: set store
+        run: |
+          pnpm config set store-dir ~/.pnpm-store
+      - name: Install
+        run: pnpm install --offline --reporter=silence --ignore-scripts --registry http://localhost:4873
+      - uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3
+        with:
+          path: ./packages/
+          key: pkg-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
+      # - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # tag=v3
+      #   with:
+      #     path: ./e2e/
+      #     key: test-${{ hashFiles('pnpm-lock.yaml') }}-${{ github.run_id }}-${{ github.sha }}
+      - name: build e2e
+        run: pnpm --filter @verdaccio/test-cli-commons build
+      - name: Test CLI
+        run: NODE_ENV=production pnpm test --filter ...@verdaccio/e2e-cli-${{matrix.pkg}}
+      
--- a/.github/workflows/e2e-ui.yml
+++ b/.github/workflows/e2e-ui.yml
@@ -17,13 +17,13 @@ jobs:
    steps:
      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
      - name: Use Node
-        uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # tag=v3
+        uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3
        with:
          node-version-file: '.nvmrc'
      - name: Install pnpm
        run: |
          corepack enable
-          corepack install
+          corepack prepare
      - name: Install
        run: pnpm install --reporter=silence --registry http://localhost:4873
      - name: build
--- a/.github/workflows/static-data.yml
+++ b/.github/workflows/static-data.yml
@@ -23,7 +23,7 @@ jobs:
        with:
          persist-credentials: false
          fetch-depth: 0
-      - uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # tag=v3
+      - uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3
        with:
          node-version: 18.x
      - name: install pnpm
--- a/.github/workflows/ui-components.yml
+++ b/.github/workflows/ui-components.yml
@@ -2,13 +2,6 @@ name: UI Components

 on: 
  workflow_dispatch:
-  pull_request:
-    paths:
-    - .github/workflows/ui-components.yml
-    - 'packages/ui-components/**'
-    - 'package.json'
-    - 'pnpm-workspace.yaml'
-    - 'pnpm-lock.yaml'

 permissions:
  contents: read  #  to fetch code (actions/checkout)
@@ -30,12 +23,12 @@ jobs:
      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3

      - name: Use Node
-        uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # tag=v3
+        uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3
        with:
          node-version-file: '.nvmrc'

      - name: Cache pnpm modules
-        uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+        uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3
        env:
          cache-name: cache-pnpm-modules
        with:
--- a/.github/workflows/website.yml
+++ b/.github/workflows/website.yml
@@ -3,6 +3,9 @@ name: Verdaccio Website CI
 on:
  workflow_dispatch:
  pull_request:
+    branches-ignore:
+      - 'renovate/*'
+      - 'dependabot/*'    
    paths:
        - 'website/**'
        - './.github/workflows/website.yml'
@@ -20,38 +23,46 @@ jobs:
      pull-requests: write  #  to comment on pull-requests

    runs-on: ubuntu-latest
+    name: setup verdaccio
+    services:
+      verdaccio:
+        image: verdaccio/verdaccio:5
+        ports:
+          - 4873:4873
+        env:
+          NODE_ENV: production    
    env:
      NODE_OPTIONS: --max_old_space_size=4096
    steps:
      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3

-      - name: Use Node 16
-        uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # tag=v3
+      - name: Node
+        uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3
        with:
-          node-version: 16
-
-      - name: Cache pnpm modules
-        uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
-        env:
-          cache-name: cache-pnpm-modules
+          node-version-file: '.nvmrc'
+      - name: Install pnpm
+        run: |
+          corepack enable
+          corepack install
+      - name: set store
+        run: |
+          mkdir ~/.pnpm-store
+          pnpm config set store-dir ~/.pnpm-store
+      - name: Install
+        run: pnpm install  --registry http://localhost:4873
+      - name: Cache .pnpm-store
+        uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3
        with:
          path: ~/.pnpm-store
-          key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ matrix.node-version }}-${{ hashFiles('**/pnpm-lock.yaml') }}
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
          restore-keys: |
-            ${{ runner.os }}-build-${{ env.cache-name }}-${{ matrix.node-version }}-
-
-      - uses: pnpm/action-setup@d882d12c64e032187b2edb46d3a0d003b7a43598 # tag=v2.4.0
-        with:
-          version: latest-8
-          run_install: |
-            - recursive: true
-              args: [--frozen-lockfile]
+            pnpm-          
      - name: Build 
        run: pnpm build
      - name: Build Translations percentage
        run: pnpm --filter @verdaccio/crowdin-translations build
      - name: Cache Docusaurus Build
-        uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+        uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3
        with:
          path: website/node_modules/.cache/webpack
          key: cache/webpack-${{github.ref}}-${{ hashFiles('**/pnpm-lock.yaml') }}
@@ -100,7 +111,7 @@ jobs:
      - name: Audit preview URL with Lighthouse
        if: github.repository == 'verdaccio/verdaccio'
        id: lighthouse_audit
-        uses: treosh/lighthouse-ci-action@03becbfc543944dd6e7534f7ff768abb8a296826 # tag=10.1.0
+        uses: treosh/lighthouse-ci-action@1b0e7c33270fbba31a18a0fbb1de7cc5256b6d39 # tag=11.4.0
        with:
          urls: |
            ${{ steps.netlify_preview.outputs.preview-url }}
@@ -109,7 +120,7 @@ jobs:

      - name: Format lighthouse score
        id: format_lighthouse_score
-        uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # tag=v6
+        uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6
        with:
          github-token: ${{secrets.GITHUB_TOKEN}}
          script: |
@@ -134,7 +145,7 @@ jobs:
      - name: Add comment to PR
        if: github.repository == 'verdaccio/verdaccio'
        id: comment_to_pr
-        uses: marocchino/sticky-pull-request-comment@efaaab3fd41a9c3de579aba759d2552635e590fd # v2
+        uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31 # v2
        with:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          number: ${{ github.event.issue.number }}
--- a/.npmrc
+++ b/.npmrc
@@ -1,3 +1,2 @@
 always-auth = true
-loglevel=info
 fetch-retries="10"
--- a/.prettierrc
+++ b/.prettierrc
@@ -0,0 +1,15 @@
+{
+  "endOfLine": "lf",
+  "useTabs": false,
+  "printWidth": 100,
+  "tabWidth": 2,
+  "singleQuote": true,
+  "bracketSpacing": true,
+  "trailingComma": "es5",
+  "semi": true,
+  "plugins": ["@trivago/prettier-plugin-sort-imports"],
+  "importOrder": ["^@verdaccio/(.*)$", "^[./]"],
+  "importOrderSeparation": true,
+  "importOrderParserPlugins": ["typescript", "classProperties", "jsx"],
+  "importOrderSortSpecifiers": true
+}
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -1,13 +1,10 @@
 // Place your settings in this file to overwrite default and user settings.
 {
  "files.exclude": {
-    "**/.nyc_output": true,
    "**/build": false,
    "**/coverage": true,
    ".idea": true,
-    "storage_default_storage": true,
-    ".yarn": true
  },
-  "editor.formatOnSave": true,
-  "typescript.tsdk": "node_modules/typescript/lib"
+  "editor.defaultFormatter": "esbenp.prettier-vscode",
+  "editor.formatOnSave": true
 }
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -29,6 +29,8 @@ The Verdaccio project is split into several areas, the first three hosted in the

 ## Prepare local setup {#local-setup}

+**Note**: The size of the Verdaccio project is quite significant. Unzipped it is about 33 MB. However, a full build with all node_modules installed takes about **2.8 GB** of disk space (~190k files)!
+
 Verdaccio uses [pnpm](https://pnpm.io) as the package manager for development in this repository.

 If you are using pnpm for the first time the [pnpm configuration documentation](https://pnpm.io/configuring) may be useful to avoid any potential problems with the following steps.
@@ -46,16 +48,15 @@ We use [corepack](https://github.com/nodejs/corepack) to install and use a speci
 ```shell
 nvm install
 corepack enable
-corepack install
 ```

 `pnpm` version will be updated mainly by the maintainers but if you would like to set it to a specific version, you can do so by running the following command:

-```shell
-corepack use pnpm@8.9.1
-```
+> `packageManager` at the `package.json` defines the default version to be used.

-It will update the `package.json` file with the new version of pnpm in the `packageManager` field.
+```shell
+corepack prepare
+```

 With pnpm installed, the first step is installing all dependencies:

--- a/4
+++ b/4
@@ -1,4 +1,4 @@
-FROM --platform=${BUILDPLATFORM:-linux/amd64} node:18-alpine as builder
+FROM --platform=${BUILDPLATFORM:-linux/amd64} node:21-alpine as builder

 ENV NODE_ENV=development \
    VERDACCIO_BUILD_REGISTRY=https://registry.npmjs.org
@@ -20,7 +20,7 @@ RUN npm -g i pnpm@8.9.0 && \
 # NODE_ENV=production pnpm install --frozen-lockfile --ignore-scripts
 # RUN pnpm install --prod --ignore-scripts

-FROM node:18-alpine
+FROM node:21-alpine
 LABEL maintainer="https://github.com/verdaccio/verdaccio"

 ENV VERDACCIO_APPDIR=/opt/verdaccio \
--- a/2
+++ b/2
@@ -1,6 +1,6 @@
 MIT License

-Copyright (c) 2021 Verdaccio contributors
+Copyright (c) 2024 Verdaccio contributors

 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
--- a/README.md
+++ b/README.md
@@ -33,7 +33,6 @@ Google Cloud Storage** or create your own plugin.
 [![MIT](https://img.shields.io/github/license/mashape/apistatus.svg)](https://github.com/verdaccio/verdaccio/blob/master/LICENSE)
 [![Crowdin](https://d322cqt584bo4o.cloudfront.net/verdaccio/localized.svg)](https://crowdin.com/project/verdaccio)

-[![Twitter followers](https://img.shields.io/twitter/follow/verdaccio_npm.svg?style=social&label=Follow)](https://twitter.com/verdaccio_npm)
 [![Github](https://img.shields.io/github/stars/verdaccio/verdaccio.svg?style=social&label=Stars)](https://github.com/verdaccio/verdaccio/stargazers)
 [![StandWithUkraine](https://raw.githubusercontent.com/vshymanskyy/StandWithUkraine/main/badges/StandWithUkraine.svg)](https://github.com/vshymanskyy/StandWithUkraine/blob/main/docs/README.md)

--- a/docker-examples/v6/plugins/docker-local-plugin/plugins/verdaccio-docker-memory/lib/local-memory.js
+++ b/docker-examples/v6/plugins/docker-local-plugin/plugins/verdaccio-docker-memory/lib/local-memory.js
@@ -91,8 +91,8 @@ class LocalMemory {
      (_this$data = this.data) === null || _this$data === void 0
        ? void 0
        : (_this$data$list = _this$data.list) === null || _this$data$list === void 0
-        ? void 0
-        : _this$data$list.length
+          ? void 0
+          : _this$data$list.length
    );
    return Promise.resolve(
      (_this$data2 = this.data) === null || _this$data2 === void 0 ? void 0 : _this$data2.list
--- a/e2e/cli/cli-commons/package.json
+++ b/e2e/cli/cli-commons/package.json
@@ -5,16 +5,16 @@
  "main": "./build/index.js",
  "types": "./build/index.d.ts",
  "devDependencies": {
-    "@verdaccio/config": "workspace:7.0.0-next.4",
-    "@verdaccio/core": "workspace:7.0.0-next.4",
-    "@verdaccio/types": "workspace:12.0.0-next.1",
+    "@verdaccio/config": "workspace:7.0.0-next-7.8",
+    "@verdaccio/core": "workspace:7.0.0-next-7.8",
+    "@verdaccio/types": "workspace:12.0.0-next.2",
    "debug": "4.3.4",
-    "fs-extra": "10.1.0",
+    "fs-extra": "11.2.0",
+    "get-port": "5.1.1",
    "got": "11.8.6",
    "js-yaml": "4.1.0",
-    "get-port": "5.1.1",
    "lodash": "4.17.21",
-    "verdaccio": "workspace:7.0.0-next.4"
+    "verdaccio": "workspace:7.0.0-next-7.8"
  },
  "scripts": {
    "test": "jest",
--- a/e2e/cli/e2e-npm10/package.json
+++ b/e2e/cli/e2e-npm10/package.json
@@ -4,7 +4,7 @@
  "version": "1.0.1",
  "dependencies": {
    "@verdaccio/test-cli-commons": "workspace:1.1.0",
-    "npm": "10.1.0"
+    "npm": "10.3.0"
  },
  "scripts": {
    "test": "jest"
--- a/e2e/cli/e2e-npm6/package.json
+++ b/e2e/cli/e2e-npm6/package.json
@@ -4,7 +4,7 @@
  "version": "1.0.1",
  "dependencies": {
    "@verdaccio/test-cli-commons": "workspace:1.1.0",
-    "npm": "9.7.1"
+    "npm": "9.9.2"
  },
  "scripts": {
    "test": "jest"
--- a/e2e/cli/e2e-npm7/package.json
+++ b/e2e/cli/e2e-npm7/package.json
@@ -4,7 +4,7 @@
  "version": "1.0.1",
  "dependencies": {
    "@verdaccio/test-cli-commons": "workspace:1.1.0",
-    "npm": "9.7.1"
+    "npm": "9.9.2"
  },
  "scripts": {
    "test": "jest"
--- a/e2e/cli/e2e-npm8/package.json
+++ b/e2e/cli/e2e-npm8/package.json
@@ -4,7 +4,7 @@
  "version": "1.0.1",
  "dependencies": {
    "@verdaccio/test-cli-commons": "workspace:1.1.0",
-    "npm": "9.7.1"
+    "npm": "9.9.2"
  },
  "scripts": {
    "test": "jest"
--- a/e2e/cli/e2e-npm9/package.json
+++ b/e2e/cli/e2e-npm9/package.json
@@ -4,7 +4,7 @@
  "version": "1.0.1",
  "dependencies": {
    "@verdaccio/test-cli-commons": "workspace:1.1.0",
-    "npm": "9.7.1"
+    "npm": "9.9.2"
  },
  "scripts": {
    "test": "jest"
--- a/e2e/cli/e2e-yarn1/package.json
+++ b/e2e/cli/e2e-yarn1/package.json
@@ -4,7 +4,7 @@
  "version": "1.0.1",
  "dependencies": {
    "@verdaccio/test-cli-commons": "workspace:1.1.0",
-    "yarn": "1.22.19"
+    "yarn": "1.22.21"
  },
  "scripts": {
    "test": "jest"
--- a/e2e/ui/cypress.config.ts
+++ b/e2e/ui/cypress.config.ts
@@ -9,6 +9,10 @@ import { generatePackageMetadata } from '@verdaccio/test-helper';

 let registry1;
 export default defineConfig({
+  retries: {
+    runMode: 5,
+    openMode: 0,
+  },
  e2e: {
    setupNodeEvents(on) {
      on('before:run', async () => {
--- a/e2e/ui/package.json
+++ b/e2e/ui/package.json
@@ -3,12 +3,12 @@
  "name": "@verdaccio/e2e-ui",
  "version": "2.0.0",
  "devDependencies": {
-    "verdaccio": "workspace:7.0.0-next.4",
-    "@verdaccio/core": "workspace:7.0.0-next.4",
-    "@verdaccio/config": "workspace:7.0.0-next.4",
-    "@verdaccio/test-helper": "workspace:3.0.0-next.0",
+    "verdaccio": "workspace:7.0.0-next-7.8",
+    "@verdaccio/core": "workspace:7.0.0-next-7.8",
+    "@verdaccio/config": "workspace:7.0.0-next-7.8",
+    "@verdaccio/test-helper": "workspace:3.0.0-next.1",
    "debug": "4.3.4",
-    "cypress": "^11.2.0",
+    "cypress": "^13.6.0",
    "get-port": "5.1.1"
  },
  "scripts": {
--- a/jest/config.js
+++ b/jest/config.js
@@ -4,7 +4,7 @@ module.exports = {
    '^.+\\.(js|ts)$': 'babel-jest',
  },
  verbose: false,
-  collectCoverage: true,
+  collectCoverage: false,
  coverageReporters: ['text', 'html'],
  collectCoverageFrom: ['src/**/*.ts', '!**/node_modules/**', '!**/partials/**', '!**/fixture/**'],
  coveragePathIgnorePatterns: ['node_modules', 'fixtures'],
--- a/netlify.toml
+++ b/netlify.toml
@@ -17,3 +17,11 @@

 [[plugins]]
 package = "../.netlify/netlify-plugin-pnpm"
+
+[[headers]]
+for = "/*"
+[headers.values]
+X-Frame-Options = "DENY"
+X-XSS-Protection = "1; mode=block"
+X-Content-Type-Options = "nosniff"
+Referrer-Policy = "no-referrer"
--- a/package.json
+++ b/package.json
@@ -15,92 +15,90 @@
    "url": "https://opencollective.com/verdaccio"
  },
  "devDependencies": {
-    "@babel/cli": "7.23.0",
-    "@babel/core": "7.23.2",
-    "@babel/eslint-parser": "7.22.15",
-    "@babel/node": "7.22.19",
+    "@babel/cli": "7.23.9",
+    "@babel/core": "7.23.9",
+    "@babel/eslint-parser": "7.23.3",
+    "@babel/node": "7.23.9",
    "@babel/plugin-proposal-class-properties": "7.18.6",
-    "@babel/plugin-proposal-decorators": "7.23.2",
+    "@babel/plugin-proposal-decorators": "7.23.9",
    "@babel/plugin-proposal-export-namespace-from": "7.18.9",
-    "@babel/plugin-proposal-function-sent": "7.22.5",
+    "@babel/plugin-proposal-function-sent": "7.23.3",
    "@babel/plugin-proposal-json-strings": "7.18.6",
    "@babel/plugin-proposal-nullish-coalescing-operator": "7.18.6",
    "@babel/plugin-proposal-numeric-separator": "7.18.6",
    "@babel/plugin-proposal-object-rest-spread": "7.20.7",
    "@babel/plugin-proposal-optional-chaining": "7.21.0",
-    "@babel/plugin-proposal-throw-expressions": "7.22.5",
+    "@babel/plugin-proposal-throw-expressions": "7.23.3",
    "@babel/plugin-syntax-dynamic-import": "7.8.3",
    "@babel/plugin-syntax-import-meta": "7.10.4",
-    "@babel/plugin-transform-async-to-generator": "7.22.5",
-    "@babel/plugin-transform-classes": "7.22.15",
-    "@babel/plugin-transform-runtime": "7.23.2",
-    "@babel/preset-env": "7.23.2",
-    "@babel/preset-react": "7.22.15",
-    "@babel/preset-typescript": "7.23.2",
-    "@babel/register": "7.22.15",
-    "@babel/runtime": "7.23.2",
-    "@changesets/changelog-github": "0.4.8",
-    "@changesets/cli": "2.24.4",
+    "@babel/plugin-transform-async-to-generator": "7.23.3",
+    "@babel/plugin-transform-classes": "7.23.8",
+    "@babel/plugin-transform-runtime": "7.23.9",
+    "@babel/preset-env": "7.23.9",
+    "@babel/preset-react": "7.23.3",
+    "@babel/preset-typescript": "7.23.3",
+    "@babel/register": "7.23.7",
+    "@babel/runtime": "7.23.9",
+    "@changesets/changelog-github": "0.5.0",
+    "@changesets/cli": "2.27.1",
    "@changesets/get-dependents-graph": "1.3.6",
-    "@crowdin/cli": "3.14.0",
+    "@crowdin/cli": "3.16.1",
    "@dianmora/contributors": "5.0.0",
    "@emotion/react": "11.10.6",
    "@emotion/styled": "11.10.6",
-    "@testing-library/dom": "9.3.3",
-    "@testing-library/jest-dom": "6.1.4",
-    "@testing-library/react": "14.0.0",
-    "@trivago/prettier-plugin-sort-imports": "^4.2.0",
-    "@types/async": "3.2.21",
-    "@types/body-parser": "1.19.2",
-    "@types/connect": "3.4.36",
-    "@types/cookiejar": "2.1.2",
-    "@types/debug": "^4.1.9",
-    "@types/express": "4.17.18",
-    "@types/express-serve-static-core": "4.17.37",
-    "@types/http-errors": "2.0.2",
-    "@types/jest": "29.5.5",
-    "@types/jsonwebtoken": "9.0.3",
-    "@types/lodash": "4.14.199",
-    "@types/mime": "3.0.2",
+    "@testing-library/dom": "9.3.4",
+    "@testing-library/jest-dom": "6.3.0",
+    "@testing-library/react": "14.1.2",
+    "@trivago/prettier-plugin-sort-imports": "4.3.0",
+    "@types/body-parser": "1.19.5",
+    "@types/connect": "3.4.38",
+    "@types/cookiejar": "2.1.5",
+    "@types/debug": "4.1.12",
+    "@types/express": "4.17.21",
+    "@types/express-serve-static-core": "4.17.42",
+    "@types/http-errors": "2.0.4",
+    "@types/jest": "29.5.11",
+    "@types/jsonwebtoken": "9.0.5",
+    "@types/lodash": "4.14.202",
+    "@types/mime": "3.0.4",
    "@types/minimatch": "5.1.2",
-    "@types/node": "20.8.3",
-    "@types/node-fetch": "2.6.6",
-    "@types/qs": "6.9.8",
-    "@types/range-parser": "1.2.5",
-    "@types/react": "18.2.25",
-    "@types/react-dom": "18.2.11",
+    "@types/node": "20.11.7",
+    "@types/node-fetch": "2.6.11",
+    "@types/qs": "6.9.11",
+    "@types/range-parser": "1.2.7",
+    "@types/react": "18.2.48",
+    "@types/react-dom": "18.2.18",
    "@types/react-router-dom": "5.3.3",
-    "@types/react-virtualized": "9.21.23",
+    "@types/react-virtualized": "9.21.29",
    "@types/redux": "3.6.0",
-    "@types/request": "2.48.9",
-    "@types/semver": "7.5.3",
-    "@types/send": "0.17.2",
-    "@types/serve-static": "1.15.3",
-    "@types/superagent": "4.1.19",
-    "@types/supertest": "2.0.14",
+    "@types/semver": "7.5.6",
+    "@types/send": "0.17.4",
+    "@types/serve-static": "1.15.5",
+    "@types/superagent": "4.1.24",
+    "@types/supertest": "2.0.16",
    "@types/testing-library__jest-dom": "6.0.0",
-    "@types/validator": "13.11.2",
-    "@types/webpack": "5.28.3",
-    "@types/webpack-env": "1.18.2",
-    "@typescript-eslint/eslint-plugin": "6.9.0",
-    "@typescript-eslint/parser": "6.9.0",
+    "@types/validator": "13.11.8",
+    "@types/webpack": "5.28.5",
+    "@types/webpack-env": "1.18.4",
+    "@typescript-eslint/eslint-plugin": "6.19.1",
+    "@typescript-eslint/parser": "6.19.1",
    "@verdaccio/crowdin-translations": "workspace:*",
    "@verdaccio/eslint-config": "workspace:*",
    "@verdaccio/types": "workspace:*",
    "@verdaccio/ui-theme": "workspace:*",
-    "@vitest/coverage-v8": "^0.34.6",
+    "@vitest/coverage-v8": "0.34.6",
    "babel-core": "7.0.0-bridge.0",
    "babel-jest": "29.7.0",
    "babel-plugin-dynamic-import-node": "2.3.3",
    "babel-plugin-emotion": "11.0.0",
-    "concurrently": "6.5.1",
+    "concurrently": "8.2.2",
    "cross-env": "7.0.3",
    "debug": "4.3.4",
    "detect-secrets": "1.0.6",
-    "eslint": "8.52.0",
-    "fs-extra": "10.1.0",
+    "eslint": "8.56.0",
+    "fs-extra": "11.2.0",
    "got": "11.8.6",
-    "husky": "7.0.4",
+    "husky": "8.0.3",
    "in-publish": "2.0.1",
    "jest": "29.7.0",
    "jest-diff": "29.7.0",
@@ -110,23 +108,24 @@
    "jest-junit": "16.0.0",
    "kleur": "4.1.5",
    "lint-staged": "11.2.6",
-    "nock": "13.3.3",
-    "nodemon": "2.0.22",
-    "npm-run-all": "4.1.5",
-    "prettier": "2.8.8",
+    "nock": "13.5.1",
+    "nodemon": "3.0.3",
+    "npm-run-all2": "5.0.0",
+    "prettier": "3.2.2",
    "react": "18.2.0",
    "react-dom": "18.2.0",
-    "rimraf": "3.0.2",
-    "selfsigned": "1.10.14",
-    "supertest": "6.3.3",
-    "ts-node": "10.9.1",
-    "typescript": "5.2.2",
-    "update-ts-references": "2.6.1",
+    "rimraf": "5.0.5",
+    "selfsigned": "2.4.1",
+    "supertest": "6.3.4",
+    "ts-node": "10.9.2",
+    "typescript": "5.3.3",
+    "undici-types": "5.28.2",
+    "update-ts-references": "3.2.1",
    "verdaccio-audit": "workspace:*",
    "verdaccio-auth-memory": "workspace:*",
    "verdaccio-htpasswd": "workspace:*",
    "verdaccio-memory": "workspace:*",
-    "vitest": "^0.34.3"
+    "vitest": "0.34.6"
  },
  "scripts": {
    "prepare": "husky install",
@@ -172,12 +171,6 @@
    "local:publish": "cross-env npm_config_registry=http://localhost:4873 changeset publish --no-git-tag",
    "local:publish:release": "concurrently \"pnpm local:registry\" \"pnpm local:publish\""
  },
-  "pnpm": {
-    "overrides": {
-      "got": "11.8.5",
-      "p-cancelable": "2.1.1"
-    }
-  },
  "engines": {
    "node": ">=18"
  },
@@ -186,5 +179,5 @@
    "*.{js,jsx,ts,tsx,json,yml,yaml,md}": "prettier --write",
    "*.{js,jsx,ts,tsx}": "eslint --cache --fix"
  },
-  "packageManager": "pnpm@8.9.0+sha256.8f5264ad1d100da11a6add6bb8a94c6f1e913f9e9261b2a551fabefad2ec0fec"
+  "packageManager": "pnpm@8.14.0+sha256.9cebf61abd83f68177b29484da72da9751390eaad46dfc3072d266bfbb1ba7bf"
 }
--- a/packages/api/CHANGELOG.md
+++ b/packages/api/CHANGELOG.md
@@ -1,5 +1,61 @@
 # @verdaccio/api

+## 7.0.0-next-7.8
+
+### Patch Changes
+
+- 74cd588: fix: bug on change password npm profile
+  - @verdaccio/core@7.0.0-next-7.8
+  - @verdaccio/config@7.0.0-next-7.8
+  - @verdaccio/auth@7.0.0-next-7.8
+  - @verdaccio/middleware@7.0.0-next-7.8
+  - @verdaccio/store@7.0.0-next-7.8
+  - @verdaccio/utils@7.0.0-next-7.8
+  - @verdaccio/logger@7.0.0-next-7.8
+
+## 7.0.0-next-7.7
+
+### Patch Changes
+
+- @verdaccio/core@7.0.0-next-7.7
+- @verdaccio/config@7.0.0-next-7.7
+- @verdaccio/auth@7.0.0-next-7.7
+- @verdaccio/middleware@7.0.0-next-7.7
+- @verdaccio/store@7.0.0-next-7.7
+- @verdaccio/utils@7.0.0-next-7.7
+- @verdaccio/logger@7.0.0-next-7.7
+
+## 7.0.0-next.6
+
+### Patch Changes
+
+- Updated dependencies [e14b064]
+- Updated dependencies [4d96324]
+  - @verdaccio/store@7.0.0-next.6
+  - @verdaccio/config@7.0.0-next.6
+  - @verdaccio/auth@7.0.0-next.6
+  - @verdaccio/middleware@7.0.0-next.6
+  - @verdaccio/core@7.0.0-next.6
+  - @verdaccio/utils@7.0.0-next.6
+  - @verdaccio/logger@7.0.0-next.6
+
+## 7.0.0-next.5
+
+### Minor Changes
+
+- f047cc8: refactor: auth with legacy sign support
+
+### Patch Changes
+
+- Updated dependencies [f047cc8]
+  - @verdaccio/middleware@7.0.0-next.5
+  - @verdaccio/core@7.0.0-next.5
+  - @verdaccio/config@7.0.0-next.5
+  - @verdaccio/auth@7.0.0-next.5
+  - @verdaccio/store@7.0.0-next.5
+  - @verdaccio/logger@7.0.0-next.5
+  - @verdaccio/utils@7.0.0-next.5
+
 ## 7.0.0-next.4

 ### Patch Changes
--- a/packages/api/jest.config.js
+++ b/packages/api/jest.config.js
@@ -1,10 +1,3 @@
 const config = require('../../jest/config');

-module.exports = Object.assign({}, config, {
-  coverageThreshold: {
-    global: {
-      // FIXME: increase to 90
-      lines: 60,
-    },
-  },
-});
+module.exports = Object.assign({}, config, {});
--- a/packages/api/package.json
+++ b/packages/api/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@verdaccio/api",
-  "version": "7.0.0-next.4",
+  "version": "7.0.0-next-7.8",
  "description": "loaders logic",
  "main": "./build/index.js",
  "types": "build/index.d.ts",
@@ -38,16 +38,16 @@
  },
  "license": "MIT",
  "dependencies": {
-    "@verdaccio/auth": "workspace:7.0.0-next.4",
-    "@verdaccio/config": "workspace:7.0.0-next.4",
-    "@verdaccio/core": "workspace:7.0.0-next.4",
-    "@verdaccio/logger": "workspace:7.0.0-next.4",
-    "@verdaccio/middleware": "workspace:7.0.0-next.4",
-    "@verdaccio/store": "workspace:7.0.0-next.4",
-    "@verdaccio/utils": "workspace:7.0.0-next.4",
+    "@verdaccio/auth": "workspace:7.0.0-next-7.8",
+    "@verdaccio/config": "workspace:7.0.0-next-7.8",
+    "@verdaccio/core": "workspace:7.0.0-next-7.8",
+    "@verdaccio/logger": "workspace:7.0.0-next-7.8",
+    "@verdaccio/middleware": "workspace:7.0.0-next-7.8",
+    "@verdaccio/store": "workspace:7.0.0-next-7.8",
+    "@verdaccio/utils": "workspace:7.0.0-next-7.8",
    "abortcontroller-polyfill": "1.7.5",
    "body-parser": "1.20.2",
-    "cookies": "0.8.0",
+    "cookies": "0.9.0",
    "debug": "4.3.4",
    "express": "4.18.2",
    "lodash": "4.17.21",
@@ -55,12 +55,11 @@
    "semver": "7.5.4"
  },
  "devDependencies": {
-    "@verdaccio/server": "workspace:7.0.0-next.4",
-    "@verdaccio/test-helper": "workspace:3.0.0-next.0",
-    "@verdaccio/types": "workspace:12.0.0-next.1",
+    "@verdaccio/test-helper": "workspace:3.0.0-next.1",
+    "@verdaccio/types": "workspace:12.0.0-next.2",
    "mockdate": "3.0.5",
-    "nock": "13.3.3",
-    "supertest": "6.3.3"
+    "nock": "13.5.1",
+    "supertest": "6.3.4"
  },
  "funding": {
    "type": "opencollective",
--- a/packages/api/src/v1/profile.ts
+++ b/packages/api/src/v1/profile.ts
@@ -81,15 +81,17 @@ export default function (route: Router, auth: Auth, config: Config): void {
          /* eslint new-cap:off */
        }

+        if (_.isEmpty(password.old)) {
+          return next(errorUtils.getBadRequest('old password is required'));
+        }
+
        auth.changePassword(
          name,
          password.old,
          password.new,
          (err, isUpdated): $NextFunctionVer => {
            if (_.isNull(err) === false) {
-              return next(
-                errorUtils.getCode(err.status, err.message) || errorUtils.getConflict(err.message)
-              );
+              return next(errorUtils.getForbidden(err.message));
            }

            if (isUpdated) {
--- a/packages/api/test/integration/config/profile.yaml
+++ b/packages/api/test/integration/config/profile.yaml
@@ -0,0 +1,27 @@
+auth:
+  htpasswd:
+    file: ./htpasswd-profile
+web:
+  enable: true
+  title: verdaccio
+
+uplinks:
+
+log: { type: stdout, format: pretty, level: trace }
+
+packages:
+  '@*/*':
+    access: $all
+    publish: $all
+    unpublish: $all
+    proxy: npmjs
+  'verdaccio':
+    access: $all
+    publish: $all
+  '**':
+    access: $all
+    publish: $all
+    unpublish: $all
+    proxy: npmjs
+
+_debug: true
--- a/packages/api/test/integration/package.spec.ts
+++ b/packages/api/test/integration/package.spec.ts
@@ -26,8 +26,8 @@ describe('package', () => {
    });

    test.each([
-      ['foo', 'foo-1.0.0.tgz'],
-      ['@scope/foo', 'foo-1.0.0.tgz'],
+      ['foo2', 'foo2-1.0.0.tgz'],
+      ['@scope/foo2', 'foo2-1.0.0.tgz'],
    ])('should fails if tarball does not exist', async (pkg, fileName) => {
      await publishVersion(app, pkg, '1.0.1');
      return await supertest(app)
--- a/packages/api/test/integration/profile.spec.ts
+++ b/packages/api/test/integration/profile.spec.ts
@@ -0,0 +1,111 @@
+import supertest from 'supertest';
+
+import { HEADERS, HEADER_TYPE, HTTP_STATUS, TOKEN_BEARER } from '@verdaccio/core';
+import { buildToken } from '@verdaccio/utils';
+
+import { createUser, initializeServer } from './_helper';
+
+describe('profile ', () => {
+  describe('get profile ', () => {
+    test('should return Unauthorized if header token is missing', async () => {
+      const app = await initializeServer('profile.yaml');
+      return supertest(app)
+        .get('/-/npm/v1/user')
+        .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET)
+        .expect(HTTP_STATUS.UNAUTHORIZED);
+    });
+
+    test('should return user details', async () => {
+      const app = await initializeServer('profile.yaml');
+      const credentials = { name: 'test', password: 'test' };
+      const response = await createUser(app, credentials.name, credentials.password);
+      return supertest(app)
+        .get('/-/npm/v1/user')
+        .set(HEADERS.AUTHORIZATION, buildToken(TOKEN_BEARER, response.body.token))
+        .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET)
+        .expect(HTTP_STATUS.OK);
+    });
+  });
+  describe('post profile ', () => {
+    test('should return Unauthorized if header token is missing', async () => {
+      const app = await initializeServer('profile.yaml');
+      return supertest(app)
+        .post('/-/npm/v1/user')
+        .send({})
+        .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET)
+        .expect(HTTP_STATUS.UNAUTHORIZED);
+    });
+
+    test('should return handle to short new password', async () => {
+      const app = await initializeServer('profile.yaml');
+      const credentials = { name: 'test', password: 'test' };
+      const response = await createUser(app, credentials.name, credentials.password);
+      return supertest(app)
+        .post('/-/npm/v1/user')
+        .send({ password: { new: '_' } })
+        .set(HEADERS.AUTHORIZATION, buildToken(TOKEN_BEARER, response.body.token))
+        .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET)
+        .expect(HTTP_STATUS.UNAUTHORIZED);
+    });
+
+    test('should return handle to missing old password', async () => {
+      const app = await initializeServer('profile.yaml');
+      const credentials = { name: 'test', password: 'test' };
+      const response = await createUser(app, credentials.name, credentials.password);
+      return supertest(app)
+        .post('/-/npm/v1/user')
+        .send({ password: { new: 'fooooo', old: undefined } })
+        .set(HEADERS.AUTHORIZATION, buildToken(TOKEN_BEARER, response.body.token))
+        .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET)
+        .expect(HTTP_STATUS.BAD_REQUEST);
+    });
+
+    test('should return handle to missing password', async () => {
+      const app = await initializeServer('profile.yaml');
+      const credentials = { name: 'test', password: 'test' };
+      const response = await createUser(app, credentials.name, credentials.password);
+      return supertest(app)
+        .post('/-/npm/v1/user')
+        .send({ another: '_' })
+        .set(HEADERS.AUTHORIZATION, buildToken(TOKEN_BEARER, response.body.token))
+        .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET)
+        .expect(HTTP_STATUS.INTERNAL_ERROR);
+    });
+
+    test('should return handle change password', async () => {
+      const app = await initializeServer('profile.yaml');
+      const credentials = { name: 'test', password: 'test' };
+      const response = await createUser(app, credentials.name, credentials.password);
+      return supertest(app)
+        .post('/-/npm/v1/user')
+        .send({ password: { new: 'good password_.%#@$@#$@#', old: 'test' } })
+        .set(HEADERS.AUTHORIZATION, buildToken(TOKEN_BEARER, response.body.token))
+        .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET)
+        .expect(HTTP_STATUS.OK);
+    });
+
+    test('should return handle change password failure', async () => {
+      const app = await initializeServer('profile.yaml');
+      const credentials = { name: 'test', password: 'test' };
+      const response = await createUser(app, credentials.name, credentials.password);
+      return supertest(app)
+        .post('/-/npm/v1/user')
+        .send({ password: { new: 'good password_.%#@$@#$@#', old: 'test_do_not_match' } })
+        .set(HEADERS.AUTHORIZATION, buildToken(TOKEN_BEARER, response.body.token))
+        .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET)
+        .expect(HTTP_STATUS.FORBIDDEN);
+    });
+
+    test('should handle tfa ( two factor auth) disabled', async () => {
+      const app = await initializeServer('profile.yaml');
+      const credentials = { name: 'test', password: 'test' };
+      const response = await createUser(app, credentials.name, credentials.password);
+      return supertest(app)
+        .post('/-/npm/v1/user')
+        .send({ tfa: '_' })
+        .set(HEADERS.AUTHORIZATION, buildToken(TOKEN_BEARER, response.body.token))
+        .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET)
+        .expect(HTTP_STATUS.SERVICE_UNAVAILABLE);
+    });
+  });
+});
--- a/packages/auth/CHANGELOG.md
+++ b/packages/auth/CHANGELOG.md
@@ -1,5 +1,59 @@
 # @verdaccio/auth

+## 7.0.0-next-7.8
+
+### Patch Changes
+
+- @verdaccio/core@7.0.0-next-7.8
+- @verdaccio/config@7.0.0-next-7.8
+- @verdaccio/loaders@7.0.0-next-7.8
+- verdaccio-htpasswd@12.0.0-next-7.8
+- @verdaccio/utils@7.0.0-next-7.8
+- @verdaccio/signature@7.0.0-next.3
+- @verdaccio/logger@7.0.0-next-7.8
+
+## 7.0.0-next-7.7
+
+### Patch Changes
+
+- @verdaccio/core@7.0.0-next-7.7
+- @verdaccio/config@7.0.0-next-7.7
+- @verdaccio/loaders@7.0.0-next-7.7
+- verdaccio-htpasswd@12.0.0-next-7.7
+- @verdaccio/utils@7.0.0-next-7.7
+- @verdaccio/signature@7.0.0-next.3
+- @verdaccio/logger@7.0.0-next-7.7
+
+## 7.0.0-next.6
+
+### Patch Changes
+
+- Updated dependencies [4d96324]
+  - @verdaccio/config@7.0.0-next.6
+  - @verdaccio/loaders@7.0.0-next.6
+  - verdaccio-htpasswd@12.0.0-next.6
+  - @verdaccio/signature@7.0.0-next.3
+  - @verdaccio/core@7.0.0-next.6
+  - @verdaccio/utils@7.0.0-next.6
+  - @verdaccio/logger@7.0.0-next.6
+
+## 7.0.0-next.5
+
+### Minor Changes
+
+- f047cc8: refactor: auth with legacy sign support
+
+### Patch Changes
+
+- Updated dependencies [f047cc8]
+  - @verdaccio/core@7.0.0-next.5
+  - @verdaccio/signature@7.0.0-next.3
+  - @verdaccio/config@7.0.0-next.5
+  - @verdaccio/loaders@7.0.0-next.5
+  - @verdaccio/logger@7.0.0-next.5
+  - verdaccio-htpasswd@12.0.0-next.5
+  - @verdaccio/utils@7.0.0-next.5
+
 ## 7.0.0-next.4

 ### Patch Changes
--- a/packages/auth/package.json
+++ b/packages/auth/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@verdaccio/auth",
-  "version": "7.0.0-next.4",
+  "version": "7.0.0-next-7.8",
  "description": "logger",
  "main": "./build/index.js",
  "types": "./build/index.d.ts",
@@ -38,19 +38,21 @@
  },
  "license": "MIT",
  "dependencies": {
-    "@verdaccio/core": "workspace:7.0.0-next.4",
-    "@verdaccio/config": "workspace:7.0.0-next.4",
-    "@verdaccio/loaders": "workspace:7.0.0-next.4",
-    "@verdaccio/logger": "workspace:7.0.0-next.4",
-    "@verdaccio/signature": "workspace:7.0.0-next.2",
-    "@verdaccio/utils": "workspace:7.0.0-next.4",
+    "@verdaccio/core": "workspace:7.0.0-next-7.8",
+    "@verdaccio/config": "workspace:7.0.0-next-7.8",
+    "@verdaccio/loaders": "workspace:7.0.0-next-7.8",
+    "@verdaccio/logger": "workspace:7.0.0-next-7.8",
+    "@verdaccio/signature": "workspace:7.0.0-next.3",
+    "@verdaccio/utils": "workspace:7.0.0-next-7.8",
    "debug": "4.3.4",
-    "express": "4.18.2",
    "lodash": "4.17.21",
-    "verdaccio-htpasswd": "workspace:12.0.0-next.4"
+    "verdaccio-htpasswd": "workspace:12.0.0-next-7.8"
  },
  "devDependencies": {
-    "@verdaccio/types": "workspace:12.0.0-next.1"
+    "express": "4.18.2",
+    "supertest": "6.3.4",
+    "@verdaccio/middleware": "workspace:7.0.0-next-7.8",
+    "@verdaccio/types": "workspace:12.0.0-next.2"
  },
  "funding": {
    "type": "opencollective",
--- a/packages/auth/src/auth.ts
+++ b/packages/auth/src/auth.ts
@@ -1,5 +1,4 @@
 import buildDebug from 'debug';
-import { NextFunction, Request, Response } from 'express';
 import _ from 'lodash';
 import { HTPasswd } from 'verdaccio-htpasswd';

@@ -12,22 +11,36 @@ import {
  VerdaccioError,
  errorUtils,
  pluginUtils,
+  warningUtils,
 } from '@verdaccio/core';
+import '@verdaccio/core';
 import { asyncLoadPlugin } from '@verdaccio/loaders';
 import { logger } from '@verdaccio/logger';
-import { aesEncrypt, parseBasicPayload, signPayload } from '@verdaccio/signature';
+import {
+  aesEncrypt,
+  aesEncryptDeprecated,
+  parseBasicPayload,
+  signPayload,
+} from '@verdaccio/signature';
 import {
  AllowAccess,
  Callback,
  Config,
  JWTSignOptions,
-  Logger,
  PackageAccess,
  RemoteUser,
  Security,
 } from '@verdaccio/types';
 import { getMatchedPackagesSpec, isFunction, isNil } from '@verdaccio/utils';

+import {
+  $RequestExtend,
+  $ResponseExtend,
+  AESPayload,
+  IAuthMiddleware,
+  NextFunction,
+  TokenEncryption,
+} from './types';
 import {
  convertPayloadToBase64,
  getDefaultPlugins,
@@ -40,25 +53,6 @@ import {

 const debug = buildDebug('verdaccio:auth');

-export interface TokenEncryption {
-  jwtEncrypt(user: RemoteUser, signOptions: JWTSignOptions): Promise<string>;
-  aesEncrypt(buf: string): string | void;
-}
-
-// remove
-export interface AESPayload {
-  user: string;
-  password: string;
-}
-export interface IAuthMiddleware {
-  apiJWTmiddleware(): $NextFunctionVer;
-  webUIJWTmiddleware(): $NextFunctionVer;
-}
-
-export type $RequestExtend = Request & { remote_user?: any; log: Logger };
-export type $ResponseExtend = Response & { cookies?: any };
-export type $NextFunctionVer = NextFunction & any;
-
 class Auth implements IAuthMiddleware, TokenEncryption, pluginUtils.IBasicAuth {
  public config: Config;
  public secret: string;
@@ -75,6 +69,7 @@ class Auth implements IAuthMiddleware, TokenEncryption, pluginUtils.IBasicAuth {

  public async init() {
    let plugins = (await this.loadPlugin()) as pluginUtils.Auth<unknown>[];
+
    debug('auth plugins found %s', plugins.length);
    if (!plugins || plugins.length === 0) {
      plugins = this.loadDefaultPlugin();
@@ -226,29 +221,32 @@ class Auth implements IAuthMiddleware, TokenEncryption, pluginUtils.IBasicAuth {
    debug('add user %o', user);

    (function next(): void {
+      let method = 'adduser';
      const plugin = plugins.shift() as pluginUtils.Auth<Config>;
-      if (typeof plugin.adduser !== 'function') {
+      // @ts-expect-error future major (7.x) should remove this section
+      if (typeof plugin.adduser === 'undefined' && typeof plugin.add_user === 'function') {
+        method = 'add_user';
+        warningUtils.emit(warningUtils.Codes.VERWAR006);
+      }
+      // @ts-ignore
+      if (typeof plugin[method] !== 'function') {
        next();
      } else {
-        // @ts-expect-error future major (7.x) should remove this section
-        if (typeof plugin.adduser === 'undefined' && typeof plugin.add_user === 'function') {
-          throw errorUtils.getInternalError(
-            'add_user method not longer supported, rename to adduser'
-          );
-        }
-
-        plugin.adduser(
+        // TODO: replace by adduser whenever add_user deprecation method has been removed
+        // @ts-ignore
+        plugin[method](
          user,
          password,
          function (err: VerdaccioError | null, ok?: boolean | string): void {
            if (err) {
-              debug('the user  %o could not being added. Error: %o', user, err?.message);
+              debug('the user %o could not being added. Error: %o', user, err?.message);
              return cb(err);
            }
            if (ok) {
              debug('the user %o has been added', user);
              return self.authenticate(user, password, cb);
            }
+            debug('user could not be added, skip to next auth plugin');
            next();
          }
        );
@@ -375,7 +373,7 @@ class Auth implements IAuthMiddleware, TokenEncryption, pluginUtils.IBasicAuth {
    })();
  }

-  public apiJWTmiddleware() {
+  public apiJWTmiddleware(): any {
    debug('jwt middleware');
    const plugins = this.plugins.slice(0);
    const helpers = { createAnonymousRemoteUser, createRemoteUser };
@@ -387,8 +385,7 @@ class Auth implements IAuthMiddleware, TokenEncryption, pluginUtils.IBasicAuth {

    return (req: $RequestExtend, res: $ResponseExtend, _next: NextFunction) => {
      req.pause();
-
-      const next = function (err?: VerdaccioError): any {
+      const next = function (err?: VerdaccioError): NextFunction {
        req.resume();
        // uncomment this to reject users with bad auth headers
        // return _next.apply(null, arguments)
@@ -398,13 +395,14 @@ class Auth implements IAuthMiddleware, TokenEncryption, pluginUtils.IBasicAuth {
          req.remote_user.error = err.message;
        }

-        return _next();
+        return _next() as unknown as NextFunction;
      };

-      if (this._isRemoteUserValid(req.remote_user)) {
-        debug('jwt has a valid authentication header');
-        return next();
-      }
+      // FUTURE: disabled, not removed yet but seems unreacable code
+      // if (this._isRemoteUserValid(req.remote_user)) {
+      //   debug('jwt has a valid authentication header');
+      //   return next();
+      // }

      // in case auth header does not exist we return anonymous function
      const remoteUser = createAnonymousRemoteUser();
@@ -425,20 +423,20 @@ class Auth implements IAuthMiddleware, TokenEncryption, pluginUtils.IBasicAuth {

      if (isAESLegacy(security)) {
        debug('api middleware using legacy auth token');
-        this._handleAESMiddleware(req, security, secret, authorization, next);
+        this.handleAESMiddleware(req, security, secret, authorization, next);
      } else {
        debug('api middleware using JWT auth token');
-        this._handleJWTAPIMiddleware(req, security, secret, authorization, next);
+        this.handleJWTAPIMiddleware(req, security, secret, authorization, next);
      }
    };
  }

-  private _handleJWTAPIMiddleware(
+  private handleJWTAPIMiddleware(
    req: $RequestExtend,
    security: Security,
    secret: string,
    authorization: string,
-    next: Function
+    next: any
  ): void {
    debug('handle JWT api middleware');
    const { scheme, token } = parseAuthTokenHeader(authorization);
@@ -475,7 +473,7 @@ class Auth implements IAuthMiddleware, TokenEncryption, pluginUtils.IBasicAuth {
    }
  }

-  private _handleAESMiddleware(
+  private handleAESMiddleware(
    req: $RequestExtend,
    security: Security,
    secret: string,
@@ -485,7 +483,12 @@ class Auth implements IAuthMiddleware, TokenEncryption, pluginUtils.IBasicAuth {
    debug('handle legacy api middleware');
    debug('api middleware secret %o', typeof secret === 'string');
    debug('api middleware authorization %o', typeof authorization === 'string');
-    const credentials: any = getMiddlewareCredentials(security, secret, authorization);
+    const credentials: any = getMiddlewareCredentials(
+      security,
+      secret,
+      authorization,
+      this.config?.getEnhancedLegacySignature()
+    );
    debug('api middleware credentials %o', credentials?.name);
    if (credentials) {
      const { user, password } = credentials;
@@ -515,7 +518,7 @@ class Auth implements IAuthMiddleware, TokenEncryption, pluginUtils.IBasicAuth {
  /**
   * JWT middleware for WebUI
   */
-  public webUIJWTmiddleware(): $NextFunctionVer {
+  public webUIJWTmiddleware() {
    return (req: $RequestExtend, res: $ResponseExtend, _next: NextFunction): void => {
      if (this._isRemoteUserValid(req.remote_user)) {
        return _next();
@@ -525,7 +528,7 @@ class Auth implements IAuthMiddleware, TokenEncryption, pluginUtils.IBasicAuth {
      const next = (err: VerdaccioError | void): void => {
        req.resume();
        if (err) {
-          // req.remote_user.error = err.message;
+          req.remote_user.error = err.message;
          res.status(err.statusCode).send(err.message);
        }

@@ -576,7 +579,6 @@ class Auth implements IAuthMiddleware, TokenEncryption, pluginUtils.IBasicAuth {
      name,
      groups: groupedGroups,
    };
-
    const token: string = await signPayload(payload, this.secret, signOptions);

    return token;
@@ -586,7 +588,17 @@ class Auth implements IAuthMiddleware, TokenEncryption, pluginUtils.IBasicAuth {
   * Encrypt a string.
   */
  public aesEncrypt(value: string): string | void {
-    return aesEncrypt(value, this.secret);
+    // enhancedLegacySignature enables modern aes192 algorithm signature
+    if (this.config?.getEnhancedLegacySignature()) {
+      debug('signing with enhaced aes legacy');
+      const token = aesEncrypt(value, this.secret);
+      return token;
+    } else {
+      debug('signing with enhaced aes deprecated legacy');
+      // deprecated aes (legacy) signature, only must be used for legacy version
+      const token = aesEncryptDeprecated(Buffer.from(value), this.secret).toString('base64');
+      return token;
+    }
  }
 }

--- a/packages/auth/src/index.ts
+++ b/packages/auth/src/index.ts
@@ -1,2 +1,3 @@
 export { Auth } from './auth';
 export * from './utils';
+export * from './types';
--- a/packages/auth/src/signature-legacy.ts
+++ b/packages/auth/src/signature-legacy.ts
@@ -0,0 +1,66 @@
+import buildDebug from 'debug';
+import _ from 'lodash';
+
+import { TOKEN_BASIC, TOKEN_BEARER } from '@verdaccio/core';
+import { aesDecryptDeprecated as aesDecrypt, parseBasicPayload } from '@verdaccio/signature';
+import { Security } from '@verdaccio/types';
+
+import { AuthMiddlewarePayload } from './types';
+import {
+  convertPayloadToBase64,
+  isAESLegacy,
+  parseAuthTokenHeader,
+  verifyJWTPayload,
+} from './utils';
+
+const debug = buildDebug('verdaccio:auth:utils');
+
+export function parseAESCredentials(authorizationHeader: string, secret: string) {
+  debug('parseAESCredentials');
+  const { scheme, token } = parseAuthTokenHeader(authorizationHeader);
+
+  // basic is deprecated and should not be enforced
+  // basic is currently being used for functional test
+  if (scheme.toUpperCase() === TOKEN_BASIC.toUpperCase()) {
+    debug('legacy header basic');
+    const credentials = convertPayloadToBase64(token).toString();
+
+    return credentials;
+  } else if (scheme.toUpperCase() === TOKEN_BEARER.toUpperCase()) {
+    debug('legacy header bearer');
+    const credentials = aesDecrypt(Buffer.from(token), secret);
+
+    return credentials;
+  }
+}
+
+export function getMiddlewareCredentials(
+  security: Security,
+  secretKey: string,
+  authorizationHeader: string
+): AuthMiddlewarePayload {
+  debug('getMiddlewareCredentials');
+  // comment out for debugging purposes
+  if (isAESLegacy(security)) {
+    debug('is legacy');
+    const credentials = parseAESCredentials(authorizationHeader, secretKey);
+    if (typeof credentials !== 'string') {
+      debug('parse legacy credentials failed');
+      return;
+    }
+
+    const parsedCredentials = parseBasicPayload(credentials);
+    if (!parsedCredentials) {
+      debug('parse legacy basic payload credentials failed');
+      return;
+    }
+
+    return parsedCredentials;
+  }
+  const { scheme, token } = parseAuthTokenHeader(authorizationHeader);
+
+  debug('is jwt');
+  if (_.isString(token) && scheme.toUpperCase() === TOKEN_BEARER.toUpperCase()) {
+    return verifyJWTPayload(token, secretKey);
+  }
+}
--- a/packages/auth/src/signature.ts
+++ b/packages/auth/src/signature.ts
@@ -0,0 +1,66 @@
+import buildDebug from 'debug';
+import _ from 'lodash';
+
+import { TOKEN_BASIC, TOKEN_BEARER } from '@verdaccio/core';
+import { aesDecrypt, parseBasicPayload } from '@verdaccio/signature';
+import { Security } from '@verdaccio/types';
+
+import { AuthMiddlewarePayload } from './types';
+import {
+  convertPayloadToBase64,
+  isAESLegacy,
+  parseAuthTokenHeader,
+  verifyJWTPayload,
+} from './utils';
+
+const debug = buildDebug('verdaccio:auth:utils');
+
+export function parseAESCredentials(authorizationHeader: string, secret: string) {
+  debug('parseAESCredentials');
+  const { scheme, token } = parseAuthTokenHeader(authorizationHeader);
+
+  // basic is deprecated and should not be enforced
+  // basic is currently being used for functional test
+  if (scheme.toUpperCase() === TOKEN_BASIC.toUpperCase()) {
+    debug('legacy header basic');
+    const credentials = convertPayloadToBase64(token).toString();
+
+    return credentials;
+  } else if (scheme.toUpperCase() === TOKEN_BEARER.toUpperCase()) {
+    debug('legacy header bearer');
+    const credentials = aesDecrypt(token, secret);
+
+    return credentials;
+  }
+}
+
+export function getMiddlewareCredentials(
+  security: Security,
+  secretKey: string,
+  authorizationHeader: string
+): AuthMiddlewarePayload {
+  debug('getMiddlewareCredentials');
+  // comment out for debugging purposes
+  if (isAESLegacy(security)) {
+    debug('is legacy');
+    const credentials = parseAESCredentials(authorizationHeader, secretKey);
+    if (!credentials) {
+      debug('parse legacy credentials failed');
+      return;
+    }
+
+    const parsedCredentials = parseBasicPayload(credentials);
+    if (!parsedCredentials) {
+      debug('parse legacy basic payload credentials failed');
+      return;
+    }
+
+    return parsedCredentials;
+  }
+  const { scheme, token } = parseAuthTokenHeader(authorizationHeader);
+
+  debug('is jwt');
+  if (_.isString(token) && scheme.toUpperCase() === TOKEN_BEARER.toUpperCase()) {
+    return verifyJWTPayload(token, secretKey);
+  }
+}
--- a/packages/auth/src/types.ts
+++ b/packages/auth/src/types.ts
@@ -0,0 +1,46 @@
+import { NextFunction, Request, Response } from 'express';
+
+import { VerdaccioError } from '@verdaccio/core';
+import { AuthPackageAllow, JWTSignOptions, Logger, RemoteUser } from '@verdaccio/types';
+
+export interface AESPayload {
+  user: string;
+  password: string;
+}
+
+export type BasicPayload = AESPayload | void;
+export type AuthMiddlewarePayload = RemoteUser | BasicPayload;
+
+export interface AuthTokenHeader {
+  scheme: string;
+  token: string;
+}
+export type AllowActionCallbackResponse = boolean | undefined;
+export type AllowActionCallback = (
+  error: VerdaccioError | null,
+  allowed?: AllowActionCallbackResponse
+) => void;
+
+export type AllowAction = (
+  user: RemoteUser,
+  pkg: AuthPackageAllow,
+  callback: AllowActionCallback
+) => void;
+
+export interface TokenEncryption {
+  jwtEncrypt(user: RemoteUser, signOptions: JWTSignOptions): Promise<string>;
+  aesEncrypt(buf: string): string | void;
+}
+
+export type ActionsAllowed = 'publish' | 'unpublish' | 'access';
+
+// remove
+export interface IAuthMiddleware {
+  apiJWTmiddleware(): $NextFunctionVer;
+  webUIJWTmiddleware(): $NextFunctionVer;
+}
+
+export type $RequestExtend = Request & { remote_user?: any; log: Logger };
+export type $ResponseExtend = Response & { cookies?: any };
+export type $NextFunctionVer = NextFunction & any;
+export { NextFunction };
--- a/packages/auth/src/utils.ts
+++ b/packages/auth/src/utils.ts
@@ -7,36 +7,28 @@ import {
  HTTP_STATUS,
  TOKEN_BASIC,
  TOKEN_BEARER,
-  VerdaccioError,
  errorUtils,
  pluginUtils,
 } from '@verdaccio/core';
-import { aesDecrypt, parseBasicPayload, verifyPayload } from '@verdaccio/signature';
+import {
+  aesDecrypt,
+  aesDecryptDeprecated,
+  parseBasicPayload,
+  verifyPayload,
+} from '@verdaccio/signature';
 import { AuthPackageAllow, Config, Logger, RemoteUser, Security } from '@verdaccio/types';

-import { AESPayload, TokenEncryption } from './auth';
+import {
+  ActionsAllowed,
+  AllowAction,
+  AllowActionCallback,
+  AuthMiddlewarePayload,
+  AuthTokenHeader,
+  TokenEncryption,
+} from './types';

 const debug = buildDebug('verdaccio:auth:utils');

-export type BasicPayload = AESPayload | void;
-export type AuthMiddlewarePayload = RemoteUser | BasicPayload;
-
-export interface AuthTokenHeader {
-  scheme: string;
-  token: string;
-}
-export type AllowActionCallbackResponse = boolean | undefined;
-export type AllowActionCallback = (
-  error: VerdaccioError | null,
-  allowed?: AllowActionCallbackResponse
-) => void;
-
-export type AllowAction = (
-  user: RemoteUser,
-  pkg: AuthPackageAllow,
-  callback: AllowActionCallback
-) => void;
-
 /**
 * Split authentication header eg: Bearer [secret_token]
 * @param authorizationHeader auth token
@@ -48,7 +40,11 @@ export function parseAuthTokenHeader(authorizationHeader: string): AuthTokenHead
  return { scheme, token };
 }

-export function parseAESCredentials(authorizationHeader: string, secret: string) {
+export function parseAESCredentials(
+  authorizationHeader: string,
+  secret: string,
+  enhanced: boolean
+) {
  debug('parseAESCredentials');
  const { scheme, token } = parseAuthTokenHeader(authorizationHeader);

@@ -61,7 +57,11 @@ export function parseAESCredentials(authorizationHeader: string, secret: string)
    return credentials;
  } else if (scheme.toUpperCase() === TOKEN_BEARER.toUpperCase()) {
    debug('legacy header bearer');
-    const credentials = aesDecrypt(token, secret);
+    debug('legacy header enhanced?', enhanced);
+    const credentials = enhanced
+      ? aesDecrypt(token.toString(), secret)
+      : // FUTURE: once deprecated legacy is removed this logic won't be longer need it
+        aesDecryptDeprecated(convertPayloadToBase64(token), secret).toString('utf-8');

    return credentials;
  }
@@ -70,13 +70,14 @@ export function parseAESCredentials(authorizationHeader: string, secret: string)
 export function getMiddlewareCredentials(
  security: Security,
  secretKey: string,
-  authorizationHeader: string
+  authorizationHeader: string,
+  enhanced: boolean = true
 ): AuthMiddlewarePayload {
  debug('getMiddlewareCredentials');
  // comment out for debugging purposes
  if (isAESLegacy(security)) {
    debug('is legacy');
-    const credentials = parseAESCredentials(authorizationHeader, secretKey);
+    const credentials = parseAESCredentials(authorizationHeader, secretKey, enhanced);
    if (!credentials) {
      debug('parse legacy credentials failed');
      return;
@@ -161,14 +162,15 @@ export function isAuthHeaderValid(authorization: string): boolean {
 export function getDefaultPlugins(logger: Logger): pluginUtils.Auth<Config> {
  return {
    authenticate(_user: string, _password: string, cb: pluginUtils.AuthCallback): void {
+      debug('triggered default authenticate method');
      cb(errorUtils.getForbidden(API_ERROR.BAD_USERNAME_PASSWORD));
    },

    adduser(_user: string, _password: string, cb: pluginUtils.AuthUserCallback): void {
+      debug('triggered default adduser method');
      return cb(errorUtils.getConflict(API_ERROR.BAD_USERNAME_PASSWORD));
    },

-    // FIXME: allow_action and allow_publish should be in the @verdaccio/types
    // @ts-ignore
    allow_access: allow_action('access', logger),
    // @ts-ignore
@@ -177,8 +179,6 @@ export function getDefaultPlugins(logger: Logger): pluginUtils.Auth<Config> {
  };
 }

-export type ActionsAllowed = 'publish' | 'unpublish' | 'access';
-
 export function allow_action(action: ActionsAllowed, logger: Logger): AllowAction {
  return function allowActionCallback(
    user: RemoteUser,
@@ -187,8 +187,13 @@ export function allow_action(action: ActionsAllowed, logger: Logger): AllowActio
  ): void {
    logger.trace({ remote: user.name }, `[auth/allow_action]: user: @{remote}`);
    const { name, groups } = user;
+    debug('allow_action "%s": groups %s', action, groups);
    const groupAccess = pkg[action] as string[];
-    const hasPermission = groupAccess.some((group) => name === group || groups.includes(group));
+    debug('allow_action "%s": groupAccess %s', action, groupAccess);
+    const hasPermission = groupAccess.some((group) => {
+      return name === group || groups.includes(group);
+    });
+    debug('package "%s" has permission "%s"', name, hasPermission);
    logger.trace(
      { pkgName: pkg.name, hasPermission, remote: user.name, groupAccess },
      `[auth/allow_action]: hasPermission? @{hasPermission} for user: @{remote}, package: @{pkgName}`
@@ -218,7 +223,8 @@ export function handleSpecialUnpublish(logger: Logger): any {
  return function (user: RemoteUser, pkg: AuthPackageAllow, callback: AllowActionCallback): void {
    const action = 'unpublish';
    // verify whether the unpublish prop has been defined
-    const isUnpublishMissing: boolean = _.isNil(pkg[action]);
+    const isUnpublishMissing: boolean = !pkg[action];
+    debug('is unpublish method missing ? %s', isUnpublishMissing);
    const hasGroups: boolean = isUnpublishMissing ? false : (pkg[action] as string[]).length > 0;
    logger.trace(
      { user: user.name, name: pkg.name, hasGroups },
--- a/packages/auth/test/auth.spec.ts
+++ b/packages/auth/test/auth.spec.ts
@@ -1,47 +1,79 @@
+import express from 'express';
 import path from 'path';
+import supertest from 'supertest';

-import { Config as AppConfig, ROLES, getDefaultConfig } from '@verdaccio/config';
-import { errorUtils } from '@verdaccio/core';
-import { setup } from '@verdaccio/logger';
+import { Config as AppConfig, ROLES, createRemoteUser, getDefaultConfig } from '@verdaccio/config';
+import {
+  API_ERROR,
+  HEADERS,
+  HTTP_STATUS,
+  SUPPORT_ERRORS,
+  TOKEN_BEARER,
+  errorUtils,
+} from '@verdaccio/core';
+import { logger, setup } from '@verdaccio/logger';
+import { errorReportingMiddleware, final, handleError } from '@verdaccio/middleware';
 import { Config } from '@verdaccio/types';
+import { buildToken } from '@verdaccio/utils';

-import { Auth } from '../src';
-import { authPluginFailureConf, authPluginPassThrougConf, authProfileConf } from './helper/plugin';
+import { $RequestExtend, Auth } from '../src';
+import {
+  authChangePasswordConf,
+  authPluginFailureConf,
+  authPluginPassThrougConf,
+  authProfileConf,
+} from './helper/plugin';

-setup({ level: 'debug', type: 'stdout' });
+setup({});
+
+// to avoid flaky test generate same ramdom key
+jest.mock('@verdaccio/utils', () => {
+  return {
+    ...jest.requireActual('@verdaccio/utils'),
+    // used by enhanced legacy aes signature (minimum 32 characters)
+    generateRandomSecretKey: () => 'GCYW/3IJzQI6GvPmy9sbMkFoiL7QLVw',
+    // used by legacy aes signature
+    generateRandomHexString: () =>
+      'ff065fcf7a8330ae37d3ea116328852f387ad7aa6defbe47fb68b1ea25f97446',
+  };
+});

 describe('AuthTest', () => {
-  test('should init correctly', async () => {
-    const config: Config = new AppConfig({ ...authProfileConf });
-    config.checkSecretKey('12345');
+  describe('default', () => {
+    test('should init correctly', async () => {
+      const config: Config = new AppConfig({ ...authProfileConf });
+      config.checkSecretKey('12345');

-    const auth: Auth = new Auth(config);
-    await auth.init();
-    expect(auth).toBeDefined();
-  });
-
-  test('should load default auth plugin', async () => {
-    const config: Config = new AppConfig({ ...authProfileConf, auth: undefined });
-    config.checkSecretKey('12345');
-
-    const auth: Auth = new Auth(config);
-    await auth.init();
-    expect(auth).toBeDefined();
-  });
-
-  test('should load custom algorithm', async () => {
-    const config: Config = new AppConfig({
-      ...authProfileConf,
-      auth: { htpasswd: { algorithm: 'sha1', file: './foo' } },
+      const auth: Auth = new Auth(config);
+      await auth.init();
+      expect(auth).toBeDefined();
    });
-    config.checkSecretKey('12345');

-    const auth: Auth = new Auth(config);
-    await auth.init();
-    expect(auth).toBeDefined();
+    test('should load default auth plugin', async () => {
+      const config: Config = new AppConfig({ ...authProfileConf, auth: undefined });
+      config.checkSecretKey('12345');
+
+      const auth: Auth = new Auth(config);
+      await auth.init();
+      expect(auth).toBeDefined();
+    });
  });

-  describe('test authenticate method', () => {
+  describe('utils', () => {
+    test('should load custom algorithm', async () => {
+      const config: Config = new AppConfig({
+        ...authProfileConf,
+        auth: { htpasswd: { algorithm: 'sha1', file: './foo' } },
+      });
+      config.checkSecretKey('12345');
+
+      const auth: Auth = new Auth(config);
+      await auth.init();
+      expect(auth).toBeDefined();
+    });
+  });
+
+  describe('authenticate', () => {
    describe('test authenticate states', () => {
      test('should be a success login', async () => {
        const config: Config = new AppConfig({ ...authProfileConf });
@@ -163,30 +195,519 @@ describe('AuthTest', () => {
        }
      });
    });
+
+    describe('test multiple authenticate methods', () => {
+      test('should skip falsy values', async () => {
+        const config: Config = new AppConfig({
+          ...getDefaultConfig(),
+          plugins: path.join(__dirname, './partials/plugin'),
+          auth: {
+            success: {},
+            'fail-invalid-method': {},
+          },
+        });
+        config.checkSecretKey('12345');
+        const auth: Auth = new Auth(config);
+        await auth.init();
+
+        return new Promise((resolve) => {
+          auth.authenticate('foo', 'bar', (err, value) => {
+            expect(value).toEqual({
+              name: 'foo',
+              groups: ['test', ROLES.$ALL, '$authenticated', '@all', '@authenticated', 'all'],
+              real_groups: ['test'],
+            });
+            resolve(value);
+          });
+        });
+      });
+    });
  });

-  describe('test multiple authenticate methods', () => {
-    test('should skip falsy values', async () => {
+  describe('changePassword', () => {
+    test('should fail if the plugin does not provide implementation', async () => {
+      const config: Config = new AppConfig({ ...authProfileConf });
+      config.checkSecretKey('12345');
+      const auth: Auth = new Auth(config);
+      await auth.init();
+      expect(auth).toBeDefined();
+      const callback = jest.fn();
+
+      auth.changePassword('foo', 'bar', 'newFoo', callback);
+
+      expect(callback).toHaveBeenCalledTimes(1);
+      expect(callback).toHaveBeenCalledWith(
+        errorUtils.getInternalError(SUPPORT_ERRORS.PLUGIN_MISSING_INTERFACE)
+      );
+    });
+    test('should handle plugin does provide implementation', async () => {
+      const config: Config = new AppConfig({ ...authChangePasswordConf });
+      config.checkSecretKey('12345');
+      const auth: Auth = new Auth(config);
+      await auth.init();
+      expect(auth).toBeDefined();
+      const callback = jest.fn();
+      auth.add_user('foo', 'bar', jest.fn());
+      auth.changePassword('foo', 'bar', 'newFoo', callback);
+      expect(callback).toHaveBeenCalledTimes(1);
+      expect(callback).toHaveBeenCalledWith(null, true);
+    });
+  });
+
+  describe('allow_access', () => {
+    describe('no custom allow_access implementation provided', () => {
+      // when allow_access is not implemented, the groups must match
+      // exactly with the packages access group
+      test('should fails if groups do not match exactly', async () => {
+        const config: Config = new AppConfig({ ...authProfileConf });
+        config.checkSecretKey('12345');
+        const auth: Auth = new Auth(config);
+        await auth.init();
+        expect(auth).toBeDefined();
+
+        const callback = jest.fn();
+        const groups = ['test'];
+
+        auth.allow_access(
+          { packageName: 'foo' },
+          { name: 'foo', groups, real_groups: groups },
+          callback
+        );
+
+        expect(callback).toHaveBeenCalledTimes(1);
+        expect(callback).toHaveBeenCalledWith(
+          errorUtils.getForbidden('user foo is not allowed to access package foo')
+        );
+      });
+
+      test('should success if groups do not match exactly', async () => {
+        const config: Config = new AppConfig({ ...authProfileConf });
+        config.checkSecretKey('12345');
+        const auth: Auth = new Auth(config);
+        await auth.init();
+        expect(auth).toBeDefined();
+
+        const callback = jest.fn();
+        // $all comes from configuration file
+        const groups = [ROLES.$ALL];
+
+        auth.allow_access(
+          { packageName: 'foo' },
+          { name: 'foo', groups, real_groups: groups },
+          callback
+        );
+
+        expect(callback).toHaveBeenCalledTimes(1);
+        expect(callback).toHaveBeenCalledWith(null, true);
+      });
+    });
+  });
+
+  describe('allow_publish', () => {
+    describe('no custom allow_publish implementation provided', () => {
+      // when allow_access is not implemented, the groups must match
+      // exactly with the packages access group
+      test('should fails if groups do not match exactly', async () => {
+        const config: Config = new AppConfig({ ...authProfileConf });
+        config.checkSecretKey('12345');
+        const auth: Auth = new Auth(config);
+        await auth.init();
+        expect(auth).toBeDefined();
+
+        const callback = jest.fn();
+        const groups = ['test'];
+
+        auth.allow_publish(
+          { packageName: 'foo' },
+          { name: 'foo', groups, real_groups: groups },
+          callback
+        );
+
+        expect(callback).toHaveBeenCalledTimes(1);
+        expect(callback).toHaveBeenCalledWith(
+          errorUtils.getForbidden('user foo is not allowed to publish package foo')
+        );
+      });
+
+      test('should success if groups do match exactly', async () => {
+        const config: Config = new AppConfig({ ...authProfileConf });
+        config.checkSecretKey('12345');
+        const auth: Auth = new Auth(config);
+        await auth.init();
+        expect(auth).toBeDefined();
+
+        const callback = jest.fn();
+        // $all comes from configuration file
+        const groups = [ROLES.$AUTH];
+
+        auth.allow_publish(
+          { packageName: 'foo' },
+          { name: 'foo', groups, real_groups: groups },
+          callback
+        );
+
+        expect(callback).toHaveBeenCalledTimes(1);
+        expect(callback).toHaveBeenCalledWith(null, true);
+      });
+    });
+  });
+  describe('allow_unpublish', () => {
+    describe('no custom allow_unpublish implementation provided', () => {
+      test('should fails if groups do not match exactly', async () => {
+        const config: Config = new AppConfig({ ...authProfileConf });
+        config.checkSecretKey('12345');
+
+        const auth: Auth = new Auth(config);
+        await auth.init();
+        expect(auth).toBeDefined();
+
+        const callback = jest.fn();
+        const groups = ['test'];
+
+        auth.allow_unpublish(
+          { packageName: 'foo' },
+          { name: 'foo', groups, real_groups: groups },
+          callback
+        );
+
+        expect(callback).toHaveBeenCalledTimes(1);
+        expect(callback).toHaveBeenCalledWith(
+          errorUtils.getForbidden('user foo is not allowed to unpublish package foo')
+        );
+      });
+
+      test('should handle missing unpublish method (special case to handle legacy configurations)', async () => {
+        const config: Config = new AppConfig({
+          ...authProfileConf,
+          packages: {
+            ...authProfileConf.packages,
+            '**': {
+              access: ['$all'],
+              publish: ['$authenticated'],
+              // it forces publish handle the access
+              unpublish: undefined,
+              proxy: ['npmjs'],
+            },
+          },
+        });
+        config.checkSecretKey('12345');
+        const auth: Auth = new Auth(config);
+        await auth.init();
+        expect(auth).toBeDefined();
+
+        const callback = jest.fn();
+        const groups = ['test'];
+
+        auth.allow_unpublish(
+          { packageName: 'foo' },
+          { name: 'foo', groups, real_groups: groups },
+          callback
+        );
+
+        expect(callback).toHaveBeenCalledTimes(1);
+        expect(callback).toHaveBeenCalledWith(
+          errorUtils.getForbidden('user foo is not allowed to publish package foo')
+        );
+      });
+
+      test('should success if groups do match exactly', async () => {
+        const config: Config = new AppConfig({ ...authProfileConf });
+
+        config.checkSecretKey('12345');
+        const auth: Auth = new Auth(config);
+        await auth.init();
+        expect(auth).toBeDefined();
+
+        const callback = jest.fn();
+        // $all comes from configuration file
+        const groups = [ROLES.$AUTH];
+
+        auth.allow_unpublish(
+          { packageName: 'foo' },
+          { name: 'foo', groups, real_groups: groups },
+          callback
+        );
+
+        expect(callback).toHaveBeenCalledTimes(1);
+        expect(callback).toHaveBeenCalledWith(null, true);
+      });
+    });
+  });
+
+  describe('add_user', () => {
+    describe('error handling', () => {
+      // when allow_access is not implemented, the groups must match
+      // exactly with the packages access group
+      test('should fails with bad password if adduser is not implemented', async () => {
+        const config: Config = new AppConfig({ ...authProfileConf });
+        config.checkSecretKey('12345');
+        const auth: Auth = new Auth(config);
+        await auth.init();
+        expect(auth).toBeDefined();
+
+        const callback = jest.fn();
+
+        auth.add_user('juan', 'password', callback);
+
+        expect(callback).toHaveBeenCalledTimes(1);
+        expect(callback).toHaveBeenCalledWith(
+          errorUtils.getConflict(API_ERROR.BAD_USERNAME_PASSWORD)
+        );
+      });
+
+      test('should fails if adduser fails internally (exception)', async () => {
+        const config: Config = new AppConfig({
+          ...getDefaultConfig(),
+          plugins: path.join(__dirname, './partials/plugin'),
+          auth: {
+            adduser: {},
+          },
+        });
+        config.checkSecretKey('12345');
+        const auth: Auth = new Auth(config);
+        await auth.init();
+        expect(auth).toBeDefined();
+
+        const callback = jest.fn();
+
+        // note: fail uas username make plugin fails
+        auth.add_user('fail', 'password', callback);
+
+        expect(callback).toHaveBeenCalledTimes(1);
+        expect(callback).toHaveBeenCalledWith(new Error('bad username'));
+      });
+
+      test('should skip to the next plugin and fails', async () => {
+        const config: Config = new AppConfig({
+          ...getDefaultConfig(),
+          plugins: path.join(__dirname, './partials/plugin'),
+          auth: {
+            adduser: {},
+            // plugin implement adduser with fail auth
+            fail: {},
+          },
+        });
+        config.checkSecretKey('12345');
+        const auth: Auth = new Auth(config);
+        await auth.init();
+        expect(auth).toBeDefined();
+
+        const callback = jest.fn();
+
+        // note: fail uas username make plugin fails
+        auth.add_user('skip', 'password', callback);
+
+        expect(callback).toHaveBeenCalledTimes(1);
+        expect(callback).toHaveBeenCalledWith(
+          errorUtils.getConflict(API_ERROR.BAD_USERNAME_PASSWORD)
+        );
+      });
+    });
+    test('should success if adduser', async () => {
      const config: Config = new AppConfig({
        ...getDefaultConfig(),
        plugins: path.join(__dirname, './partials/plugin'),
        auth: {
-          success: {},
-          'fail-invalid-method': {},
+          adduser: {},
        },
      });
      config.checkSecretKey('12345');
      const auth: Auth = new Auth(config);
      await auth.init();
+      expect(auth).toBeDefined();

-      return new Promise((resolve) => {
-        auth.authenticate('foo', 'bar', (err, value) => {
-          expect(value).toEqual({
-            name: 'foo',
-            groups: ['test', '$all', '$authenticated', '@all', '@authenticated', 'all'],
-            real_groups: ['test'],
+      const callback = jest.fn();
+
+      auth.add_user('something', 'password', callback);
+
+      expect(callback).toHaveBeenCalledTimes(1);
+      expect(callback).toHaveBeenCalledWith(null, {
+        groups: ['test', '$all', '$authenticated', '@all', '@authenticated', 'all'],
+        name: 'something',
+        real_groups: ['test'],
+      });
+    });
+    test('should handle legacy add_user method', async () => {
+      const config: Config = new AppConfig({
+        ...getDefaultConfig(),
+        plugins: path.join(__dirname, './partials/plugin'),
+        auth: {
+          'adduser-legacy': {},
+        },
+      });
+      config.checkSecretKey('12345');
+      const auth: Auth = new Auth(config);
+      await auth.init();
+      expect(auth).toBeDefined();
+
+      const callback = jest.fn();
+
+      auth.add_user('something', 'password', callback);
+
+      expect(callback).toHaveBeenCalledTimes(1);
+      expect(callback).toHaveBeenCalledWith(null, {
+        groups: ['test', '$all', '$authenticated', '@all', '@authenticated', 'all'],
+        name: 'something',
+        real_groups: ['test'],
+      });
+    });
+  });
+  describe('middlewares', () => {
+    describe('apiJWTmiddleware', () => {
+      const secret = '12345';
+      const getServer = async function (auth) {
+        const app = express();
+        app.use(express.json({ strict: false, limit: '10mb' }));
+        // @ts-expect-error
+        app.use(errorReportingMiddleware(logger));
+        app.use(auth.apiJWTmiddleware());
+        app.get('/*', (req, res, next) => {
+          if ((req as $RequestExtend).remote_user.error) {
+            next(new Error((req as $RequestExtend).remote_user.error));
+          } else {
+            // @ts-expect-error
+            next({ user: req?.remote_user });
+          }
+        });
+        // @ts-expect-error
+        app.use(handleError(logger));
+        // @ts-expect-error
+        app.use(final);
+        return app;
+      };
+      describe('legacy signature', () => {
+        describe('error cases', () => {
+          test('should handle invalid auth token', async () => {
+            const config: Config = new AppConfig({ ...authProfileConf });
+            config.checkSecretKey(secret);
+            const auth = new Auth(config);
+            await auth.init();
+            const app = await getServer(auth);
+            return supertest(app)
+              .get(`/`)
+              .set(HEADERS.AUTHORIZATION, 'Bearer foo')
+              .expect(HTTP_STATUS.INTERNAL_ERROR);
+          });
+
+          test('should handle missing auth header', async () => {
+            const config: Config = new AppConfig({ ...authProfileConf });
+            config.checkSecretKey(secret);
+            const auth = new Auth(config);
+            await auth.init();
+            const app = await getServer(auth);
+            return supertest(app).get(`/`).expect(HTTP_STATUS.OK);
+          });
+        });
+
+        describe('deprecated legacy handling forceEnhancedLegacySignature=false', () => {
+          test('should handle valid auth token', async () => {
+            const payload = 'juan:password';
+            // const token = await signPayload(remoteUser, '12345');
+            const config: Config = new AppConfig(
+              { ...authProfileConf },
+              { forceEnhancedLegacySignature: false }
+            );
+            // intended to force key generator (associated with mocks above)
+            config.checkSecretKey(undefined);
+            const auth = new Auth(config);
+            await auth.init();
+            const token = auth.aesEncrypt(payload) as string;
+            const app = await getServer(auth);
+            const res = await supertest(app)
+              .get(`/`)
+              .set(HEADERS.AUTHORIZATION, buildToken(TOKEN_BEARER, token))
+              .expect(HTTP_STATUS.OK);
+            expect(res.body.user.name).toEqual('juan');
+          });
+
+          test('should handle invalid auth token', async () => {
+            const payload = 'juan:password';
+            const config: Config = new AppConfig(
+              { ...authPluginFailureConf },
+              { forceEnhancedLegacySignature: false }
+            );
+            // intended to force key generator (associated with mocks above)
+            config.checkSecretKey(undefined);
+            const auth = new Auth(config);
+            await auth.init();
+            const token = auth.aesEncrypt(payload) as string;
+            const app = await getServer(auth);
+            return await supertest(app)
+              .get(`/`)
+              .set(HEADERS.AUTHORIZATION, buildToken(TOKEN_BEARER, token))
+              .expect(HTTP_STATUS.INTERNAL_ERROR);
+          });
+        });
+      });
+      describe('jwt signature', () => {
+        describe('error cases', () => {
+          test('should handle invalid auth token and return anonymous', async () => {
+            // @ts-expect-error
+            const config: Config = new AppConfig({
+              ...authProfileConf,
+              ...{ security: { api: { jwt: { sign: { expiresIn: '29d' } } } } },
+            });
+            config.checkSecretKey(secret);
+            const auth = new Auth(config);
+            await auth.init();
+            const app = await getServer(auth);
+            const res = await supertest(app)
+              .get(`/`)
+              .set(HEADERS.AUTHORIZATION, 'Bearer foo')
+              .expect(HTTP_STATUS.OK);
+            expect(res.body.user.groups).toEqual([
+              ROLES.$ALL,
+              ROLES.$ANONYMOUS,
+              ROLES.DEPRECATED_ALL,
+              ROLES.DEPRECATED_ANONYMOUS,
+            ]);
+          });
+
+          test('should handle missing auth header', async () => {
+            // @ts-expect-error
+            const config: Config = new AppConfig({
+              ...authProfileConf,
+              ...{ security: { api: { jwt: { sign: { expiresIn: '29d' } } } } },
+            });
+            config.checkSecretKey(secret);
+            const auth = new Auth(config);
+            await auth.init();
+            const app = await getServer(auth);
+            const res = await supertest(app).get(`/`).expect(HTTP_STATUS.OK);
+            expect(res.body.user.groups).toEqual([
+              ROLES.$ALL,
+              ROLES.$ANONYMOUS,
+              ROLES.DEPRECATED_ALL,
+              ROLES.DEPRECATED_ANONYMOUS,
+            ]);
+          });
+        });
+        describe('valid signature handlers', () => {
+          test('should handle valid auth token', async () => {
+            const config: Config = new AppConfig(
+              // @ts-expect-error
+              {
+                ...authProfileConf,
+                ...{ security: { api: { jwt: { sign: { expiresIn: '29d' } } } } },
+              },
+              { forceEnhancedLegacySignature: false }
+            );
+            // intended to force key generator (associated with mocks above)
+            config.checkSecretKey(undefined);
+            const auth = new Auth(config);
+            await auth.init();
+            const token = (await auth.jwtEncrypt(
+              createRemoteUser('jwt_user', [ROLES.ALL]),
+              // @ts-expect-error
+              config.security.api.jwt.sign
+            )) as string;
+            const app = await getServer(auth);
+            const res = await supertest(app)
+              .get(`/`)
+              .set(HEADERS.AUTHORIZATION, buildToken(TOKEN_BEARER, token))
+              .expect(HTTP_STATUS.OK);
+            expect(res.body.user.name).toEqual('jwt_user');
          });
-          resolve(value);
        });
      });
    });
--- a/packages/auth/test/helper/plugin.ts
+++ b/packages/auth/test/helper/plugin.ts
@@ -10,6 +10,14 @@ export const authProfileConf = {
  },
 };

+export const authChangePasswordConf = {
+  ...getDefaultConfig(),
+  plugins: path.join(__dirname, '../partials/plugin'),
+  auth: {
+    'change-password': {},
+  },
+};
+
 export const authPluginFailureConf = {
  ...getDefaultConfig(),
  plugins: path.join(__dirname, '../partials/plugin'),
--- a/packages/auth/test/partials/plugin/verdaccio-access-ok/access.js
+++ b/packages/auth/test/partials/plugin/verdaccio-access-ok/access.js
@@ -0,0 +1,9 @@
+module.exports = function () {
+  return {
+    authenticate(user, pass, callback) {
+      // https://verdaccio.org/docs/en/dev-plugins#onsuccess
+      // this is a successful login and return a simple group
+      callback(null, ['test']);
+    },
+  };
+};
--- a/packages/auth/test/partials/plugin/verdaccio-access-ok/package.json
+++ b/packages/auth/test/partials/plugin/verdaccio-access-ok/package.json
@@ -0,0 +1,5 @@
+{
+  "name": "verdaccio-access-ok",
+  "main": "access.js",
+  "version": "1.0.0"
+}
--- a/packages/auth/test/partials/plugin/verdaccio-adduser-legacy/adduser.js
+++ b/packages/auth/test/partials/plugin/verdaccio-adduser-legacy/adduser.js
@@ -0,0 +1,25 @@
+module.exports = function () {
+  return {
+    authenticate(user, pass, callback) {
+      // https://verdaccio.org/docs/en/dev-plugins#onsuccess
+      // this is a successful login and return a simple group
+      callback(null, ['test']);
+    },
+    add_user(user, password, cb) {
+      if (user === 'fail') {
+        return cb(Error('bad username'));
+      }
+
+      if (user === 'password') {
+        return cb(Error('bad password'));
+      }
+
+      if (user === 'skip') {
+        // if wants to the next plugin
+        return cb(null, false);
+      }
+
+      cb(null, true);
+    },
+  };
+};
--- a/packages/auth/test/partials/plugin/verdaccio-adduser-legacy/package.json
+++ b/packages/auth/test/partials/plugin/verdaccio-adduser-legacy/package.json
@@ -0,0 +1,5 @@
+{
+  "name": "verdaccio-adduser-legacy",
+  "main": "adduser.js",
+  "version": "1.0.0"
+}
--- a/packages/auth/test/partials/plugin/verdaccio-adduser/adduser.js
+++ b/packages/auth/test/partials/plugin/verdaccio-adduser/adduser.js
@@ -0,0 +1,25 @@
+module.exports = function () {
+  return {
+    authenticate(user, pass, callback) {
+      // https://verdaccio.org/docs/en/dev-plugins#onsuccess
+      // this is a successful login and return a simple group
+      callback(null, ['test']);
+    },
+    adduser(user, password, cb) {
+      if (user === 'fail') {
+        return cb(Error('bad username'));
+      }
+
+      if (user === 'password') {
+        return cb(Error('bad password'));
+      }
+
+      if (user === 'skip') {
+        // if wants to the next plugin
+        return cb(null, false);
+      }
+
+      cb(null, true);
+    },
+  };
+};
--- a/packages/auth/test/partials/plugin/verdaccio-adduser/package.json
+++ b/packages/auth/test/partials/plugin/verdaccio-adduser/package.json
@@ -0,0 +1,5 @@
+{
+  "name": "verdaccio-adduser",
+  "main": "adduser.js",
+  "version": "1.0.0"
+}
--- a/packages/auth/test/partials/plugin/verdaccio-change-password/change.js
+++ b/packages/auth/test/partials/plugin/verdaccio-change-password/change.js
@@ -0,0 +1,32 @@
+module.exports = function () {
+  return {
+    users: [],
+    authenticate(user, pass, callback) {
+      // https://verdaccio.org/docs/en/dev-plugins#onsuccess
+      // this is a successful login and return a simple group
+      callback(null, ['test']);
+    },
+    changePassword(user, password, newPassword, cb) {
+      if (password === newPassword) {
+        return cb(Error('error password equal'));
+      }
+      return cb(null, true);
+    },
+    adduser(user, password, cb) {
+      if (user === 'fail') {
+        return cb(Error('bad username'));
+      }
+
+      if (user === 'password') {
+        return cb(Error('bad password'));
+      }
+
+      if (user === 'skip') {
+        // if wants to the next plugin
+        return cb(null, false);
+      }
+
+      cb(null, true);
+    },
+  };
+};
--- a/packages/auth/test/partials/plugin/verdaccio-change-password/package.json
+++ b/packages/auth/test/partials/plugin/verdaccio-change-password/package.json
@@ -0,0 +1,5 @@
+{
+  "name": "verdaccio-change-password",
+  "main": "change.js",
+  "version": "1.0.0"
+}
--- a/packages/auth/test/partials/plugin/verdaccio-fail/fail.js
+++ b/packages/auth/test/partials/plugin/verdaccio-fail/fail.js
@@ -7,5 +7,8 @@ module.exports = function () {
      and success types respectively for testing purposes */
      callback(errorUtils.getInternalError(), false);
    },
+    adduser(user, password, cb) {
+      return cb(null, false);
+    },
  };
 };
--- a/packages/cli/CHANGELOG.md
+++ b/packages/cli/CHANGELOG.md
@@ -1,5 +1,43 @@
 # @verdaccio/cli

+## 7.0.0-next-7.8
+
+### Patch Changes
+
+- @verdaccio/node-api@7.0.0-next-7.8
+- @verdaccio/core@7.0.0-next-7.8
+- @verdaccio/config@7.0.0-next-7.8
+- @verdaccio/logger@7.0.0-next-7.8
+
+## 7.0.0-next-7.7
+
+### Patch Changes
+
+- @verdaccio/core@7.0.0-next-7.7
+- @verdaccio/config@7.0.0-next-7.7
+- @verdaccio/node-api@7.0.0-next-7.7
+- @verdaccio/logger@7.0.0-next-7.7
+
+## 7.0.0-next.6
+
+### Patch Changes
+
+- Updated dependencies [4d96324]
+  - @verdaccio/config@7.0.0-next.6
+  - @verdaccio/node-api@7.0.0-next.6
+  - @verdaccio/core@7.0.0-next.6
+  - @verdaccio/logger@7.0.0-next.6
+
+## 7.0.0-next.5
+
+### Patch Changes
+
+- Updated dependencies [f047cc8]
+  - @verdaccio/core@7.0.0-next.5
+  - @verdaccio/config@7.0.0-next.5
+  - @verdaccio/node-api@7.0.0-next.5
+  - @verdaccio/logger@7.0.0-next.5
+
 ## 7.0.0-next.4

 ### Patch Changes
@@ -178,12 +216,12 @@
 - 8f43bf17d: feat: node api new structure based on promise

  ```js
-  import { runServer } from '@verdaccio/node-api';
+  import { runServer } from "@verdaccio/node-api";
  // or
-  import { runServer } from 'verdaccio';
+  import { runServer } from "verdaccio";

  const app = await runServer(); // default configuration
-  const app = await runServer('./config/config.yaml');
+  const app = await runServer("./config/config.yaml");
  const app = await runServer({ configuration });
  app.listen(4000, (event) => {
    // do something
@@ -1029,14 +1067,14 @@
 - 5c5057fc: feat: node api new structure based on promise

  ```js
-  import { runServer } from '@verdaccio/node-api';
+  import { runServer } from "@verdaccio/node-api";
  // or
-  import { runServer } from 'verdaccio';
+  import { runServer } from "verdaccio";

  const app = await runServer(); // default configuration
-  const app = await runServer('./config/config.yaml');
+  const app = await runServer("./config/config.yaml");
  const app = await runServer({ configuration });
-  app.listen(4000, event => {
+  app.listen(4000, (event) => {
    // do something
  });
  ```
--- a/packages/cli/package.json
+++ b/packages/cli/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@verdaccio/cli",
-  "version": "7.0.0-next.4",
+  "version": "7.0.0-next-7.8",
  "author": {
    "name": "Juan Picado",
    "email": "juanpicado19@gmail.com"
@@ -43,17 +43,17 @@
    "start": "ts-node src/index.ts"
  },
  "dependencies": {
-    "@verdaccio/core": "workspace:7.0.0-next.4",
-    "@verdaccio/config": "workspace:7.0.0-next.4",
-    "@verdaccio/logger": "workspace:7.0.0-next.4",
-    "@verdaccio/node-api": "workspace:7.0.0-next.4",
+    "@verdaccio/core": "workspace:7.0.0-next-7.8",
+    "@verdaccio/config": "workspace:7.0.0-next-7.8",
+    "@verdaccio/logger": "workspace:7.0.0-next-7.8",
+    "@verdaccio/node-api": "workspace:7.0.0-next-7.8",
    "clipanion": "3.2.1",
-    "envinfo": "7.8.1",
+    "envinfo": "7.11.0",
    "kleur": "4.1.5",
    "semver": "7.5.4"
  },
  "devDependencies": {
-    "ts-node": "10.9.1"
+    "ts-node": "10.9.2"
  },
  "funding": {
    "type": "opencollective",
--- a/packages/config/CHANGELOG.md
+++ b/packages/config/CHANGELOG.md
@@ -1,5 +1,39 @@
 # @verdaccio/config

+## 7.0.0-next-7.8
+
+### Patch Changes
+
+- @verdaccio/core@7.0.0-next-7.8
+- @verdaccio/utils@7.0.0-next-7.8
+
+## 7.0.0-next-7.7
+
+### Patch Changes
+
+- @verdaccio/core@7.0.0-next-7.7
+- @verdaccio/utils@7.0.0-next-7.7
+
+## 7.0.0-next.6
+
+### Patch Changes
+
+- 4d96324: chore(config): increase test coverage
+  - @verdaccio/core@7.0.0-next.6
+  - @verdaccio/utils@7.0.0-next.6
+
+## 7.0.0-next.5
+
+### Minor Changes
+
+- f047cc8: refactor: auth with legacy sign support
+
+### Patch Changes
+
+- Updated dependencies [f047cc8]
+  - @verdaccio/core@7.0.0-next.5
+  - @verdaccio/utils@7.0.0-next.5
+
 ## 7.0.0-next.4

 ### Patch Changes
@@ -225,12 +259,12 @@
 - 8f43bf17d: feat: node api new structure based on promise

  ```js
-  import { runServer } from '@verdaccio/node-api';
+  import { runServer } from "@verdaccio/node-api";
  // or
-  import { runServer } from 'verdaccio';
+  import { runServer } from "verdaccio";

  const app = await runServer(); // default configuration
-  const app = await runServer('./config/config.yaml');
+  const app = await runServer("./config/config.yaml");
  const app = await runServer({ configuration });
  app.listen(4000, (event) => {
    // do something
@@ -1000,14 +1034,14 @@
 - 5c5057fc: feat: node api new structure based on promise

  ```js
-  import { runServer } from '@verdaccio/node-api';
+  import { runServer } from "@verdaccio/node-api";
  // or
-  import { runServer } from 'verdaccio';
+  import { runServer } from "verdaccio";

  const app = await runServer(); // default configuration
-  const app = await runServer('./config/config.yaml');
+  const app = await runServer("./config/config.yaml");
  const app = await runServer({ configuration });
-  app.listen(4000, event => {
+  app.listen(4000, (event) => {
    // do something
  });
  ```
--- a/packages/config/jest.config.js
+++ b/packages/config/jest.config.js
@@ -3,8 +3,7 @@ const config = require('../../jest/config');
 module.exports = Object.assign({}, config, {
  coverageThreshold: {
    global: {
-      // FIXME: increase to 90
-      lines: 85,
+      lines: 90,
    },
  },
 });
--- a/packages/config/package.json
+++ b/packages/config/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@verdaccio/config",
-  "version": "7.0.0-next.4",
+  "version": "7.0.0-next-7.8",
  "description": "logger",
  "main": "./build/index.js",
  "types": "build/index.d.ts",
@@ -38,8 +38,8 @@
    "build": "pnpm run build:js && pnpm run build:types"
  },
  "dependencies": {
-    "@verdaccio/core": "workspace:7.0.0-next.4",
-    "@verdaccio/utils": "workspace:7.0.0-next.4",
+    "@verdaccio/core": "workspace:7.0.0-next-7.8",
+    "@verdaccio/utils": "workspace:7.0.0-next-7.8",
    "debug": "4.3.4",
    "js-yaml": "4.1.0",
    "lodash": "4.17.21",
@@ -48,7 +48,7 @@
  },
  "devDependencies": {
    "@types/minimatch": "5.1.2",
-    "@types/yup": "0.29.14"
+    "@types/yup": "0.32.0"
  },
  "funding": {
    "type": "opencollective",
--- a/packages/config/src/config.ts
+++ b/packages/config/src/config.ts
@@ -63,6 +63,10 @@ class Config implements AppConfig {
  private configOptions: { forceEnhancedLegacySignature: boolean };
  public constructor(
    config: ConfigYaml & { config_path: string },
+    // forceEnhancedLegacySignature is a property that
+    // allows switch a new legacy aes signature token signature
+    // for older versions do not want to have this new signature model
+    // this property must be false
    configOptions = { forceEnhancedLegacySignature: true }
  ) {
    const self = this;
@@ -131,6 +135,16 @@ class Config implements AppConfig {
    }
  }

+  public getEnhancedLegacySignature() {
+    if (typeof this?.security.enhancedLegacySignature !== 'undefined') {
+      if (this.security.enhancedLegacySignature === true) {
+        return true;
+      }
+      return false;
+    }
+    return this.configOptions.forceEnhancedLegacySignature;
+  }
+
  public getConfigPath() {
    return this.configPath;
  }
@@ -156,24 +170,23 @@ class Config implements AppConfig {
    }
    // generate a new a secret key
    // FUTURE: this might be an external secret key, perhaps within config file?
-    debug('generate a new key');
-    //
-    if (this.configOptions.forceEnhancedLegacySignature) {
+    debug('generating a new secret key');
+
+    if (this.getEnhancedLegacySignature()) {
+      debug('key generated with "enhanced" legacy signature user config');
      this.secret = generateRandomSecretKey();
    } else {
-      this.secret =
-        this.security.enhancedLegacySignature === true
-          ? generateRandomSecretKey()
-          : generateRandomHexString(32);
-      // set this to false allow use old token signature and is not recommended
-      // only use for migration reasons, major release will remove this property and
-      // set it by default
-      if (this.security.enhancedLegacySignature === false) {
-        warningUtils.emit(Codes.VERWAR005);
-      }
+      debug('key generated with legacy signature user config');
+      this.secret = generateRandomHexString(32);
+    }
+    // set this to false allow use old token signature and is not recommended
+    // only use for migration reasons, major release will remove this property and
+    // set it by default
+    if (this.security?.enhancedLegacySignature === false) {
+      warningUtils.emit(Codes.VERWAR005);
    }

-    debug('generated a new secret key %s', this.secret?.length);
+    debug('generated a new secret key length %s', this.secret?.length);
    return this.secret;
  }
 }
--- a/packages/config/src/package-access.ts
+++ b/packages/config/src/package-access.ts
@@ -27,7 +27,7 @@ export const PACKAGE_ACCESS = {

 export function normalizeUserList(groupsList: any): any {
  const result: any[] = [];
-  if (_.isNil(groupsList)) {
+  if (_.isNil(groupsList) || _.isEmpty(groupsList)) {
    return result;
  }

--- a/packages/config/test/agent.spec.ts
+++ b/packages/config/test/agent.spec.ts
@@ -0,0 +1,42 @@
+import { getUserAgent } from '../src';
+
+describe('getUserAgent', () => {
+  test('should return custom user agent when customUserAgent is true', () => {
+    const customUserAgent = true;
+    const version = '1.0.0';
+    const name = 'MyAgent';
+
+    const result = getUserAgent(customUserAgent, version, name);
+
+    expect(result).toBe('MyAgent/1.0.0');
+  });
+
+  test('should return custom user agent when customUserAgent is a non-empty string', () => {
+    const customUserAgent = 'CustomAgent/1.0.0';
+    const version = '1.0.0';
+    const name = 'MyAgent';
+
+    const result = getUserAgent(customUserAgent, version, name);
+
+    expect(result).toBe('CustomAgent/1.0.0');
+  });
+
+  test('should return "hidden" when customUserAgent is false', () => {
+    const customUserAgent = false;
+    const version = '1.0.0';
+    const name = 'MyAgent';
+
+    const result = getUserAgent(customUserAgent, version, name);
+
+    expect(result).toBe('hidden');
+  });
+
+  test('should return default user agent when customUserAgent is undefined', () => {
+    const version = '1.0.0';
+    const name = 'MyAgent';
+
+    const result = getUserAgent(undefined, version, name);
+
+    expect(result).toBe('MyAgent/1.0.0');
+  });
+});
--- a/packages/config/test/builder.spec.ts
+++ b/packages/config/test/builder.spec.ts
@@ -13,6 +13,7 @@ describe('Config builder', () => {
        proxy: 'some',
      })
      .addLogger({ level: 'info', type: 'stdout', format: 'json' })
+      .addAuth({ htpasswd: { file: '.htpasswd' } })
      .addStorage('/tmp/verdaccio')
      .addSecurity({ api: { legacy: true } });
    expect(config.getConfig()).toEqual({
@@ -21,6 +22,11 @@ describe('Config builder', () => {
          legacy: true,
        },
      },
+      auth: {
+        htpasswd: {
+          file: '.htpasswd',
+        },
+      },
      storage: '/tmp/verdaccio',
      packages: {
        'upstream/*': {
--- a/packages/config/test/config.spec.ts
+++ b/packages/config/test/config.spec.ts
@@ -106,6 +106,20 @@ describe('checkSecretKey', () => {
    const config = new Config(parseConfigFile(resolveConf('default')));
    expect(typeof config.checkSecretKey('') === 'string').toBeTruthy();
  });
+
+  test('with enhanced legacy signature', () => {
+    const config = new Config(parseConfigFile(resolveConf('default')));
+    config.security.enhancedLegacySignature = true;
+    expect(typeof config.checkSecretKey() === 'string').toBeTruthy();
+    expect(config.secret.length).toBe(32);
+  });
+
+  test('without enhanced legacy signature', () => {
+    const config = new Config(parseConfigFile(resolveConf('default')));
+    config.security.enhancedLegacySignature = false;
+    expect(typeof config.checkSecretKey() === 'string').toBeTruthy();
+    expect(config.secret.length).toBe(64);
+  });
 });

 describe('getMatchedPackagesSpec', () => {
@@ -159,3 +173,18 @@ describe('VERDACCIO_STORAGE_PATH', () => {
    delete process.env.VERDACCIO_STORAGE_PATH;
  });
 });
+
+describe('configPath', () => {
+  test('should set configPath in config', () => {
+    const defaultConfig = parseConfigFile(resolveConf('default'));
+    const config = new Config(defaultConfig);
+    expect(config.getConfigPath()).toBe(path.join(__dirname, '../src/conf/default.yaml'));
+  });
+
+  test('should throw an error if configPath is not provided', () => {
+    const defaultConfig = parseConfigFile(resolveConf('default'));
+    defaultConfig.configPath = '';
+    defaultConfig.config_path = '';
+    expect(() => new Config(defaultConfig)).toThrow('configPath property is required');
+  });
+});
--- a/packages/config/test/package-access.spec.ts
+++ b/packages/config/test/package-access.spec.ts
@@ -1,7 +1,7 @@
 import _ from 'lodash';

 import { parseConfigFile } from '../src';
-import { PACKAGE_ACCESS, normalisePackageAccess } from '../src/package-access';
+import { PACKAGE_ACCESS, normalisePackageAccess, normalizeUserList } from '../src/package-access';
 import { parseConfigurationFile } from './utils';

 describe('Package access utilities', () => {
@@ -123,4 +123,30 @@ describe('Package access utilities', () => {
      expect(_.isArray(all.publish)).toBeTruthy();
    });
  });
+  describe('normaliseUserList', () => {
+    test('should normalize user list', () => {
+      const groupsList = 'admin superadmin';
+      const result = normalizeUserList(groupsList);
+      expect(result).toEqual(['admin', 'superadmin']);
+    });
+
+    test('should normalize empty user list', () => {
+      const groupsList = '';
+      const result = normalizeUserList(groupsList);
+      expect(result).toEqual([]);
+    });
+
+    test('should normalize user list array', () => {
+      const groupsList = ['admin', 'superadmin'];
+      const result = normalizeUserList(groupsList);
+      expect(result).toEqual(['admin', 'superadmin']);
+    });
+
+    test('should throw error for invalid user list', () => {
+      const groupsList = { group: 'admin' };
+      expect(() => {
+        normalizeUserList(groupsList);
+      }).toThrow('CONFIG: bad package acl (array or string expected): {"group":"admin"}');
+    });
+  });
 });
--- a/packages/core/core/CHANGELOG.md
+++ b/packages/core/core/CHANGELOG.md
@@ -1,5 +1,17 @@
 # @verdaccio/core

+## 7.0.0-next-7.8
+
+## 7.0.0-next-7.7
+
+## 7.0.0-next.6
+
+## 7.0.0-next.5
+
+### Minor Changes
+
+- f047cc8: refactor: auth with legacy sign support
+
 ## 7.0.0-next.4

 ## 7.0.0-next.3
--- a/packages/core/core/package.json
+++ b/packages/core/core/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@verdaccio/core",
-  "version": "7.0.0-next.4",
+  "version": "7.0.0-next-7.8",
  "description": "core utilities",
  "keywords": [
    "private",
@@ -34,17 +34,17 @@
  },
  "dependencies": {
    "http-errors": "2.0.0",
-    "http-status-codes": "2.2.0",
+    "http-status-codes": "2.3.0",
    "semver": "7.5.4",
    "ajv": "8.12.0",
    "process-warning": "1.0.0",
-    "core-js": "3.30.2"
+    "core-js": "3.35.0"
  },
  "devDependencies": {
    "lodash": "4.17.21",
    "typedoc": "0.23.25",
    "typedoc-plugin-missing-exports": "latest",
-    "@verdaccio/types": "workspace:12.0.0-next.1"
+    "@verdaccio/types": "workspace:12.0.0-next.2"
  },
  "scripts": {
    "clean": "rimraf ./build",
--- a/packages/core/core/src/warning-utils.ts
+++ b/packages/core/core/src/warning-utils.ts
@@ -12,6 +12,7 @@ export enum Codes {
  VERWAR005 = 'VERWAR005',
  // deprecation warnings
  VERDEP003 = 'VERDEP003',
+  VERWAR006 = 'VERWAR006',
 }

 warningInstance.create(
@@ -52,6 +53,12 @@ warningInstance.create(
  'multiple addresses will be deprecated in the next major, only use one'
 );

+warningInstance.create(
+  verdaccioDeprecation,
+  Codes.VERWAR006,
+  'the auth plugin method "add_user" in the auth plugin is deprecated and will be removed in next major release, rename to "adduser"'
+);
+
 export function emit(code: string, a?: string, b?: string, c?: string) {
  warningInstance.emit(code, a, b, c);
 }
--- a/packages/core/file-locking/package.json
+++ b/packages/core/file-locking/package.json
@@ -39,7 +39,7 @@
    "lockfile": "1.0.4"
  },
  "devDependencies": {
-    "@verdaccio/types": "workspace:12.0.0-next.1"
+    "@verdaccio/types": "workspace:12.0.0-next.2"
  },
  "scripts": {
    "clean": "rimraf ./build",
--- a/packages/core/tarball/CHANGELOG.md
+++ b/packages/core/tarball/CHANGELOG.md
@@ -1,5 +1,40 @@
 # Change Log

+## 12.0.0-next-7.8
+
+### Patch Changes
+
+- @verdaccio/core@7.0.0-next-7.8
+- @verdaccio/url@12.0.0-next-7.8
+- @verdaccio/utils@7.0.0-next-7.8
+
+## 12.0.0-next-7.7
+
+### Patch Changes
+
+- @verdaccio/core@7.0.0-next-7.7
+- @verdaccio/url@12.0.0-next-7.7
+- @verdaccio/utils@7.0.0-next-7.7
+
+## 12.0.0-next.6
+
+### Patch Changes
+
+- e14b064: - Fixes polynomial regular expression when determining the file name of tarball
+  - Add tests for extracting tarball name
+  - @verdaccio/core@7.0.0-next.6
+  - @verdaccio/url@12.0.0-next.6
+  - @verdaccio/utils@7.0.0-next.6
+
+## 12.0.0-next.5
+
+### Patch Changes
+
+- Updated dependencies [f047cc8]
+  - @verdaccio/core@7.0.0-next.5
+  - @verdaccio/url@12.0.0-next.5
+  - @verdaccio/utils@7.0.0-next.5
+
 ## 12.0.0-next.4

 ### Patch Changes
--- a/packages/core/tarball/package.json
+++ b/packages/core/tarball/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@verdaccio/tarball",
-  "version": "12.0.0-next.4",
+  "version": "12.0.0-next-7.8",
  "description": "tarball utilities resolver",
  "keywords": [
    "private",
@@ -34,14 +34,14 @@
  },
  "dependencies": {
    "debug": "4.3.4",
-    "@verdaccio/core": "workspace:7.0.0-next.4",
-    "@verdaccio/url": "workspace:12.0.0-next.4",
-    "@verdaccio/utils": "workspace:7.0.0-next.4",
+    "@verdaccio/core": "workspace:7.0.0-next-7.8",
+    "@verdaccio/url": "workspace:12.0.0-next-7.8",
+    "@verdaccio/utils": "workspace:7.0.0-next-7.8",
    "lodash": "4.17.21"
  },
  "devDependencies": {
-    "@verdaccio/types": "workspace:12.0.0-next.1",
-    "node-mocks-http": "1.13.0"
+    "@verdaccio/types": "workspace:12.0.0-next.2",
+    "node-mocks-http": "1.14.1"
  },
  "scripts": {
    "clean": "rimraf ./build",
--- a/packages/core/tarball/src/index.ts
+++ b/packages/core/tarball/src/index.ts
@@ -4,6 +4,6 @@ export {
  convertDistRemoteToLocalTarballUrls,
  convertDistVersionToLocalTarballsUrl,
 } from './convertDistRemoteToLocalTarballUrls';
-export { getLocalRegistryTarballUri } from './getLocalRegistryTarballUri';
+export { extractTarballFromUrl, getLocalRegistryTarballUri } from './getLocalRegistryTarballUri';

 export { RequestOptions };
--- a/packages/core/tarball/tests/getLocalRegistryTarballUri.spec.ts
+++ b/packages/core/tarball/tests/getLocalRegistryTarballUri.spec.ts
@@ -0,0 +1,36 @@
+import { extractTarballFromUrl } from '../src';
+
+describe('extractTarballFromUrl', () => {
+  const metadata: any = {
+    name: 'npm_test',
+    versions: {
+      '1.0.0': {
+        dist: {
+          tarball: 'http://registry.org/npm_test/-/npm_test-1.0.0.tgz',
+        },
+      },
+      '1.0.1': {
+        dist: {
+          tarball: 'npm_test-1.0.1.tgz',
+        },
+      },
+      '1.0.2': {
+        dist: {
+          tarball: 'https://localhost/npm_test-1.0.2.tgz',
+        },
+      },
+    },
+  };
+
+  test('should return only name of tarball', () => {
+    expect(extractTarballFromUrl(metadata.versions['1.0.0'].dist.tarball)).toEqual(
+      'npm_test-1.0.0.tgz'
+    );
+    expect(extractTarballFromUrl(metadata.versions['1.0.1'].dist.tarball)).toEqual(
+      'npm_test-1.0.1.tgz'
+    );
+    expect(extractTarballFromUrl(metadata.versions['1.0.2'].dist.tarball)).toEqual(
+      'npm_test-1.0.2.tgz'
+    );
+  });
+});
--- a/packages/core/types/CHANGELOG.md
+++ b/packages/core/types/CHANGELOG.md
@@ -1,5 +1,11 @@
 # Change Log

+## 12.0.0-next.2
+
+### Minor Changes
+
+- f047cc8: refactor: auth with legacy sign support
+
 ## 12.0.0-next.1

 ### Major Changes
@@ -211,12 +217,12 @@
 - 8f43bf17d: feat: node api new structure based on promise

  ```js
-  import { runServer } from '@verdaccio/node-api';
+  import { runServer } from "@verdaccio/node-api";
  // or
-  import { runServer } from 'verdaccio';
+  import { runServer } from "verdaccio";

  const app = await runServer(); // default configuration
-  const app = await runServer('./config/config.yaml');
+  const app = await runServer("./config/config.yaml");
  const app = await runServer({ configuration });
  app.listen(4000, (event) => {
    // do something
@@ -808,14 +814,14 @@
 - 5c5057fc: feat: node api new structure based on promise

  ```js
-  import { runServer } from '@verdaccio/node-api';
+  import { runServer } from "@verdaccio/node-api";
  // or
-  import { runServer } from 'verdaccio';
+  import { runServer } from "verdaccio";

  const app = await runServer(); // default configuration
-  const app = await runServer('./config/config.yaml');
+  const app = await runServer("./config/config.yaml");
  const app = await runServer({ configuration });
-  app.listen(4000, event => {
+  app.listen(4000, (event) => {
    // do something
  });
  ```
--- a/packages/core/types/package.json
+++ b/packages/core/types/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@verdaccio/types",
-  "version": "12.0.0-next.1",
+  "version": "12.0.0-next.2",
  "description": "verdaccio types definitions",
  "keywords": [
    "private",
--- a/packages/core/types/src/configuration.ts
+++ b/packages/core/types/src/configuration.ts
@@ -296,7 +296,7 @@ export interface Config extends Omit<ConfigYaml, 'packages' | 'security' | 'conf
  // security object defaults is added by the config file but optional in the yaml file
  security: Security;
  // @deprecated (pending adding the replacement)
-  checkSecretKey(token: string): string;
+  checkSecretKey(token: string | void): string;
  getMatchedPackagesSpec(storage: string): PackageAccess | void;
  // TODO: verify how to handle this in the future
  [key: string]: any;
--- a/packages/core/url/CHANGELOG.md
+++ b/packages/core/url/CHANGELOG.md
@@ -1,5 +1,34 @@
 # Change Log

+## 12.0.0-next-7.8
+
+### Patch Changes
+
+- @verdaccio/core@7.0.0-next-7.8
+
+## 12.0.0-next-7.7
+
+### Patch Changes
+
+- @verdaccio/core@7.0.0-next-7.7
+
+## 12.0.0-next.6
+
+### Patch Changes
+
+- @verdaccio/core@7.0.0-next.6
+
+## 12.0.0-next.5
+
+### Minor Changes
+
+- f047cc8: refactor: auth with legacy sign support
+
+### Patch Changes
+
+- Updated dependencies [f047cc8]
+  - @verdaccio/core@7.0.0-next.5
+
 ## 12.0.0-next.4

 ### Patch Changes
--- a/packages/core/url/package.json
+++ b/packages/core/url/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@verdaccio/url",
-  "version": "12.0.0-next.4",
+  "version": "12.0.0-next-7.8",
  "description": "url utilities resolver",
  "keywords": [
    "private",
@@ -33,14 +33,14 @@
    "access": "public"
  },
  "dependencies": {
-    "@verdaccio/core": "workspace:7.0.0-next.4",
+    "@verdaccio/core": "workspace:7.0.0-next-7.8",
    "debug": "4.3.4",
    "lodash": "4.17.21",
-    "validator": "13.9.0"
+    "validator": "13.11.0"
  },
  "devDependencies": {
-    "@verdaccio/types": "workspace:12.0.0-next.1",
-    "node-mocks-http": "1.13.0"
+    "@verdaccio/types": "workspace:12.0.0-next.2",
+    "node-mocks-http": "1.14.1"
  },
  "scripts": {
    "clean": "rimraf ./build",
--- a/packages/core/url/src/index.ts
+++ b/packages/core/url/src/index.ts
@@ -1,6 +1,6 @@
 import buildDebug from 'debug';
 import { URL } from 'url';
-import isURLValidator from 'validator/lib/isURL';
+import validator from 'validator';

 import { HEADERS } from '@verdaccio/core';

@@ -17,7 +17,7 @@ export function isURLhasValidProtocol(uri: string): boolean {
 }

 export function isHost(url: string = '', options = {}): boolean {
-  return isURLValidator(url, {
+  return validator.isURL(url, {
    require_host: true,
    allow_trailing_dot: false,
    require_valid_protocol: false,
@@ -130,3 +130,5 @@ export function getPublicUrl(url_prefix: string = '', requestOptions: RequestOpt
    return '/';
  }
 }
+
+export const isURL = validator.isURL;
--- a/packages/hooks/CHANGELOG.md
+++ b/packages/hooks/CHANGELOG.md
@@ -1,5 +1,34 @@
 # @verdaccio/hooks

+## 7.0.0-next-7.8
+
+### Patch Changes
+
+- @verdaccio/core@7.0.0-next-7.8
+- @verdaccio/logger@7.0.0-next-7.8
+
+## 7.0.0-next-7.7
+
+### Patch Changes
+
+- @verdaccio/core@7.0.0-next-7.7
+- @verdaccio/logger@7.0.0-next-7.7
+
+## 7.0.0-next.6
+
+### Patch Changes
+
+- @verdaccio/core@7.0.0-next.6
+- @verdaccio/logger@7.0.0-next.6
+
+## 7.0.0-next.5
+
+### Patch Changes
+
+- Updated dependencies [f047cc8]
+  - @verdaccio/core@7.0.0-next.5
+  - @verdaccio/logger@7.0.0-next.5
+
 ## 7.0.0-next.4

 ### Patch Changes
--- a/packages/hooks/package.json
+++ b/packages/hooks/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@verdaccio/hooks",
-  "version": "7.0.0-next.4",
+  "version": "7.0.0-next-7.8",
  "description": "loaders logic",
  "main": "./build/index.js",
  "types": "build/index.d.ts",
@@ -29,18 +29,18 @@
    "node": ">=18"
  },
  "dependencies": {
-    "@verdaccio/core": "workspace:7.0.0-next.4",
-    "@verdaccio/logger": "workspace:7.0.0-next.4",
-    "core-js": "3.30.2",
+    "@verdaccio/core": "workspace:7.0.0-next-7.8",
+    "@verdaccio/logger": "workspace:7.0.0-next-7.8",
+    "core-js": "3.35.0",
    "debug": "4.3.4",
    "got-cjs": "12.5.4",
-    "handlebars": "4.7.7"
+    "handlebars": "4.7.8"
  },
  "devDependencies": {
-    "@verdaccio/auth": "workspace:7.0.0-next.4",
-    "@verdaccio/config": "workspace:7.0.0-next.4",
-    "@verdaccio/types": "workspace:12.0.0-next.1",
-    "nock": "13.3.3"
+    "@verdaccio/auth": "workspace:7.0.0-next-7.8",
+    "@verdaccio/config": "workspace:7.0.0-next-7.8",
+    "@verdaccio/types": "workspace:12.0.0-next.2",
+    "nock": "13.5.1"
  },
  "scripts": {
    "clean": "rimraf ./build",
--- a/packages/loaders/CHANGELOG.md
+++ b/packages/loaders/CHANGELOG.md
@@ -1,5 +1,29 @@
 # @verdaccio/loaders

+## 7.0.0-next-7.8
+
+### Patch Changes
+
+- @verdaccio/logger@7.0.0-next-7.8
+
+## 7.0.0-next-7.7
+
+### Patch Changes
+
+- @verdaccio/logger@7.0.0-next-7.7
+
+## 7.0.0-next.6
+
+### Patch Changes
+
+- @verdaccio/logger@7.0.0-next.6
+
+## 7.0.0-next.5
+
+### Patch Changes
+
+- @verdaccio/logger@7.0.0-next.5
+
 ## 7.0.0-next.4

 ### Patch Changes
--- a/packages/loaders/package.json
+++ b/packages/loaders/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@verdaccio/loaders",
-  "version": "7.0.0-next.4",
+  "version": "7.0.0-next-7.8",
  "description": "loaders logic",
  "main": "./build/index.js",
  "types": "build/index.d.ts",
@@ -13,14 +13,14 @@
    "url": "https://github.com/verdaccio/verdaccio"
  },
  "dependencies": {
-    "@verdaccio/logger": "workspace:7.0.0-next.4",
+    "@verdaccio/logger": "workspace:7.0.0-next-7.8",
    "debug": "4.3.4",
    "lodash": "4.17.21"
  },
  "devDependencies": {
-    "@verdaccio/core": "workspace:7.0.0-next.4",
-    "@verdaccio/config": "workspace:7.0.0-next.4",
-    "@verdaccio/types": "workspace:12.0.0-next.1",
+    "@verdaccio/core": "workspace:7.0.0-next-7.8",
+    "@verdaccio/config": "workspace:7.0.0-next-7.8",
+    "@verdaccio/types": "workspace:12.0.0-next.2",
    "@verdaccio-scope/verdaccio-auth-foo": "0.0.2",
    "verdaccio-auth-memory": "workspace:*",
    "customprefix-auth": "2.0.0-next.0"
--- a/packages/logger/logger-7/CHANGELOG.md
+++ b/packages/logger/logger-7/CHANGELOG.md
@@ -1,5 +1,29 @@
 # @verdaccio/logger-7

+## 7.0.0-next-7.8
+
+### Patch Changes
+
+- @verdaccio/logger-commons@7.0.0-next-7.8
+
+## 7.0.0-next-7.7
+
+### Patch Changes
+
+- @verdaccio/logger-commons@7.0.0-next-7.7
+
+## 7.0.0-next.6
+
+### Patch Changes
+
+- @verdaccio/logger-commons@7.0.0-next.6
+
+## 7.0.0-next.5
+
+### Patch Changes
+
+- @verdaccio/logger-commons@7.0.0-next.5
+
 ## 7.0.0-next.4

 ### Patch Changes
--- a/packages/logger/logger-7/package.json
+++ b/packages/logger/logger-7/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@verdaccio/logger-7",
-  "version": "7.0.0-next.4",
+  "version": "7.0.0-next-7.8",
  "description": "logger for verdaccio 5.x version",
  "main": "./build/index.js",
  "types": "./build/index.d.ts",
@@ -38,11 +38,11 @@
    "build": "pnpm run build:js && pnpm run build:types"
  },
  "dependencies": {
-    "@verdaccio/logger-commons": "workspace:7.0.0-next.4",
+    "@verdaccio/logger-commons": "workspace:7.0.0-next-7.8",
    "pino": "7.11.0"
  },
  "devDependencies": {
-    "@verdaccio/types": "workspace:12.0.0-next.1"
+    "@verdaccio/types": "workspace:12.0.0-next.2"
  },
  "funding": {
    "type": "opencollective",
--- a/packages/logger/logger-commons/CHANGELOG.md
+++ b/packages/logger/logger-commons/CHANGELOG.md
@@ -1,5 +1,30 @@
 # @verdaccio/logger-commons

+## 7.0.0-next-7.8
+
+### Patch Changes
+
+- @verdaccio/core@7.0.0-next-7.8
+
+## 7.0.0-next-7.7
+
+### Patch Changes
+
+- @verdaccio/core@7.0.0-next-7.7
+
+## 7.0.0-next.6
+
+### Patch Changes
+
+- @verdaccio/core@7.0.0-next.6
+
+## 7.0.0-next.5
+
+### Patch Changes
+
+- Updated dependencies [f047cc8]
+  - @verdaccio/core@7.0.0-next.5
+
 ## 7.0.0-next.4

 ### Patch Changes
--- a/packages/logger/logger-commons/package.json
+++ b/packages/logger/logger-commons/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@verdaccio/logger-commons",
-  "version": "7.0.0-next.4",
+  "version": "7.0.0-next-7.8",
  "description": "logger",
  "main": "./build/index.js",
  "types": "./build/index.d.ts",
@@ -38,14 +38,14 @@
    "build": "pnpm run build:js && pnpm run build:types"
  },
  "dependencies": {
-    "@verdaccio/core": "workspace:7.0.0-next.4",
+    "@verdaccio/core": "workspace:7.0.0-next-7.8",
    "@verdaccio/logger-prettify": "workspace:7.0.0-next.1",
    "debug": "4.3.4",
    "colorette": "2.0.20"
  },
  "devDependencies": {
    "pino": "7.11.0",
-    "@verdaccio/types": "workspace:12.0.0-next.1"
+    "@verdaccio/types": "workspace:12.0.0-next.2"
  },
  "funding": {
    "type": "opencollective",
--- a/packages/logger/logger-prettify/package.json
+++ b/packages/logger/logger-prettify/package.json
@@ -38,14 +38,14 @@
    "build": "pnpm run build:js && pnpm run build:types"
  },
  "dependencies": {
-    "dayjs": "1.11.7",
-    "pino-abstract-transport": "1.0.0",
+    "dayjs": "1.11.10",
+    "pino-abstract-transport": "1.1.0",
    "colorette": "2.0.20",
    "lodash": "4.17.21",
-    "sonic-boom": "3.3.0"
+    "sonic-boom": "3.8.0"
  },
  "devDependencies": {
-    "pino": "8.12.1"
+    "pino": "8.17.2"
  },
  "funding": {
    "type": "opencollective",
--- a/packages/logger/logger/CHANGELOG.md
+++ b/packages/logger/logger/CHANGELOG.md
@@ -1,5 +1,29 @@
 # @verdaccio/logger

+## 7.0.0-next-7.8
+
+### Patch Changes
+
+- @verdaccio/logger-commons@7.0.0-next-7.8
+
+## 7.0.0-next-7.7
+
+### Patch Changes
+
+- @verdaccio/logger-commons@7.0.0-next-7.7
+
+## 7.0.0-next.6
+
+### Patch Changes
+
+- @verdaccio/logger-commons@7.0.0-next.6
+
+## 7.0.0-next.5
+
+### Patch Changes
+
+- @verdaccio/logger-commons@7.0.0-next.5
+
 ## 7.0.0-next.4

 ### Patch Changes
@@ -135,12 +159,12 @@
 - 8f43bf17d: feat: node api new structure based on promise

  ```js
-  import { runServer } from '@verdaccio/node-api';
+  import { runServer } from "@verdaccio/node-api";
  // or
-  import { runServer } from 'verdaccio';
+  import { runServer } from "verdaccio";

  const app = await runServer(); // default configuration
-  const app = await runServer('./config/config.yaml');
+  const app = await runServer("./config/config.yaml");
  const app = await runServer({ configuration });
  app.listen(4000, (event) => {
    // do something
@@ -552,14 +576,14 @@
 - 5c5057fc: feat: node api new structure based on promise

  ```js
-  import { runServer } from '@verdaccio/node-api';
+  import { runServer } from "@verdaccio/node-api";
  // or
-  import { runServer } from 'verdaccio';
+  import { runServer } from "verdaccio";

  const app = await runServer(); // default configuration
-  const app = await runServer('./config/config.yaml');
+  const app = await runServer("./config/config.yaml");
  const app = await runServer({ configuration });
-  app.listen(4000, event => {
+  app.listen(4000, (event) => {
    // do something
  });
  ```
--- a/packages/logger/logger/package.json
+++ b/packages/logger/logger/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@verdaccio/logger",
-  "version": "7.0.0-next.4",
+  "version": "7.0.0-next-7.8",
  "description": "logger",
  "main": "./build/index.js",
  "types": "./build/index.d.ts",
@@ -38,11 +38,11 @@
    "build": "pnpm run build:js && pnpm run build:types"
  },
  "dependencies": {
-    "@verdaccio/logger-commons": "workspace:7.0.0-next.4",
-    "pino": "8.14.1"
+    "@verdaccio/logger-commons": "workspace:7.0.0-next-7.8",
+    "pino": "8.17.2"
  },
  "devDependencies": {
-    "@verdaccio/types": "workspace:12.0.0-next.1"
+    "@verdaccio/types": "workspace:12.0.0-next.2"
  },
  "funding": {
    "type": "opencollective",
--- a/Show More
+++ b/Show More