chore: update versions (6-next) (#2456)

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

.babelrc

@@ -1,3 +1,26 @@
 {
-  "presets": [["@verdaccio", {"typescript": true}]]
+  "presets": [ [
+    "@babel/env",
+    {
+      "useBuiltIns": "usage",
+      "corejs": {
+        "version": 3, "proposals": true
+      },
+      "targets": {
+        "node": 14
+      }
+    }
+  ],
+    "@babel/typescript"
+  ],
+  "plugins": [
+    "babel-plugin-dynamic-import-node",
+    "@babel/proposal-class-properties",
+    "@babel/proposal-object-rest-spread",
+    "@babel/plugin-proposal-optional-chaining",
+    "@babel/plugin-proposal-nullish-coalescing-operator"
+    ],
+  "ignore": [
+    "**/*.d.ts"
+  ]
 }

.changeset/README.md

@@ -0,0 +1,8 @@
+# Changesets
+
+Hello and welcome! This folder has been automatically generated by `@changesets/cli`, a build tool that works
+with multi-package repos, or single-package repos to help you version and publish your code. You can
+find the full documentation for it [in our repository](https://github.com/changesets/changesets)
+
+We have a quick list of common questions to get you started engaging with this project in
+[our documentation](https://github.com/changesets/changesets/blob/master/docs/common-questions.md)

.changeset/afraid-mice-obey.md

@@ -0,0 +1,15 @@
+---
+'@verdaccio/types': minor
+'@verdaccio/ui-theme': minor
+'@verdaccio/web': minor
+---
+
+allow disable login on ui and endpoints
+
+To be able disable the login, set `login: false`, anything else would enable login. This flag will disable access via UI and web endpoints.
+
+```yml
+web:
+  title: verdaccio
+  login: false
+```

.changeset/big-lobsters-sin.md

@@ -0,0 +1,23 @@
+---
+'@verdaccio/local-storage': major
+'@verdaccio/url': major
+'verdaccio-aws-s3-storage': major
+'verdaccio-google-cloud': major
+'verdaccio-memory': major
+'@verdaccio/store': major
+---
+
+# async storage plugin bootstrap
+
+Gives a storage plugin the ability to perform asynchronous tasks on initialization
+
+## Breaking change
+
+Plugin must have an init method in which asynchronous tasks can be executed
+
+```js
+public async init(): Promise<void> {
+   this.data = await this._fetchLocalPackages();
+   this._sync();
+}
+```

.changeset/calm-pants-impress.md

@@ -0,0 +1,5 @@
+---
+'verdaccio-aws-s3-storage': patch
+---
+
+Fix the prefix used to delete from s3 when unpublishing packages

.changeset/config.json

@@ -0,0 +1,10 @@
+{
+  "$schema": "https://unpkg.com/@changesets/config@1.3.0/schema.json",
+  "changelog": "@changesets/cli/changelog",
+  "commit": false,
+  "linked": [],
+  "access": "public",
+  "baseBranch": "master",
+  "updateInternalDependencies": "patch",
+  "ignore": []
+}

.changeset/dry-planes-tap.md

@@ -0,0 +1,59 @@
+---
+'@verdaccio/api': major
+'@verdaccio/auth': major
+'@verdaccio/cli': major
+'@verdaccio/config': major
+'@verdaccio/commons-api': major
+'@verdaccio/core': major
+'@verdaccio/local-storage': major
+'@verdaccio/fastify-migration': major
+'@verdaccio/streams': major
+'@verdaccio/types': major
+'@verdaccio/hooks': major
+'verdaccio-audit': major
+'verdaccio-aws-s3-storage': major
+'verdaccio-google-cloud': major
+'verdaccio-memory': major
+'@verdaccio/ui-theme': major
+'@verdaccio/proxy': major
+'@verdaccio/server': major
+'@verdaccio/store': major
+'@verdaccio/eslint-config': major
+'@verdaccio/dev-types': major
+'@verdaccio/utils': major
+'verdaccio': major
+'@verdaccio/web': major
+---
+
+refactor: search v1 endpoint and local-database
+
+- refactor search `api v1` endpoint, improve performance
+- remove usage of `async` dependency https://github.com/verdaccio/verdaccio/issues/1225
+- refactor method storage class
+- create new module `core` to reduce the ammount of modules with utilities
+- use `undici` instead `node-fetch`
+- use `fastify` instead `express` for functional test
+
+### Breaking changes
+
+- plugin storage API changes
+- remove old search endpoint (return 404)
+- filter local private packages at plugin level
+
+The storage api changes for methods `get`, `add`, `remove` as promise base. The `search` methods also changes and recieves a `query` object that contains all query params from the client.
+
+```ts
+export interface IPluginStorage<T> extends IPlugin {
+  add(name: string): Promise<void>;
+  remove(name: string): Promise<void>;
+  get(): Promise<any>;
+  init(): Promise<void>;
+  getSecret(): Promise<string>;
+  setSecret(secret: string): Promise<any>;
+  getPackageStorage(packageInfo: string): IPackageStorage;
+  search(query: searchUtils.SearchQuery): Promise<searchUtils.SearchItem[]>;
+  saveToken(token: Token): Promise<any>;
+  deleteToken(user: string, tokenKey: string): Promise<any>;
+  readTokens(filter: TokenFilter): Promise<Token[]>;
+}
+```

.changeset/eleven-spoons-matter.md

@@ -0,0 +1,39 @@
+---
+'@verdaccio/api': major
+'@verdaccio/auth': major
+'@verdaccio/cli': major
+'@verdaccio/config': major
+'@verdaccio/core': major
+'@verdaccio/file-locking': major
+'verdaccio-htpasswd': major
+'@verdaccio/readme': major
+'@verdaccio/fastify-migration': major
+'@verdaccio/streams': major
+'@verdaccio/tarball': major
+'@verdaccio/types': major
+'@verdaccio/url': major
+'@verdaccio/hooks': major
+'@verdaccio/loaders': major
+'@verdaccio/logger': major
+'@verdaccio/middleware': major
+'@verdaccio/mock': major
+'@verdaccio/node-api': major
+'@verdaccio/active-directory': major
+'verdaccio-audit': major
+'verdaccio-auth-memory': major
+'verdaccio-aws-s3-storage': major
+'verdaccio-google-cloud': major
+'verdaccio-memory': major
+'@verdaccio/ui-theme': major
+'@verdaccio/server': major
+'@verdaccio/cli-standalone': major
+'@verdaccio/store': major
+'@verdaccio/dev-types': major
+'@verdaccio/utils': major
+'verdaccio': major
+'@verdaccio/web': major
+---
+
+Remove Node 12 support
+
+- We need move to the new `undici` and does not support Node.js 12

.changeset/few-cooks-destroy.md

@@ -0,0 +1,46 @@
+---
+'@verdaccio/api': major
+'@verdaccio/auth': major
+'@verdaccio/cli': major
+'@verdaccio/config': major
+'@verdaccio/commons-api': major
+'@verdaccio/file-locking': major
+'verdaccio-htpasswd': major
+'@verdaccio/local-storage': major
+'@verdaccio/readme': major
+'@verdaccio/streams': major
+'@verdaccio/types': major
+'@verdaccio/hooks': major
+'@verdaccio/loaders': major
+'@verdaccio/logger': major
+'@verdaccio/logger-prettify': major
+'@verdaccio/middleware': major
+'@verdaccio/mock': major
+'@verdaccio/node-api': major
+'@verdaccio/active-directory': major
+'verdaccio-audit': major
+'verdaccio-auth-memory': major
+'verdaccio-aws-s3-storage': major
+'verdaccio-google-cloud': major
+'verdaccio-memory': major
+'@verdaccio/proxy': major
+'@verdaccio/server': major
+'@verdaccio/store': major
+'@verdaccio/dev-types': major
+'@verdaccio/utils': major
+'verdaccio': major
+'@verdaccio/web': major
+'@verdaccio/website': major
+---
+
+feat!: experiments config renamed to flags
+
+- The `experiments` configuration is renamed to `flags`. The functionality is exactly the same.
+
+```js
+flags: token: false;
+search: false;
+```
+
+- The `self_path` property from the config file is being removed in favor of `config_file` full path.
+- Refactor `config` module, better types and utilities

.changeset/few-mangos-grow.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/ui-theme': minor
+---
+
+upgrade to react@17 and other dependencies

.changeset/fifty-jars-rest.md

@@ -0,0 +1,6 @@
+---
+'@verdaccio/middleware': patch
+'@verdaccio/web': patch
+---
+
+Remove @ts-ignore and any in packages/web/src/endpoint/package.ts

.changeset/fuzzy-onions-draw.md

@@ -0,0 +1,10 @@
+---
+'@verdaccio/api': minor
+'@verdaccio/fastify-migration': minor
+'@verdaccio/hooks': minor
+'@verdaccio/logger-prettify': minor
+'@verdaccio/proxy': minor
+'@verdaccio/store': minor
+---
+
+abort search request support for proxy

.changeset/gentle-parrots-lay.md

@@ -0,0 +1,11 @@
+---
+'@verdaccio/config': minor
+'@verdaccio/local-storage': minor
+'@verdaccio/e2e-ui': minor
+---
+
+Some verdaccio modules depend on 'mkdirp' library which provides recursive directory creation functionality.
+NodeJS can do this out of the box since v.10.12. The last commit in 'mkdirp' was made in early 2016, and it's mid 2021 now.
+Time to stick with a built-in library solution!
+
+- All 'mkdirp' calls are replaced with appropriate 'fs' calls.

.changeset/gentle-trains-switch.md

@@ -0,0 +1,44 @@
+---
+'@verdaccio/api': major
+'@verdaccio/auth': major
+'@verdaccio/cli': major
+'@verdaccio/config': major
+'@verdaccio/commons-api': major
+'@verdaccio/file-locking': major
+'verdaccio-htpasswd': major
+'@verdaccio/local-storage': major
+'@verdaccio/readme': major
+'@verdaccio/streams': major
+'@verdaccio/types': major
+'@verdaccio/hooks': major
+'@verdaccio/loaders': major
+'@verdaccio/logger': major
+'@verdaccio/logger-prettify': major
+'@verdaccio/middleware': major
+'@verdaccio/mock': major
+'@verdaccio/node-api': major
+'@verdaccio/proxy': major
+'@verdaccio/server': major
+'@verdaccio/store': major
+'@verdaccio/dev-types': major
+'@verdaccio/utils': major
+'verdaccio': major
+'@verdaccio/web': major
+---
+
+- Replace signature handler for legacy tokens by removing deprecated crypto.createDecipher by createCipheriv
+- Introduce environment variables for legacy tokens
+
+### Code Improvements
+
+- Add debug library for improve developer experience
+
+### Breaking change
+
+- The new signature invalidates all previous tokens generated by Verdaccio 4 or previous versions.
+- The secret key must have 32 characters long.
+
+### New environment variables
+
+- `VERDACCIO_LEGACY_ALGORITHM`: Allows to define the specific algorithm for the token signature which by default is `aes-256-ctr`
+- `VERDACCIO_LEGACY_ENCRYPTION_KEY`: By default, the token stores in the database, but using this variable allows to get it from memory

.changeset/gold-vans-tease.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/utils': patch
+---
+
+Fixed the validation of the name when searching for a tarball that have scoped package name

.changeset/healthy-bikes-behave.md

@@ -0,0 +1,21 @@
+---
+'@verdaccio/cli': patch
+'@verdaccio/types': patch
+'@verdaccio/node-api': patch
+'@verdaccio/server': patch
+---
+
+fix: restore logger on init
+
+Enable logger after parse configuration and log the very first step on startup phase.
+
+```bash
+ warn --- experiments are enabled, it is recommended do not use experiments in production comment out this section to disable it
+ info --- support for experiment [token]  is disabled
+ info --- support for experiment [search]  is disabled
+(node:50831) Warning: config.logs is deprecated, rename configuration to "config.log"
+(Use `node --trace-warnings ...` to show where the warning was created)
+ info --- http address http://localhost:4873/
+ info --- version: 6.0.0-6-next.11
+ info --- server started
+```

.changeset/healthy-poets-compare.md

@@ -0,0 +1,11 @@
+---
+'@verdaccio/config': patch
+---
+
+Feature
+
+- add option to set storage from environment variable VERDACCIO_STORAGE_PATH
+
+#### Related tickets
+
+https://github.com/verdaccio/verdaccio/issues/1681

.changeset/heavy-ravens-lay.md

@@ -0,0 +1,6 @@
+---
+'@verdaccio/cli': minor
+'@verdaccio/fastify-migration': minor
+---
+
+[Fastify] Add ping endpoint

.changeset/hip-hounds-destroy.md

@@ -0,0 +1,39 @@
+---
+'@verdaccio/local-storage': patch
+'@verdaccio/ui-theme': patch
+'@verdaccio/server': patch
+'@verdaccio/api': patch
+'@verdaccio/auth': patch
+'@verdaccio/cli': patch
+'@verdaccio/config': patch
+'@verdaccio/commons-api': patch
+'@verdaccio/file-locking': patch
+'verdaccio-htpasswd': patch
+'@verdaccio/readme': patch
+'@verdaccio/streams': patch
+'@verdaccio/types': patch
+'@verdaccio/hooks': patch
+'@verdaccio/loaders': patch
+'@verdaccio/logger': patch
+'@verdaccio/logger-prettify': patch
+'@verdaccio/middleware': patch
+'@verdaccio/mock': patch
+'@verdaccio/node-api': patch
+'@verdaccio/active-directory': patch
+'verdaccio-audit': patch
+'verdaccio-auth-memory': patch
+'verdaccio-aws-s3-storage': patch
+'verdaccio-google-cloud': patch
+'verdaccio-memory': patch
+'@verdaccio/proxy': patch
+'@verdaccio/store': patch
+'@verdaccio/dev-types': patch
+'@verdaccio/utils': patch
+'verdaccio': patch
+'@verdaccio/web': patch
+'@verdaccio/e2e-cli': patch
+'@verdaccio/e2e-ui': patch
+'@verdaccio/website': patch
+---
+
+chore: add release step to private regisry on merge changeset pr

.changeset/late-adults-love.md

@@ -0,0 +1,20 @@
+---
+'@verdaccio/api': minor
+'verdaccio-htpasswd': minor
+'@verdaccio/local-storage': minor
+---
+
+feat: remove level dependency by lowdb for npm token cli as storage
+
+### new npm token database
+
+There will be a new database located in your storage named `.token-db.json` which
+will store all references to created tokens, **it does not store tokens**, just
+mask of them and related metadata required to reference them.
+
+#### Breaking change
+
+If you were relying on `npm token` experiment. This PR will replace the
+used database (level) by a json plain based one (lowbd) which does not
+require Node.js C++ compilation step and has less dependencies. Since was
+a experiment there is no migration step.

.changeset/late-parents-act.md

@@ -0,0 +1,6 @@
+---
+'@verdaccio/hooks': patch
+'@verdaccio/proxy': patch
+---
+
+refactor: migrate request to node-fetch at hooks package

.changeset/little-stingrays-rule.md

@@ -0,0 +1,5 @@
+---
+'verdaccio-audit': patch
+---
+
+fix: several issues which caused the audit to fail (#2335)

.changeset/many-vans-care.md

@@ -0,0 +1,16 @@
+---
+'@verdaccio/tarball': patch
+'@verdaccio/mock': patch
+'@verdaccio/ui-theme': patch
+'@verdaccio/server': patch
+'@verdaccio/utils': patch
+'verdaccio': patch
+---
+
+Bug Fixes
+
+- fix escaped slash in namespaced packages
+
+#### Related tickets
+
+https://github.com/verdaccio/verdaccio/pull/2193

.changeset/modern-spies-tell.md

@@ -0,0 +1,6 @@
+---
+'@verdaccio/ui-theme': minor
+'verdaccio': minor
+---
+
+feat: ui theme plugin part of the application

.changeset/neat-toes-report.md

@@ -0,0 +1,51 @@
+---
+'@verdaccio/api': minor
+'@verdaccio/auth': minor
+'@verdaccio/cli': minor
+'@verdaccio/config': minor
+'@verdaccio/commons-api': minor
+'@verdaccio/file-locking': minor
+'verdaccio-htpasswd': minor
+'@verdaccio/local-storage': minor
+'@verdaccio/readme': minor
+'@verdaccio/streams': minor
+'@verdaccio/types': minor
+'@verdaccio/hooks': minor
+'@verdaccio/loaders': minor
+'@verdaccio/logger': minor
+'@verdaccio/logger-prettify': minor
+'@verdaccio/middleware': minor
+'@verdaccio/mock': minor
+'@verdaccio/node-api': minor
+'@verdaccio/active-directory': minor
+'verdaccio-audit': minor
+'verdaccio-auth-memory': minor
+'verdaccio-aws-s3-storage': minor
+'verdaccio-google-cloud': minor
+'verdaccio-memory': minor
+'@verdaccio/ui-theme': minor
+'@verdaccio/proxy': minor
+'@verdaccio/server': minor
+'@verdaccio/store': minor
+'@verdaccio/dev-types': minor
+'@verdaccio/utils': minor
+'verdaccio': minor
+'@verdaccio/web': minor
+---
+
+feat: add server rate limit protection to all request
+
+To modify custom values, use the server settings property.
+
+```markdown
+server:
+
+## https://www.npmjs.com/package/express-rate-limit#configuration-options
+
+rateLimit:
+windowMs: 1000
+max: 10000
+```
+
+The values are intended to be high, if you want to improve security of your server consider
+using different values.

.changeset/olive-candles-speak.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/ui-theme': minor
+---
+
+feat: integrate rematch for ui state storage

.changeset/perfect-candles-clap.md

@@ -0,0 +1,35 @@
+---
+'@verdaccio/api': minor
+'@verdaccio/auth': minor
+'@verdaccio/cli': minor
+'@verdaccio/config': minor
+'@verdaccio/core': minor
+'verdaccio-htpasswd': minor
+'@verdaccio/local-storage': minor
+'@verdaccio/fastify-migration': minor
+'@verdaccio/tarball': minor
+'@verdaccio/types': minor
+'@verdaccio/url': minor
+'@verdaccio/hooks': minor
+'@verdaccio/loaders': minor
+'@verdaccio/logger': minor
+'@verdaccio/middleware': minor
+'@verdaccio/mock': minor
+'@verdaccio/node-api': minor
+'@verdaccio/active-directory': minor
+'verdaccio-auth-memory': minor
+'verdaccio-aws-s3-storage': minor
+'verdaccio-google-cloud': minor
+'verdaccio-memory': minor
+'@verdaccio/ui-theme': minor
+'@verdaccio/proxy': minor
+'@verdaccio/server': minor
+'@verdaccio/cli-standalone': minor
+'@verdaccio/store': minor
+'@verdaccio/utils': minor
+'verdaccio': minor
+'@verdaccio/web': minor
+'@verdaccio/e2e-ui': minor
+---
+
+refactor: remove @verdaccio/commons-api in favor @verdaccio/core and remove duplications

.changeset/perfect-emus-clean.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/cli': major
+---
+
+feat: node 14 as minimum for running cli

.changeset/perfect-kangaroos-agree.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/cli': major
+---
+
+feat: use clipanion over commander

.changeset/plenty-news-remember.md

@@ -0,0 +1,30 @@
+---
+'@verdaccio/auth': major
+'verdaccio-htpasswd': major
+'verdaccio-audit': major
+'@verdaccio/server': major
+'@verdaccio/cli-standalone': major
+---
+
+feat: standalone registry with no dependencies
+
+## Usage
+
+To install a server with no dependencies
+
+```bash
+npm install -g @verdaccio/standalone
+```
+
+with no internet required
+
+```bash
+npm install -g ./tarball.tar.gz
+```
+
+Bundles htpasswd and audit plugins.
+
+### Breaking Change
+
+It does not allow anymore the `auth` and `middleware` property at config file empty,
+it will fallback to those plugins by default.

.changeset/plenty-spiders-melt.md

@@ -0,0 +1,36 @@
+---
+'@verdaccio/api': minor
+'@verdaccio/auth': minor
+'@verdaccio/cli': minor
+'@verdaccio/config': minor
+'@verdaccio/commons-api': minor
+'@verdaccio/file-locking': minor
+'verdaccio-htpasswd': minor
+'@verdaccio/local-storage': minor
+'@verdaccio/readme': minor
+'@verdaccio/streams': minor
+'@verdaccio/types': minor
+'@verdaccio/hooks': minor
+'@verdaccio/loaders': minor
+'@verdaccio/logger': minor
+'@verdaccio/logger-prettify': minor
+'@verdaccio/middleware': minor
+'@verdaccio/mock': minor
+'@verdaccio/node-api': minor
+'@verdaccio/proxy': minor
+'@verdaccio/server': minor
+'@verdaccio/store': minor
+'@verdaccio/dev-types': minor
+'@verdaccio/utils': minor
+'verdaccio': minor
+'@verdaccio/web': minor
+'@verdaccio/website': minor
+---
+
+feat: add typescript project references settings
+
+Reading https://ebaytech.berlin/optimizing-multi-package-apps-with-typescript-project-references-d5c57a3b4440 I realized I can use project references to solve the issue to pre-compile modules on develop mode.
+
+It allows to navigate (IDE) trough the packages without need compile the packages.
+
+Add two `tsconfig`, one using the previous existing configuration that is able to produce declaration files (`tsconfig.build`) and a new one `tsconfig` which is enables [_projects references_](https://www.typescriptlang.org/docs/handbook/project-references.html).

.changeset/plenty-tables-refuse.md

@@ -0,0 +1,6 @@
+---
+'@verdaccio/cli': minor
+'@verdaccio/node-api': minor
+---
+
+feat: improve cli loggin on start up

.changeset/pre.json

@@ -0,0 +1,90 @@
+{
+  "mode": "pre",
+  "tag": "6-next",
+  "initialVersions": {
+    "@verdaccio/api": "6.0.0-alpha.0",
+    "@verdaccio/auth": "6.0.0-alpha.0",
+    "@verdaccio/cli": "6.0.0-alpha.0",
+    "@verdaccio/config": "6.0.0-alpha.0",
+    "@verdaccio/file-locking": "11.0.0-alpha.0",
+    "verdaccio-htpasswd": "11.0.0-alpha.0",
+    "@verdaccio/local-storage": "11.0.0-alpha.0",
+    "@verdaccio/readme": "11.0.0-alpha.0",
+    "@verdaccio/streams": "11.0.0-alpha.0",
+    "@verdaccio/types": "11.0.0-alpha.0",
+    "@verdaccio/hooks": "6.0.0-alpha.0",
+    "@verdaccio/loaders": "6.0.0-alpha.0",
+    "@verdaccio/logger": "6.0.0-alpha.0",
+    "@verdaccio/logger-prettify": "6.0.0-alpha.0",
+    "@verdaccio/middleware": "6.0.0-alpha.0",
+    "@verdaccio/mock": "6.0.0-alpha.0",
+    "@verdaccio/node-api": "6.0.0-alpha.0",
+    "@verdaccio/proxy": "6.0.0-alpha.0",
+    "@verdaccio/server": "6.0.0-alpha.0",
+    "@verdaccio/store": "6.0.0-alpha.0",
+    "@verdaccio/dev-types": "6.0.0-alpha.0",
+    "@verdaccio/utils": "6.0.0-alpha.0",
+    "verdaccio": "6.0.0-alpha.0",
+    "@verdaccio/web": "6.0.0-alpha.0",
+    "@verdaccio/active-directory": "11.0.0-alpha.0",
+    "verdaccio-audit": "11.0.0-alpha.0",
+    "verdaccio-auth-memory": "11.0.0-alpha.0",
+    "verdaccio-aws-s3-storage": "11.0.0-alpha.0",
+    "verdaccio-google-cloud": "11.0.0-alpha.0",
+    "verdaccio-memory": "11.0.0-alpha.0",
+    "@verdaccio/ui-theme": "6.0.0-alpha.1",
+    "@verdaccio/e2e-cli": "1.0.0",
+    "@verdaccio/e2e-ui": "1.0.0",
+    "@verdaccio/cli-standalone": "6.0.0-alpha.3",
+    "@verdaccio/tarball": "11.0.0-alpha.3",
+    "@verdaccio/url": "11.0.0-alpha.3",
+    "@verdaccio/fastify-migration": "6.0.0-6-next.9",
+    "@verdaccio/eslint-config": "1.0.0",
+    "@verdaccio/benchmark": "1.0.0",
+    "@verdaccio/website": "5.1.3",
+    "@verdaccio/core": "6.0.0-next.0",
+    "@verdaccio/helper": "1.0.0"
+  },
+  "changesets": [
+    "afraid-mice-obey",
+    "big-lobsters-sin",
+    "calm-pants-impress",
+    "dry-planes-tap",
+    "eleven-spoons-matter",
+    "few-cooks-destroy",
+    "few-mangos-grow",
+    "fifty-jars-rest",
+    "fuzzy-onions-draw",
+    "gentle-parrots-lay",
+    "gentle-trains-switch",
+    "gold-vans-tease",
+    "healthy-bikes-behave",
+    "healthy-poets-compare",
+    "heavy-ravens-lay",
+    "hip-hounds-destroy",
+    "late-adults-love",
+    "late-parents-act",
+    "little-stingrays-rule",
+    "many-vans-care",
+    "modern-spies-tell",
+    "neat-toes-report",
+    "olive-candles-speak",
+    "perfect-candles-clap",
+    "perfect-emus-clean",
+    "perfect-kangaroos-agree",
+    "plenty-news-remember",
+    "plenty-spiders-melt",
+    "plenty-tables-refuse",
+    "pretty-hounds-tap",
+    "proud-jeans-walk",
+    "red-chefs-float",
+    "shaggy-carrots-unite",
+    "shiny-chefs-heal",
+    "smart-apricots-kneel",
+    "spicy-frogs-press",
+    "tender-bags-call",
+    "three-pots-sit",
+    "two-dolls-check",
+    "wild-jokes-beam"
+  ]
+}

.changeset/pretty-hounds-tap.md

@@ -0,0 +1,29 @@
+---
+'@verdaccio/api': patch
+'@verdaccio/auth': patch
+'@verdaccio/cli': patch
+'@verdaccio/config': patch
+'@verdaccio/commons-api': patch
+'@verdaccio/file-locking': patch
+'verdaccio-htpasswd': patch
+'@verdaccio/local-storage': patch
+'@verdaccio/readme': patch
+'@verdaccio/streams': patch
+'@verdaccio/types': patch
+'@verdaccio/hooks': patch
+'@verdaccio/loaders': patch
+'@verdaccio/logger': patch
+'@verdaccio/logger-prettify': patch
+'@verdaccio/middleware': patch
+'@verdaccio/mock': patch
+'@verdaccio/node-api': patch
+'@verdaccio/proxy': patch
+'@verdaccio/server': patch
+'@verdaccio/store': patch
+'@verdaccio/dev-types': patch
+'@verdaccio/utils': patch
+'verdaccio': patch
+'@verdaccio/web': patch
+---
+
+Enable prerelease mode with **changesets**

.changeset/proud-jeans-walk.md

@@ -0,0 +1,10 @@
+---
+'verdaccio-htpasswd': patch
+'@verdaccio/local-storage': patch
+'@verdaccio/fastify-migration': patch
+'@verdaccio/hooks': patch
+'@verdaccio/mock': patch
+'@verdaccio/node-api': patch
+---
+
+Added core-js missing from dependencies though referenced in .js sources

.changeset/red-chefs-float.md

@@ -0,0 +1,11 @@
+---
+'@verdaccio/store': patch
+'@verdaccio/web': patch
+---
+
+Fix the search by exact name of the package
+
+Full package name queries was not finding anithing. It was happening
+becouse of stemmer of [lunr.js](https://lunrjs.com/).
+
+To fix this, the stemmer of [lunr.js](https://lunrjs.com/) was removed from search pipeline.

.changeset/shaggy-carrots-unite.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/logger': patch
+---
+
+do not show deprecation warning on default logger config

.changeset/shiny-chefs-heal.md

@@ -0,0 +1,5 @@
+---
+'@verdaccio/api': patch
+---
+
+testing changesets

.changeset/smart-apricots-kneel.md

@@ -0,0 +1,79 @@
+---
+'@verdaccio/ui-theme': major
+'@verdaccio/cli-standalone': major
+'@verdaccio/web': major
+---
+
+feat: flexible user interface generator
+
+**breaking change**
+
+The UI does not provide a pre-generated `index.html`, instead the server generates
+the body of the web application based in few parameters:
+
+- Webpack manifest
+- User configuration details
+
+It allows inject html tags, javascript and new CSS to make the page even more flexible.
+
+### Web new properties for dynamic template
+
+The new set of properties are made in order allow inject _html_ and _JavaScript_ scripts within the template. This
+might be useful for scenarios like Google Analytics scripts or custom html in any part of the body.
+
+- metaScripts: html injected before close the `head` element.
+- scriptsBodyAfter: html injected before close the `body` element.
+- bodyAfter: html injected after _verdaccio_ JS scripts.
+
+```yaml
+web:
+  scriptsBodyAfter:
+    - '<script type="text/javascript" src="https://my.company.com/customJS.min.js"></script>'
+  metaScripts:
+    - '<script type="text/javascript" src="https://code.jquery.com/jquery-3.5.1.slim.min.js"></script>'
+    - '<script type="text/javascript" src="https://browser.sentry-cdn.com/5.15.5/bundle.min.js"></script>'
+    - '<meta name="robots" content="noindex" />'
+  bodyBefore:
+    - '<div id="myId">html before webpack scripts</div>'
+  bodyAfter:
+    - '<div id="myId">html after webpack scripts</div>'
+```
+
+### UI plugin changes
+
+- `index.html` is not longer used, template is generated based on `manifest.json` generated by webpack.
+- Plugin must export:
+  - the manifest file.
+  - the manifest files: matcher (array of id that generates required scripts to run the ui)
+  - static path: The absolute path where the files are located in `node_modules`
+
+```
+exports.staticPath = path.join(__dirname, 'static');
+exports.manifest = require('./static/manifest.json');
+exports.manifestFiles = {
+  js: ['runtime.js', 'vendors.js', 'main.js'],
+  css: [],
+  ico: 'favicon.ico',
+};
+```
+
+- Remove font files
+- CSS is inline on JS (this will help with #2046)
+
+### Docker v5 Examples
+
+- Move all current examples to v4 folder
+- Remove any v3 example
+- Create v5 folder with Nginx Example
+
+#### Related tickets
+
+https://github.com/verdaccio/verdaccio/issues/1523
+https://github.com/verdaccio/verdaccio/issues/1297
+https://github.com/verdaccio/verdaccio/issues/1593
+https://github.com/verdaccio/verdaccio/discussions/1539
+https://github.com/verdaccio/website/issues/264
+https://github.com/verdaccio/verdaccio/issues/1565
+https://github.com/verdaccio/verdaccio/issues/1251
+https://github.com/verdaccio/verdaccio/issues/2029
+https://github.com/verdaccio/docker-examples/issues/29

.changeset/spicy-frogs-press.md

@@ -0,0 +1,32 @@
+---
+'verdaccio-htpasswd': major
+---
+
+feat: allow other password hashing algorithms (#1917)
+
+**breaking change**
+
+The current implementation of the `htpasswd` module supports multiple hash formats on verify, but only `crypt` on sign in.
+`crypt` is an insecure old format, so to improve the security of the new `verdaccio` release we introduce the support of multiple hash algorithms on sign in step.
+
+### New hashing algorithms
+
+The new possible hash algorithms to use are `bcrypt`, `md5`, `sha1`. `bcrypt` is chosen as a default, because of its customizable complexity and overall reliability. You can read more about them [here](https://httpd.apache.org/docs/2.4/misc/password_encryptions.html).
+
+Two new properties are added to `auth` section in the configuration file:
+
+- `algorithm` to choose the way you want to hash passwords.
+- `rounds` is used to determine `bcrypt` complexity. So one can improve security according to increasing computational power.
+
+Example of the new `auth` config file section:
+
+```yaml
+auth:
+htpasswd:
+  file: ./htpasswd
+  max_users: 1000
+  # Hash algorithm, possible options are: "bcrypt", "md5", "sha1", "crypt".
+  algorithm: bcrypt
+  # Rounds number for "bcrypt", will be ignored for other algorithms.
+  rounds: 10
+```

.changeset/tender-bags-call.md

@@ -0,0 +1,9 @@
+---
+'@verdaccio/logger': major
+---
+
+logging prettifier only in development mode
+
+- Verdaccio prettify `@verdaccio/logger-prettify` the logging which looks beautiful. But there are scenarios which does not make sense in production. This feature enables disable by default the prettifies if production `NODE_ENV` is enabled.
+- Updates pino.js to `^6.7.0`.
+- Suppress the warning when prettifier is enabled `suppressFlushSyncWarning`

.changeset/three-pots-sit.md

@@ -0,0 +1,33 @@
+---
+'@verdaccio/api': patch
+'@verdaccio/auth': patch
+'@verdaccio/cli': patch
+'@verdaccio/config': patch
+'@verdaccio/commons-api': patch
+'@verdaccio/file-locking': patch
+'verdaccio-htpasswd': patch
+'@verdaccio/local-storage': patch
+'@verdaccio/readme': patch
+'@verdaccio/types': patch
+'@verdaccio/hooks': patch
+'@verdaccio/loaders': patch
+'@verdaccio/logger': patch
+'@verdaccio/logger-prettify': patch
+'@verdaccio/middleware': patch
+'@verdaccio/mock': patch
+'@verdaccio/node-api': patch
+'@verdaccio/proxy': patch
+'@verdaccio/server': patch
+'@verdaccio/store': patch
+'@verdaccio/dev-types': patch
+'@verdaccio/utils': patch
+'verdaccio': patch
+---
+
+ESLint Warnings Fixed
+
+Related to issue #1461
+
+- max-len: most of the sensible max-len errors are fixed
+- no-unused-vars: most of these types of errors are fixed by deleting not needed declarations
+- @typescript-eslint/no-unused-vars: same as above

.changeset/two-dolls-check.md

@@ -0,0 +1,28 @@
+---
+'@verdaccio/cli': major
+'@verdaccio/config': major
+'@verdaccio/types': major
+'@verdaccio/logger': major
+'@verdaccio/node-api': major
+'verdaccio-google-cloud': major
+'verdaccio': major
+---
+
+feat: node api new structure based on promise
+
+```js
+import { runServer } from '@verdaccio/node-api';
+// or
+import { runServer } from 'verdaccio';
+
+const app = await runServer(); // default configuration
+const app = await runServer('./config/config.yaml');
+const app = await runServer({ configuration });
+app.listen(4000, (event) => {
+  // do something
+});
+```
+
+### Breaking Change
+
+If you are using the node-api, the new structure is Promise based and less arguments.

.changeset/wild-jokes-beam.md

@@ -0,0 +1,32 @@
+---
+'@verdaccio/types': minor
+'@verdaccio/ui-theme': minor
+'@verdaccio/web': minor
+---
+
+web: allow ui hide package managers on sidebar
+
+If there is a package manager of preference over others, you can define the package managers to be displayed on the detail page and sidebar, just define in the `config.yaml` and web section the list of package managers to be displayed.
+
+```
+web:
+  title: Verdaccio
+  sort_packages: asc
+  primary_color: #cccccc
+  pkgManagers:
+    - pnpm
+    - yarn
+    # - npm
+```
+
+To disable all package managers, just define empty:
+
+```
+web:
+  title: Verdaccio
+  sort_packages: asc
+  primary_color: #cccccc
+  pkgManagers:
+```
+
+and the section would be hidden.

.circleci/config.yml

@@ -1,177 +0,0 @@
-version: 2
-
-aliases:
-  - &defaults
-    working_directory: ~/verdaccio
-  - &node8_executor
-    docker:
-      - image: circleci/node:8
-  - &node12_browser_executor
-    docker:
-      - image: circleci/node:12-browsers
-  - &node10_executor
-    docker:
-      - image: circleci/node:10
-  - &node11_executor
-    docker:
-    - image: circleci/node:11
-  - &node12_executor
-    docker:
-    - image: circleci/node:12
-  - &default_executor
-    <<: *node12_executor
-  - &repo_key
-    repo-{{ .Branch }}-{{ .Revision }}
-  - &coverage_key
-    coverage-{{ .Branch }}-{{ .Revision }}
-  - &base_config_key
-    base-config-{{ .Branch }}-{{ .Revision }}
-  - &yarn_cache_key
-    yarn-sha-{{ checksum "yarn.lock" }}
-  - &restore_repo
-    attach_workspace:
-      at: ~/verdaccio
-  - &ignore_non_dev_branches
-    filters:
-      tags:
-        only: /.*/
-      branches:
-        ignore:
-          - gh-pages
-          - l10n_master
-          - /release\/.*/
-
-jobs:
-  prepare:
-    <<: *defaults
-    <<: *default_executor
-    steps:
-      - checkout
-      - restore_cache:
-          key: *base_config_key
-      - restore_cache:
-          key: *yarn_cache_key
-      - run:
-          name: Install Js dependencies
-          command: yarn install --no-progress --registry https://registry.verdaccio.org
-      - run:
-          name: Prepare CI
-          command:  yarn run pre:ci
-      - run:
-          name: Build project
-          command: yarn run code:build
-      - save_cache:
-          key: *yarn_cache_key
-          paths:
-            - ~/.yarn
-            - ~/.cache/yarn
-            - node_modules
-      - persist_to_workspace:
-          root: ~/verdaccio
-          paths:
-            - ./*
-
-  test_node8:
-    <<: *defaults
-    <<: *node8_executor
-    steps:
-      - *restore_repo
-      - run:
-          name: Test with Node 8
-          command: |
-            yarn test
-            yarn test:functional  
-  test_node10:
-    <<: *defaults
-    <<: *node10_executor
-    steps:
-      - *restore_repo
-      - run:
-          name: Test with Node 10
-          command: |
-            yarn run test
-            yarn test:functional
-
-  test_node11:
-    <<: *defaults
-    <<: *node11_executor
-    steps:
-    - *restore_repo
-    - run:
-        name: Test with Node 11
-        command: |
-          yarn run test
-          yarn test:functional
-
-  test_node12:
-    <<: *defaults
-    <<: *node12_executor
-    steps:
-    - *restore_repo
-    - run:
-        name: Test with Node 12
-        command: |
-          yarn run test
-          yarn test:functional
-
-  test_e2e:
-    <<: *defaults
-    <<: *node12_browser_executor
-    steps:
-      - *restore_repo
-      - run:
-          name: Test End-to-End
-          command: yarn run test:e2e
-  coverage:
-    <<: *defaults
-    <<: *default_executor
-    steps:
-      - *restore_repo
-      - restore_cache:
-          key: *coverage_key
-      - run:
-          name: Publish coverage
-          command: yarn run coverage:publish
-      - store_artifacts:
-          path: coverage/clover.xml
-          prefix: tests
-      - store_artifacts:
-          path: coverage
-          prefix: coverage
-      - store_test_results:
-          path: coverage/clover.xml
-
-workflows:
-  version: 2
-  workflow:
-    jobs:
-      - prepare:
-          <<: *ignore_non_dev_branches
-      - test_node8:
-          requires:
-            - prepare
-          <<: *ignore_non_dev_branches
-      - test_node10:
-          requires:
-            - prepare
-          <<: *ignore_non_dev_branches
-      - test_node11:
-          requires:
-          - prepare
-          <<: *ignore_non_dev_branches
-      - test_node12:
-          requires:
-          - prepare
-          <<: *ignore_non_dev_branches
-      - test_e2e:
-          requires:
-            - prepare
-          <<: *ignore_non_dev_branches
-      - coverage:
-          requires:
-            - test_node8
-            - test_node10
-            - test_node11
-            - test_node12
-            - test_e2e
-          <<: *ignore_non_dev_branches

.dockerignore

@@ -10,15 +10,20 @@
 # e.g.
 !.babelrc
 !.eslintrc
-!.prettierrc
+!.prettierrc.json
+!.prettierignore
 !.eslintignore
 !.stylelintrc
-!.flowconfig
-!.jest.config.js
-!.jestEnvironment.js
 
-# do not copy over node_modules we will run `npm install` anyway
+# do not copy over node_modules we will run `pnpm install` anyway
 node_modules
+website
+jest
+docs
+contrib
+docker-examples
+website
+systemd
 
 # output from test runs and similar things
 *.log

.editorconfig

@@ -7,6 +7,7 @@ end_of_line = lf
 insert_final_newline = true
 
 # 2 space indentation
-[{.,}*.{js,jsx,yml,yaml}]
+[{.,}*.{ts,tsx,js,jsx,yml,yaml}]
 indent_style = space
 indent_size = 2
+quote_type = single

.eslintignore

@@ -1,19 +1,13 @@
-node_modules
-coverage/
-wiki/
-static/
-flow-typed/
-website/
+**/fixtures/**
+**/mock/store/**
+**/partials/**
+**/types/custom.d.ts
 build/
-*.md
-*.lock
-*.yaml
-Dockerfile
-*.rpi
-*.html
-*.scss
-*.png
-*.jpg
-*.sh
-test/unit/partials/
-types/custom.d.ts
+coverage/
+node_modules/
+static/
+website/
+wiki/
+dist/
+docs/
+test/functional/store/*

.eslintrc

@@ -1,13 +0,0 @@
-{
-  "extends": [
-    "@verdaccio"
-  ],
-  "rules": {
-    "@typescript-eslint/no-var-requires": ["warn"],
-    "@typescript-eslint/no-use-before-define": 0,
-    "@typescript-eslint/array-type": ["warn"],
-    "@typescript-eslint/no-explicit-any": 0,
-    "@typescript-eslint/indent": 0,
-    "@typescript-eslint/interface-name-prefix": 0
-  }
-}

.eslintrc.js

@@ -0,0 +1,3 @@
+module.exports = {
+  extends: ['@verdaccio/eslint-config'],
+};

.gitattributes

@@ -0,0 +1,199 @@
+## GITATTRIBUTES FOR WEB PROJECTS
+#
+# These settings are for any web project.
+#
+# Details per file setting:
+#   text    These files should be normalized (i.e. convert CRLF to LF).
+#   binary  These files are binary and should be left untouched.
+#
+# Note that binary is a macro for -text -diff.
+######################################################################
+
+# Auto detect
+##   Handle line endings automatically for files detected as
+##   text and leave all files detected as binary untouched.
+##   This will handle all files NOT defined below.
+*                 text=lf
+
+# Source code
+*.bash            text eol=lf
+*.bat             text eol=crlf
+*.cmd             text eol=crlf
+*.coffee          text eol=lf
+*.css             text eol=lf
+*.htm             text diff=html
+*.html            text diff=html
+*.inc             text eol=lf
+*.ini             text eol=lf
+*.js              text eol=lf
+*.json            text eol=lf
+*.jsx             text eol=lf
+*.less            text eol=lf
+*.ls              text eol=lf
+*.map             text -diff
+*.od              text eol=lf
+*.onlydata        text eol=lf
+*.php             text diff=php
+*.pl              text eol=lf
+*.ps1             text eol=crlf
+*.py              text diff=python
+*.rb              text diff=ruby
+*.sass            text eol=lf
+*.scm             text eol=lf
+*.scss            text diff=css
+*.sh              text eol=lf
+*.sql             text eol=lf
+*.styl            text eol=lf
+*.tag             text eol=lf
+*.ts              text eol=lf
+*.tsx             text eol=lf
+*.xml             text eol=lf
+*.xhtml           text diff=html
+
+# Docker
+Dockerfile        text eol=lf
+
+# Documentation
+*.ipynb           text eol=lf
+*.markdown        text eol=lf
+*.md              text eol=lf
+*.mdwn            text eol=lf
+*.mdown           text eol=lf
+*.mkd             text eol=lf
+*.mkdn            text eol=lf
+*.mdtxt           text eol=lf
+*.mdtext          text eol=lf
+*.txt             text eol=lf
+AUTHORS           text eol=lf
+CHANGELOG         text eol=lf
+CHANGES           text eol=lf
+CONTRIBUTING      text eol=lf
+COPYING           text eol=lf
+copyright         text eol=lf
+*COPYRIGHT*       text eol=lf
+INSTALL           text eol=lf
+license           text eol=lf
+LICENSE           text eol=lf
+NEWS              text eol=lf
+readme            text eol=lf
+*README*          text eol=lf
+TODO              text eol=lf
+
+# Templates
+*.dot             text eol=lf
+*.ejs             text eol=lf
+*.haml            text eol=lf
+*.handlebars      text eol=lf
+*.hbs             text eol=lf
+*.hbt             text eol=lf
+*.jade            text eol=lf
+*.latte           text eol=lf
+*.mustache        text eol=lf
+*.njk             text eol=lf
+*.phtml           text eol=lf
+*.tmpl            text eol=lf
+*.tpl             text eol=lf
+*.twig            text eol=lf
+*.vue             text eol=lf
+
+# Configs
+*.cnf             text eol=lf
+*.conf            text eol=lf
+*.config          text eol=lf
+.editorconfig     text eol=lf
+.env              text eol=lf
+.gitattributes    text eol=lf
+.gitconfig        text eol=lf
+.htaccess         text eol=lf
+*.lock            text -diff
+package-lock.json text -diff
+*.toml            text eol=lf
+*.yaml            text eol=lf
+*.yml             text eol=lf
+browserslist      text eol=lf
+Makefile          text eol=lf
+makefile          text eol=lf
+
+# Heroku
+Procfile          text eol=lf
+
+# Graphics
+*.ai              binary
+*.bmp             binary
+*.eps             binary
+*.gif             binary
+*.gifv            binary
+*.ico             binary
+*.jng             binary
+*.jp2             binary
+*.jpg             binary
+*.jpeg            binary
+*.jpx             binary
+*.jxr             binary
+*.pdf             binary
+*.png             binary
+*.psb             binary
+*.psd             binary
+# SVG treated as an asset (binary) by default.
+*.svg             text eol=lf
+# If you want to treat it as binary,
+# use the following line instead.
+# *.svg           binary
+*.svgz            binary
+*.tif             binary
+*.tiff            binary
+*.wbmp            binary
+*.webp            binary
+
+# Audio
+*.kar             binary
+*.m4a             binary
+*.mid             binary
+*.midi            binary
+*.mp3             binary
+*.ogg             binary
+*.ra              binary
+
+# Video
+*.3gpp            binary
+*.3gp             binary
+*.as              binary
+*.asf             binary
+*.asx             binary
+*.fla             binary
+*.flv             binary
+*.m4v             binary
+*.mng             binary
+*.mov             binary
+*.mp4             binary
+*.mpeg            binary
+*.mpg             binary
+*.ogv             binary
+*.swc             binary
+*.swf             binary
+*.webm            binary
+
+# Archives
+*.7z              binary
+*.gz              binary
+*.jar             binary
+*.rar             binary
+*.tar             binary
+*.zip             binary
+
+# Fonts
+*.ttf             binary
+*.eot             binary
+*.otf             binary
+*.woff            binary
+*.woff2           binary
+
+# Executables
+*.exe             binary
+*.pyc             binary
+
+# RC files (like .babelrc or .eslintrc)
+*.*rc             text eol=lf
+
+# Ignore files (like .npmignore or .gitignore)
+*.*ignore         text eol=lf

.github/FUNDING.yml

@@ -1 +1,2 @@
 open_collective: verdaccio
+github: verdaccio

.github/ISSUE_TEMPLATE/Bug_report.md

@@ -1,66 +0,0 @@
----
-name: Bug report
-about: Create a report to help us improve
----
-
-<!-- 
-Hi folk, please read carefully the following points, all this information is what you need to share and make the process efficient
-so eveyrbody can understand your issue, please notice if you don't fill any of this points our friendly boot will remind you to do it or
-close automatically the issue. Removing the sections you considere are irrelevant for your issue is totally ok. 
-
-If you have questions, you might rather join use over Discord https://chat.verdaccio.org
-
-As reminder, we have code of conduct all of us we must follow https://github.com/verdaccio/verdaccio/blob/master/CODE_OF_CONDUCT.md 
--->
-
-**Describe the bug**
-<!-- A clear and concise description of what the bug is. -->
-
-**To Reproduce**
-<!-- How to reproduce the issue -->
-
-Steps to reproduce the behavior:
-1. Go to '...'
-2. Click on '....'
-3. Scroll down to '....'
-4. See error
-
-**Expected behavior**
-<!-- A clear and concise description of what you expected to happen. -->
-
-**Screenshots**
-If applicable, add screenshots to help explain your problem.
-
-**Docker || Kubernetes (please complete the following information):**
- - Docker verdaccio tag: [e.g. verdaccio:4.x]
- - Docker commands [e.g. docker pull ...]
- - Docker Version [e.g. v18.05.0-ce-rc1]
-
-**Configuration File (cat ~/.config/verdaccio/config.yaml)**
-
-<!-- Please be careful do not leak any sensitive information, remove tokens -->
-
-**Environment information**
-
-<!-- 
-  Please paste the results of `verdaccio --info` here (only if you are using >4.0.0). 
-  Share, Node.js, node package manager used (npm, yarn or pnpm) and the version.
-  The verdaccio version is really important, run `verdaccio --version` if you don't know it.
--->
-
-**Debugging output**
-<!-- If you are contributing and need to share internal stuff, here some useful commands to get more verbose output -->
-
- - `$ NODE_DEBUG=request verdaccio` display request calls (verdaccio <--> uplinks)
- - `$ DEBUG=express:* verdaccio` enable extreme verdaccio debug mode (verdaccio api)
- - `$ npm -ddd` prints:
- - `$ npm config get registry` prints:
-
-**Additional context**
-
-<!-- 
-
-If there is something else to share, screenshots, log files, or link references to other tickets.
-IMPORTANT: please do not attach log files, rather copy the content so is indexable for future search.
--->
-

.github/ISSUE_TEMPLATE/Feature_request.md

@@ -1,17 +0,0 @@
----
-name: Feature request
-about: Suggest an idea for this project
-
----
-
-**Is your feature request related to a problem? Please describe.**
-A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
-
-**Describe the solution you'd like**
-A clear and concise description of what you want to happen.
-
-**Describe alternatives you've considered**
-A clear and concise description of any alternative solutions or features you've considered.
-
-**Additional context**
-Add any other context or screenshots about the feature request here.

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,71 @@
+---
+name: Bug report 🐛
+about: A feature is not working as is expected, I want to report a bug
+labels: 'issue: needs triage'
+title: ''
+assignees: ''
+---
+
+<!-- PLEASE READ THIS:  
+ - If you are not sure is a bug, OPEN a DISCUSSION, if is a legitimate bug, is easy to create a bug from a discussion.
+ - Empty reports won't be considered and eventually be closed by a bot.
+ - Include debugging notes will help to fix it faster, HOW TO: https://github.com/verdaccio/verdaccio/wiki/Debugging-Verdaccio 
+ - If you remove this template, ticket will be closed immediately.
+ - No English perfect is required, use public translators if is need it, we will do our best to help you.
+ - Extra bonus: The most complete this report is delivered, the faster you will get a response.
+ - Extra bonus: include screenshots, logs (remove sensitive data).
+ - If you are willing to fix it, there is a checkbox at the bottom.
+-->
+
+**Your Environment**
+  <!-- bug below the version 5.x will be closed, see SECURITY.md for more details -->
+ * **verdaccio version**: 5.x.x
+ * **node version** [12.x.x, 14.x.x]:
+ * **package manager**: [npm@7, pnpm@6, yarn@2]
+ * **os**: [mac, windows@10, linux]
+ * **platform**: [npm, docker, helm, other]
+
+**Describe the bug**
+
+<!-- A clear and concise description of what the bug is. -->
+
+**To Reproduce**
+
+<!-- IMPORTANT:
+ - How to reproduce the issue
+ - Steps to reproduce the issue
+
+Be aware, the lack of reproducible steps the issue might cause your ticket to be closed.
+-->
+
+**Expected behavior**
+
+<!-- A clear and concise description of what you expected to happen. -->
+
+**Screenshots, server logs, package manager log**
+
+<!-- If applicable, add screenshots to help explain your problem.  -->
+
+**Configuration File (cat ~/.config/verdaccio/config.yaml)**
+
+<!-- Please be careful do not leak any sensitive information, remove tokens -->
+
+**Environment information**
+
+<!-- Please paste the results of running `verdaccio --info` -->
+
+**Debugging output**
+
+- `$ NODE_DEBUG=request verdaccio` display request calls (verdaccio <--> uplinks)
+- `$ DEBUG=verdaccio* verdaccio` enable extreme verdaccio debug mode (verdaccio api)
+- `$ npm -ddd` prints:
+- `$ npm config get registry` prints:
+
+**Contribute to Verdaccio**
+
+- [ ] I'm willing to fix this bug 🥇 
+
+<!--
+
+IMPORTANT: please do not attach external files, all content should be visible from any device.
+-->

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,14 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Question 🤷🏻‍♂️
+    url: https://github.com/verdaccio/verdaccio/discussions/new?category=q-a
+    about: 🆕 Open a new Q&A discussion 🙏
+  - name: Security Report 🛡
+    url: https://github.com/verdaccio/verdaccio/security/policy
+    about: I want to report a security vulnerability
+  - name: Chat 🏘
+    url: https://discord.gg/7qWJxBf
+    about: For a quick question you should do it through our community chat
+  - name: User Interface Report 👩🏼‍🎨👨🏼‍🎨
+    url: https://github.com/verdaccio/ui/issues/new/choose
+    about: Any report related with the User Interface should be posted in another repository

.github/ISSUE_TEMPLATE/feature.md

@@ -0,0 +1,36 @@
+---
+name: 'Feature Request 🔮'
+about: You want a feature request.
+title: ''
+labels: 'topic: feature request'
+assignees: ''
+---
+
+<!--
+IMPORTANT: If you don't have an action plan, please consider create a DISCUSSION (idea) instead for an open a feature request issue.
+
+https://github.com/verdaccio/verdaccio/discussions/new
+
+Verdaccio is a project addressed for voluntaries, if you appreciate this project consider to donate.
+1$/5$ or custom amount single contribution
+
+or monthly
+1$/month - minimal contribution
+5$/month - nice contribution
+
+https://github.com/sponsors/verdaccio
+
+As reminder, the Open Source must be sustainable.
+-->
+
+**Is your feature request related to a problem?**
+Please describe a clear and concise description of what the problem is. E.g. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/dependabot.yml

@@ -0,0 +1,25 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  # Maintain dependencies for GitHub Actions
+  - package-ecosystem: 'github-actions'
+    directory: '/'
+    schedule:
+      interval: 'weekly'
+
+  # Maintain dependencies for npm
+  - package-ecosystem: 'npm'
+    directory: '/'
+    schedule:
+      interval: 'daily'
+    allow:
+      - dependency-name: '@verdaccio/*'
+      - dependency-name: 'verdaccio-*'
+    assignees:
+      - 'verdacciobot'
+    labels:
+      - 'bot: dependencies'

.github/disabled/e2e-angular-cli-workflow.yml

@@ -0,0 +1,131 @@
+on:
+  schedule:
+    - cron: '0 3 * * 5'
+  pull_request:
+    branches:
+      - '**'
+
+name: 'E2E Angular CLI with verdaccio'
+jobs:
+  # todo: fix yarn global issue, cannot find ng
+  #  yarn:
+  #    strategy:
+  #      fail-fast: false
+  #      matrix:
+  #        os: [ubuntu-latest, windows-latest]
+  #
+  #    name: '${{ matrix.os }} / yarn:angular example'
+  #    runs-on: ${{ matrix.os }}
+  #
+  #    steps:
+  #      - uses: actions/checkout@v2.3.1
+  #
+  #      - name: 'Use Node.js 10.x'
+  #        uses: actions/setup-node@v2.1.1
+  #        with:
+  #          node-version: 10.x
+  #      - name: Install Dependencies
+  #        run: yarn install --pure-lockfile
+  #      - name: 'Run verdaccio in the background'
+  #        run: |
+  #          nohup node ./scripts/run-verdaccio.js &
+  #      - name: 'Ping to verdaccio'
+  #        run: |
+  #          npm ping --registry http://localhost:4873
+  #      - name: 'Running the integration test'
+  #        run: |
+  #          source scripts/e2e-setup-ci.sh
+  #          yarn init --yes
+  #
+  #          yarn global add @angular/cli
+  #          which nodemon
+  #          ng new verdaccio-angular --interactive=false
+  #
+  #          cd verdaccio-angular
+  #          echo "registry=http://localhost:4873" > ~/.npmrc
+  #          yarn add @angular-devkit/core@next @babel/preset-env @babel/core -D
+  #
+  #          ng build --aot
+  npm:
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, windows-latest]
+
+    name: '${{ matrix.os }} / npm:angular example'
+    runs-on: ${{ matrix.os }}
+
+    steps:
+      - uses: actions/checkout@v2.3.1
+
+      - name: 'Use Node.js 10.x'
+        uses: actions/setup-node@v2.1.1
+        with:
+          node-version: 10.x
+      - name: 'install latest npm'
+        run: npm i -g npm
+      - name: Install Dependencies
+        run: yarn install --pure-lockfile
+      - name: 'Run verdaccio in the background'
+        run: |
+          nohup node ./scripts/run-verdaccio.js &
+      - name: 'Ping to verdaccio'
+        run: |
+          npm ping --registry http://localhost:4873
+      - name: 'Running the integration test'
+        run: |
+          source scripts/e2e-setup-ci.sh
+          echo "registry=http://localhost:4873" > ~/.npmrc
+          npm config set loglevel="http"
+          npm config set fetch-retries="5"
+          npm config set fetch-retry-factor="50"
+          npm config set fetch-retry-mintimeout="20000"
+          npm config set fetch-retry-maxtimeout="80000"
+          npm install -g @angular/cli
+          ng new verdaccio-angular --interactive=false
+
+          cd verdaccio-angular
+          npm install @angular-devkit/core@next @babel/preset-env @babel/core -D
+
+          npm run ng build --aot
+
+#  pnpm throws errors worth to check why
+#  pnpm:
+#    strategy:
+#      fail-fast: false
+#      matrix:
+#        os: [ubuntu-latest, windows-latest]
+#
+#    name: '${{ matrix.os }} / pnpm:angular example'
+#    runs-on: ${{ matrix.os }}
+#
+#    steps:
+#      - uses: actions/checkout@v2.3.1
+#
+#      - name: 'Use Node.js 10.x'
+#        uses: actions/setup-node@v2.1.1
+#        with:
+#          node-version: 10.x
+#      - name: 'install latest pnpm'
+#        run: npm i -g pnpm
+#      - name: Install Dependencies
+#        run: yarn install --pure-lockfile
+#      - name: 'Run verdaccio in the background'
+#        run: |
+#          nohup node ./scripts/run-verdaccio.js &
+#      - name: 'Ping to verdaccio'
+#        run: |
+#          pnpm ping --registry http://localhost:4873
+#      - name: 'Running the integration test'
+#        run: |
+#          source scripts/e2e-setup-ci.sh
+#          pnpm init --force
+#
+#          pnpm install -g @angular/cli
+#          ng new verdaccio-angular --interactive=false
+#
+#          cd verdaccio-angular
+#          echo "registry=http://localhost:4873" > ~/.npmrc
+#          pnpm install @angular-devkit/core@next @babel/preset-env @babel/core -D
+#
+#          pnpm run ng build --aot

.github/disabled/e2e-gatsbyjs-cli-workflow.yml

@@ -0,0 +1,49 @@
+on:
+  schedule:
+    - cron: '0 3 * * 5'
+  pull_request:
+    branches:
+      - '**'
+
+name: 'E2E Gatsby.js CLI with verdaccio'
+jobs:
+  npm:
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, windows-latest]
+
+    name: '${{ matrix.os }} / npm:gatsby example'
+    runs-on: ${{ matrix.os }}
+
+    steps:
+      - uses: actions/checkout@v2.3.3
+
+      - name: 'Use Node.js 14.x'
+        uses: actions/setup-node@v2.1.5
+        with:
+          node-version: 14.x
+      - name: 'install latest npm'
+        run: npm i -g npm@latest-6
+      - name: Install Dependencies
+        run: yarn install
+      - name: 'Run verdaccio in the background'
+        run: |
+          nohup node ./scripts/run-verdaccio.js --config ./scripts/e2e-config.yaml &
+      - name: 'Ping to verdaccio'
+        run: |
+          npm ping --registry http://localhost:4873
+      - name: 'Running the integration test'
+        run: |
+          source scripts/e2e-setup-ci.sh
+          echo "registry=http://localhost:4873
+          loglevel="silent"
+          fetch-retries=10
+          fetch-retry-factor=2
+          fetch-retry-mintimeout=10000
+          fetch-retry-maxtimeout=80000" > ~/.npmrc
+          npm config list
+          npm i -g gatsby
+          gatsby new my-gatsby
+          cd my-gatsby
+          npm run build

.github/disabled/e2e-jest-workflow.yml

@@ -0,0 +1,121 @@
+on:
+  schedule:
+    - cron: '0 3 * * 5'
+  pull_request:
+    branches:
+      - '**'
+
+name: 'E2E Jest with verdaccio'
+jobs:
+  yarn:
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, windows-latest]
+
+    name: '${{ matrix.os }} / yarn:jest example'
+    runs-on: ${{ matrix.os }}
+
+    steps:
+      - uses: actions/checkout@v2.3.1
+
+      - name: 'Use Node.js 10.x'
+        uses: actions/setup-node@v2.1.1
+        with:
+          node-version: 10.x
+      - name: Install Dependencies
+        run: yarn install --pure-lockfile
+      - name: 'Run verdaccio in the background'
+        run: |
+          nohup node ./scripts/run-verdaccio.js &
+      - name: 'Ping to verdaccio'
+        run: |
+          npm ping --registry http://localhost:4873
+      - name: 'Running the integration test'
+        run: |
+          source scripts/e2e-setup-ci.sh
+          yarn init --yes
+          yarn add jest --registry http://localhost:4873
+
+          echo "it('should pass', () => { expect(true).toBeTruthy(); });" | tee pass.test.js
+          yarn jest pass.test.js
+
+          yarn add left-pad --registry http://localhost:4873 --verbose
+          echo "const leftPad = require('left-pad'); it('should resolve a module', () => { expect(typeof leftPad).toBe('function');});" | tee module.test.js
+          yarn jest module.test.js
+  npm:
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, windows-latest]
+
+    name: '${{ matrix.os }} / npm:jest example'
+    runs-on: ${{ matrix.os }}
+
+    steps:
+      - uses: actions/checkout@v2.3.1
+
+      - name: 'Use Node.js 10.x'
+        uses: actions/setup-node@v2.1.1
+        with:
+          node-version: 10.x
+      - name: 'install latest npm'
+        run: npm i -g npm
+      - name: Install Dependencies
+        run: yarn install --pure-lockfile
+      - name: 'Run verdaccio in the background'
+        run: |
+          nohup node ./scripts/run-verdaccio.js &
+      - name: 'Ping to verdaccio'
+        run: |
+          npm ping --registry http://localhost:4873
+      - name: 'Running the integration test'
+        run: |
+          source scripts/e2e-setup-ci.sh
+          npm init --force
+          npm install jest --registry http://localhost:4873
+
+          echo "it('should pass', () => { expect(true).toBeTruthy(); });" | tee pass.test.js
+          yarn jest pass.test.js
+
+          yarn add left-pad --registry http://localhost:4873 --verbose
+          echo "const leftPad = require('left-pad'); it('should resolve a module', () => { expect(typeof leftPad).toBe('function');});" | tee module.test.js
+          yarn jest module.test.js
+  pnpm:
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, windows-latest]
+
+    name: '${{ matrix.os }} / pnpm:jest example'
+    runs-on: ${{ matrix.os }}
+
+    steps:
+      - uses: actions/checkout@v2.3.1
+
+      - name: 'Use Node.js 10.x'
+        uses: actions/setup-node@v2.1.1
+        with:
+          node-version: 10.x
+      - name: 'install latest pnpm'
+        run: npm i -g pnpm
+      - name: Install Dependencies
+        run: yarn install --pure-lockfile
+      - name: 'Run verdaccio in the background'
+        run: |
+          nohup node ./scripts/run-verdaccio.js &
+      - name: 'Ping to verdaccio'
+        run: |
+          pnpm ping --registry http://localhost:4873
+      - name: 'Running the integration test'
+        run: |
+          source scripts/e2e-setup-ci.sh
+          pnpm init --force
+          pnpm install jest --registry http://localhost:4873
+
+          echo "it('should pass', () => { expect(true).toBeTruthy(); });" | tee pass.test.js
+          yarn jest pass.test.js
+
+          yarn add left-pad --registry http://localhost:4873 --verbose
+          echo "const leftPad = require('left-pad'); it('should resolve a module', () => { expect(typeof leftPad).toBe('function');});" | tee module.test.js
+          yarn jest module.test.js

.github/disabled/registry.yml

@@ -0,0 +1,13 @@
+name: Test local registry for js vulnerabilities
+
+on:
+  schedule:
+    - cron: '0 4 * * 4'
+jobs:
+  security:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Test for public javascript library vulnerabilities
+        uses: lirantal/is-website-vulnerable@1.15.10
+        with:
+          scan-url: 'https://registry.verdaccio.org'

.github/disabled/release-canary.yml

@@ -0,0 +1,35 @@
+name: Canary Release to Verdaccio
+
+on:
+  pull_request:
+    paths:
+      - .github/workflows/release-canary.yml
+      - 'packages/**'
+      - 'package.json'
+      - 'lerna.json'
+
+jobs:
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Use Node (latest)
+        uses: actions/setup-node@v1
+        with:
+          node_version: 13
+      - name: Install
+        run: yarn --frozen-lockfile
+      - name: Clean
+        run: yarn clean
+      - name: Lint
+        run: yarn lint
+      - name: Build
+        run: yarn build
+      - name: Test
+        run: yarn test
+      - name: Publish
+        run: |
+          echo "//registry.verdaccio.org/:_authToken=${{ secrets.VERDACCIO_TOKEN }}" > .npmrc
+          git update-index --assume-unchanged .npmrc
+          yarn publish:canary

.github/lock.yml

@@ -13,11 +13,11 @@ lockLabel: false
 lockComment: >
   🤖This thread has been automatically locked 🔒 since there has not been
   any recent activity after it was closed. 
-  
+
   We lock tickets after 90 days with the idea to encourage you to open a ticket with new fresh data 
   and to provide you better feedback 🤝and better visibility 👀. 
-  
-  If you consider, can attach this ticket 📨to the new one as a reference for better context.
+
+  If you consider, you can attach this ticket 📨 to the new one as a reference for better context.
 
   Thanks for being a part of the Verdaccio community! 💘
 
@@ -26,9 +26,10 @@ lockComment: >
 
 # Optionally, specify configuration settings just for `issues` or `pulls`
 issues:
- exemptLabels:
-   - help-wanted
- lockLabel: outdated
+  exemptLabels:
+    - help-wanted
+  lockLabel: outdated
 
 pulls:
- daysUntilLock: 10
+  daysUntilLock: 90
+  lockLabel: outdated

.github/main.workflow

@@ -1,97 +0,0 @@
-workflow "Docker && Publish Pre-check" {
-  resolves = [
-    "Docker build health check",
-    "Test Publish Verdaccio",
-  ]
-  on = "push"
-}
-
-action "Docker build health check" {
-  uses = "actions/docker/cli@8cdf801b322af5f369e00d85e9cf3a7122f49108"
-  args = "build ."
-  env = {
-    VERDACCIO_BUILD_REGISTRY = "https://registry.verdaccio.org"
-  }
-}
-
-action "Test Publish Verdaccio" {
-  uses = "verdaccio/github-actions/publish@v0.1.0"
-  needs = ["Docker build health check"]
-  args = "-d"
-}
-
-workflow "release" {
-  resolves = [
-    "github-release",
-    "release:lint",
-    "release:build",
-  ]
-  on = "push"
-}
-
-action "release:tag-filter" {
-  uses = "actions/bin/filter@master"
-  args = "tag v*"
-}
-
-action "release:install" {
-  uses = "docker://node:10"
-  needs = ["release:tag-filter"]
-  args = "yarn install --frozen-lockfile"
-}
-
-action "release:build" {
-  uses = "docker://node:10"
-  needs = ["release:install"]
-  args = "yarn run code:build"
-}
-
-action "release:lint" {
-  uses = "docker://node:10"
-  needs = ["release:install"]
-  args = "yarn run lint"
-}
-
-action "release:publish" {
-  needs = ["release:build"]
-  uses = "docker://node:10"
-  args = "sh scripts/publish.sh"
-  secrets = [
-    "REGISTRY_AUTH_TOKEN",
-  ]
-  env = {
-    REGISTRY_URL = "registry.npmjs.org"
-  }
-}
-
-action "github-release" {
-  needs = ["release:publish"]
-  uses = "docker://node:10"
-  args = "sh scripts/github-release.sh"
-  secrets = [
-    "GITHUB_TOKEN",
-  ]
-}
-
-action "branch-filter" {
-  uses = "actions/bin/filter@master"
-  args = "branch"
-}
-
-action "install" {
-  needs = ["branch-filter"]
-  uses = "docker://node:10"
-  args = "yarn install --frozen-lockfile"
-}
-
-action "build" {
-  uses = "docker://node:10"
-  needs = ["install"]
-  args = "yarn run code:build"
-}
-
-action "lint" {
-  uses = "docker://node:10"
-  needs = ["install"]
-  args = "yarn run lint"
-}

.github/pull_request_template.md

@@ -1,27 +0,0 @@
-<!--
-
-Before Pull Request check whether your commits follow this convention
-
-https://github.com/verdaccio/verdaccio/blob/master/CONTRIBUTING.md#git-commit-guidelines
-
-  * If your PR fix an issue don't forget to update the unit test and documentation in /docs folder
-  * If your PR delivers a new feature, please, provide examples and why such feature should be considered.
-  * Document your changes /docs
-  * Add unit test
-  * Follow the commit guidelines in order to get a quick approval
-
-Pick one/multiple type, if none apply please suggest one, we might be included it by default
-
-eg: bug / feature / documentation / unit test / build
-
--->
-**Type:**
-
-The following has been addressed in the PR:
-
-*  There is a related issue?
-*  Unit or Functional tests are included in the PR
-
-**Description:**
-
-<!-- Resolves #??? -->

.github/stale.yml

@@ -1,7 +1,7 @@
 # Number of days of inactivity before an issue becomes stale
-daysUntilStale: 15
+daysUntilStale: 365
 # Number of days of inactivity before a stale issue is closed
-daysUntilClose: 10
+daysUntilClose: 500
 # Issues with these labels will never be considered stale
 exemptLabels:
   - dev: high priority
@@ -10,17 +10,17 @@ exemptLabels:
   - issue: bug
   - dev: discuss
 # Label to use when marking an issue as stale
-staleLabel: issue: wontfix
+staleLabel: 'issue: wontfix'
 # Comment to post when marking an issue as stale. Set to `false` to disable
 markComment: >
- Hi pal 👋🏼!
+  Hi pal 👋🏼!
 
- This issue has gone quiet 😶.
+  This issue has gone quiet 😶.
 
-  We get a lot of issues, so we currently close issues after 25 days of inactivity. It’s been at least 15 days since the last update here.
-  If we missed this issue or if you want to keep it open, please reply here. You can also add/suggest the label "discuss" to keep this issue open!
-  As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request. Check out [https://github.com/verdaccio/contributing](https://github.com/verdaccio/contributing) for more information about opening PRs, triaging issues, and contributing!
+   We get a lot of issues, so we currently close issues after 180 days of inactivity. It’s been at least 90c days since the last update here.
+   If we missed this issue or if you want to keep it open, please reply here. You can also add/suggest the label "discuss" to keep this issue open!
+   As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request. Check out [https://github.com/verdaccio/contributing](https://github.com/verdaccio/contributing) for more information about opening PRs, triaging issues, and contributing!
 
-  Thanks for being a part of the Verdaccio community! 💘
+   Thanks for being a part of the Verdaccio community! 💘
 # Comment to post when closing a stale issue. Set to `false` to disable
 closeComment: false

.github/workflows/benchmark.yml

@@ -0,0 +1,171 @@
+---
+name: ci - benchmark
+
+on:
+  workflow_dispatch:
+  schedule:
+    # 3 times day
+    # collecting enough data to draw some graphics
+    - cron: '0 1 * * *'
+  # push:
+  #   branches:
+  #     - master
+jobs:
+  prepare: 
+    name: Prepare build
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-node@v2
+        with:
+          node-version: 14.x
+      - name: install pnpm
+        run: sudo npm i pnpm@6.6.1 -g
+      - name: set store
+        run: | 
+          mkdir ~/.pnpm-store
+          pnpm config set store-dir ~/.pnpm-store     
+      - name: setup pnpm config registry
+        run: pnpm config set registry https://registry.verdaccio.org
+      - name: install dependencies
+        run: pnpm install
+      - name: Cache .pnpm-store
+        uses: actions/cache@v2
+        with:
+          path: ~/.pnpm-store
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+          restore-keys: |
+            pnpm-              
+      - name: build
+        run: pnpm build
+      - name: tar packages
+        run: |      
+          tar -czvf ${{ github.workspace }}/pkg.tar.gz -C ${{ github.workspace }}/packages .
+      - uses: actions/upload-artifact@v2
+        with:
+          name: verdaccio-artifact
+          path: pkg.tar.gz
+  benchmark-autocannon:
+    needs: prepare
+    strategy:
+      fail-fast: false
+      matrix:
+        benchmark:
+          - info
+          - tarball
+        verdaccioVersion:
+          # - local
+          - 3.13.1
+          - 4.12.2
+          - 5.1.3
+          - 6.0.0-6-next.24
+    name: Benchmark autocannon
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-node@v2
+        with:
+          node-version: 14.x
+      - uses: actions/download-artifact@v2
+        with:
+          name: verdaccio-artifact
+      - name: untar packages
+        run: tar -xzvf pkg.tar.gz -C ${{ github.workspace }}/packages          
+      - name: install pnpm
+        # require fixed version
+        run: sudo npm i pnpm@6.6.1 -g
+      - uses: actions/cache@v2
+        with:
+          path: ~/.pnpm-store
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}   
+      - name: install dependencies
+        run: pnpm install    
+      - name: start registry
+        run: ./scripts/benchmark-prepare.sh ${{matrix.verdaccioVersion}}        
+      - name: benchmark        
+        run: pnpm benchmark:api -- -v ${{matrix.verdaccioVersion}} -f ${{matrix.benchmark}}       
+        shell: bash
+        env:
+          DEBUG: metrics*
+      - uses: actions/upload-artifact@v2
+        with:
+          name: verdaccio-metrics-api
+          path: ./api-results-${{matrix.verdaccioVersion}}-${{matrix.benchmark}}.json  
+          if-no-files-found: error
+          retention-days: 10 
+      - name: submit metrics
+        run: pnpm benchmark:submit
+        env:
+          DEBUG: metrics
+          METRICS_SOURCE: autocannon
+          METRICS_URL: ${{ secrets.METRICS_URL }}
+          METRICS_TOKEN: ${{ secrets.METRICS_TOKEN }}
+          METRICS_BENCHMARK: ${{matrix.benchmark}}
+          METRICS_VERSION: ${{matrix.verdaccioVersion}}
+          METRICS_COMMIT_HASH: ${{ github.sha }}
+          METRICS_FILE_NAME: 'api-results'   
+  benchmark:
+    needs: prepare
+    strategy:
+      fail-fast: false
+      matrix:
+        benchmark:
+          - info
+          - tarball
+        verdaccioVersion:
+          # future 6.x (wip)
+          # - local (master branch)
+          # old versions to compare same test along previous releases
+          - 3.13.1
+          - 4.12.2
+          - 5.1.3
+          - 6.0.0-6-next.24
+    name: Benchmark hyperfine
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-node@v2
+        with:
+          node-version: 14.x
+      - uses: actions/download-artifact@v2
+        with:
+          name: verdaccio-artifact
+      - name: untar packages
+        run: tar -xzvf pkg.tar.gz -C ${{ github.workspace }}/packages          
+      - name: install pnpm
+        # require fixed version
+        run: sudo npm i pnpm@6.6.1 -g
+      - uses: actions/cache@v2
+        with:
+          path: ~/.pnpm-store
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}   
+      - name: install dependencies
+        run: pnpm install
+      - name: install hyperfine
+        run: |
+          wget https://github.com/sharkdp/hyperfine/releases/download/v1.11.0/hyperfine_1.11.0_amd64.deb
+          sudo dpkg -i hyperfine_1.11.0_amd64.deb
+      - name: start registry
+        run: ./scripts/benchmark-prepare.sh ${{matrix.verdaccioVersion}}
+      - name: benchmark        
+        run: ./scripts/benchmark-run.sh ${{matrix.benchmark}}
+        # https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#using-a-specific-shell
+        shell: bash
+      - name: rename
+        run: mv ./hyper-results.json ./hyper-results-${{matrix.verdaccioVersion}}-${{matrix.benchmark}}.json
+      - uses: actions/upload-artifact@v2
+        with:
+          name: verdaccio-metrics
+          path: ./hyper-results-${{matrix.verdaccioVersion}}-${{matrix.benchmark}}.json  
+          if-no-files-found: error
+          retention-days: 10 
+      - name: submit metrics
+        run: pnpm benchmark:submit
+        env:
+          DEBUG: metrics
+          METRICS_SOURCE: hyperfine
+          METRICS_URL: ${{ secrets.METRICS_URL }}
+          METRICS_TOKEN: ${{ secrets.METRICS_TOKEN }}
+          METRICS_BENCHMARK: ${{matrix.benchmark}}
+          METRICS_VERSION: ${{matrix.verdaccioVersion}}
+          METRICS_COMMIT_HASH: ${{ github.sha }}

.github/workflows/changesets.yml

@@ -0,0 +1,69 @@
+name: Changesets
+
+on:
+  schedule:
+    - cron: '0 0 * * *'
+
+  push:
+    branches:
+      - master
+
+env:
+  CI: true
+  PNPM_CACHE_FOLDER: .pnpm-store
+
+jobs:
+  # Update package versions from changesets.
+  version:
+    timeout-minutes: 14
+    runs-on: ubuntu-latest
+    if: github.ref == 'refs/heads/master' && github.repository == 'verdaccio/verdaccio'
+    steps:
+      - name: checkout code repository
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: setup node.js
+        uses: actions/setup-node@v2
+        with:
+          node-version: 14
+          registry-url: 'https://registry.npmjs.org'
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.REGISTRY_AUTH_TOKEN }}
+
+      - name: install pnpm
+        run: npm i pnpm@6.10.3 -g
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.REGISTRY_AUTH_TOKEN }}
+
+      - name: setup pnpm config
+        run: pnpm config set store-dir $PNPM_CACHE_FOLDER
+      - name: setup pnpm config registry
+        run: pnpm config set registry https://registry.npmjs.org
+
+      - name: install dependencies
+        run: pnpm install
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.REGISTRY_AUTH_TOKEN }}
+      - name: crowdin download
+        env:
+          CROWDIN_VERDACCIO_PROJECT_ID: ${{ secrets.CROWDIN_VERDACCIO_PROJECT_ID }}
+          CROWDIN_VERDACCIO_API_KEY: ${{ secrets.CROWDIN_VERDACCIO_API_KEY }}
+          CONTEXT: production
+        run: pnpm crowdin:download       
+      - name: build
+        run: pnpm build
+
+      - name: create versions
+        uses: verdaccio/changeset-action@master
+        with:
+          version: pnpm ci:version
+          commit: 'chore: update versions'
+          title: 'chore: update versions'
+          publish: pnpm ci:publish
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          NPM_TOKEN: ${{ secrets.REGISTRY_AUTH_TOKEN }}
+          NODE_AUTH_TOKEN: ${{ secrets.REGISTRY_AUTH_TOKEN }}
+          NPM_CONFIG_REGISTRY: https://registry.npmjs.org

.github/workflows/ci.yml

@@ -0,0 +1,262 @@
+name: CI
+
+on:
+  push:
+    branches:
+      - master
+      - 'changeset-release/master'
+  pull_request:
+    paths:
+      - .changeset/**
+      - .github/workflows/ci.yml
+      - 'packages/**'
+      - 'jest/**'
+      - 'package.json'
+      - 'pnpm-workspace.yaml'
+jobs:
+  prepare:
+    runs-on: ubuntu-latest
+    name: setup verdaccio
+    services:
+      verdaccio:
+        image: verdaccio/verdaccio:5
+        ports:
+          - 4873:4873
+    steps:
+    - uses: actions/checkout@v2.3.1
+    - name: Use Node 14
+      uses: actions/setup-node@v1
+      with:
+        node-version: 14 
+    - name: Install pnpm
+      run: npm i pnpm@6.10.3 -g
+    - name: set store
+      run: | 
+        mkdir ~/.pnpm-store
+        pnpm config set store-dir ~/.pnpm-store
+    - name: Install
+      run: pnpm recursive install --frozen-lockfile --registry http://localhost:4873
+    - name: Cache .pnpm-store
+      uses: actions/cache@v2
+      with:
+        path: ~/.pnpm-store
+        key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
+        restore-keys: |
+          pnpm-
+  lint:
+    runs-on: ubuntu-latest
+    name: Lint
+    needs: prepare
+    steps:
+      - uses: actions/checkout@v2.3.1
+      - name: Use Node 16
+        uses: actions/setup-node@v1
+        with:
+          node-version: 16
+      - name: Install pnpm
+        run: npm i pnpm@6.10.3 -g
+      - uses: actions/cache@v2
+        with:
+          path: ~/.pnpm-store
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}     
+      - name: Install
+        run: pnpm recursive install --frozen-lockfile --ignore-scripts
+      - name: Lint
+        run: pnpm lint
+  format:
+    runs-on: ubuntu-latest
+    name: Format
+    needs: prepare
+    steps:
+      - uses: actions/checkout@v2.3.1
+      - name: Use Node 16
+        uses: actions/setup-node@v1
+        with:
+          node-version: 16
+      - name: Install pnpm
+        run: npm i pnpm@6.10.3 -g
+      - uses: actions/cache@v2
+        with:
+          path: ~/.pnpm-store
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}     
+      - name: Install
+        run: pnpm recursive install --frozen-lockfile --ignore-scripts
+      - name: Lint
+        run: pnpm format:check
+
+  build:
+    runs-on: ubuntu-latest
+    name: build
+    needs: [format, lint]
+    steps:
+      - uses: actions/checkout@v2.3.1
+      - name: Use Node 16
+        uses: actions/setup-node@v1
+        with:
+          node-version: 16
+      - name: Install pnpm
+        run: npm i pnpm@6.10.3 -g
+      - uses: actions/cache@v2
+        with:
+          path: ~/.pnpm-store
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}     
+      - name: Install
+        run: pnpm recursive install --frozen-lockfile --ignore-scripts
+      - name: crowdin download
+        env:
+          CROWDIN_VERDACCIO_PROJECT_ID: ${{ secrets.CROWDIN_VERDACCIO_PROJECT_ID }}
+          CROWDIN_VERDACCIO_API_KEY: ${{ secrets.CROWDIN_VERDACCIO_API_KEY }}
+          CONTEXT: production
+        run: pnpm crowdin:download
+        ## this step is optional, translations are not mandatory for PR
+        ## secrets keys are not available on forks, the failure here is guaranteed
+        continue-on-error: true  
+      - name: build
+        run: pnpm build
+      - name: tar packages
+        run: |      
+          tar -czvf ${{ github.workspace }}/pkg.tar.gz -C ${{ github.workspace }}/packages .
+      - uses: actions/upload-artifact@v2
+        with:
+          name: verdaccio-artifact
+          path: pkg.tar.gz            
+  test:
+    needs: build
+    strategy:
+      fail-fast: true
+      matrix:
+        os: [ubuntu-latest]
+        ## Node 16 breaks UI test, jest issue
+        node_version: [14]
+    name: ${{ matrix.os }} / Node ${{ matrix.node_version }}
+    runs-on: ${{ matrix.os }}
+    steps:
+      - uses: actions/checkout@v2.3.1
+      - name: Use Node ${{ matrix.node_version }}
+        uses: actions/setup-node@v1
+        with:
+          node-version: ${{ matrix.node_version }}
+      - uses: actions/download-artifact@v2
+        with:
+          name: verdaccio-artifact
+      - name: untar packages
+        run: tar -xzvf pkg.tar.gz -C ${{ github.workspace }}/packages    
+      - name: Install pnpm
+        run: npm i pnpm@6.10.3 -g
+      - uses: actions/cache@v2
+        with:
+          path: ~/.pnpm-store
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}                                          
+      - name: Install
+        run: pnpm recursive install --frozen-lockfile --ignore-scripts 
+      - name: Test
+        run: pnpm test
+  ci-e2e-ui:
+    needs: build
+    runs-on: ubuntu-latest
+    name: UI Test E2E Node 14
+    steps:
+      - uses: actions/checkout@v2.3.1
+      - uses: actions/setup-node@v1
+        with:
+          node-version: 14
+      - uses: actions/download-artifact@v2
+        with:
+          name: verdaccio-artifact
+      - name: untar packages
+        run: tar -xzvf pkg.tar.gz -C ${{ github.workspace }}/packages    
+      - name: Install pnpm
+        run: npm i pnpm@6.10.3 -g
+      - uses: actions/cache@v2
+        with:
+          path: ~/.pnpm-store
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}                                          
+      - name: Install
+        ## we need scripts, pupetter downloads aditional content
+        run: pnpm recursive install --frozen-lockfile 
+      - name: Test UI
+        run: pnpm test:e2e:ui
+        # env:
+        #  DEBUG: verdaccio:e2e*       
+  ci-e2e-cli:
+    needs: build
+    runs-on: ubuntu-latest
+    name: CLI Test E2E Node 14
+    steps:
+      - uses: actions/checkout@v2.3.1
+      - uses: actions/setup-node@v1
+        with:
+          node-version: 14
+      - uses: actions/download-artifact@v2
+        with:
+          name: verdaccio-artifact
+      - name: untar packages
+        run: tar -xzvf pkg.tar.gz -C ${{ github.workspace }}/packages    
+      - name: Install pnpm
+        run: npm i pnpm@6.10.3 -g
+      - uses: actions/cache@v2
+        with:
+          path: ~/.pnpm-store
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}                                          
+      - name: Install
+        ## we need scripts, pupetter downloads aditional content
+        run: pnpm recursive install --frozen-lockfile
+      - name: Test CLI
+        run: pnpm test:e2e:cli
+        # env:
+        #   DEBUG: verdaccio* 
+  test-windows:
+    needs: [format, lint]
+    runs-on: windows-latest
+    name: windows test node 14
+    steps:
+      - uses: actions/checkout@v2.3.1
+      - name: Use Node 14
+        uses: actions/setup-node@v1
+        with:
+          node-version: 14
+      - name: Install pnpm
+        run: npm i pnpm@6.10.3 -g
+       # pnpm cache is not working for windows (we need a solution)
+      - uses: actions/cache@v2
+        with:
+          path: ~/.pnpm-store
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}                                            
+      - name: Install
+        run: pnpm recursive install --frozen-lockfile --ignore-scripts 
+      - name: build
+        run: pnpm build
+      - name: Test
+        run: pnpm test
+  sync-translations:
+    needs: [ci-e2e-cli, ci-e2e-ui, test-windows, test]
+    runs-on: ubuntu-latest
+    name: synchronize translations
+    if: (github.event_name == 'push' && github.ref == 'refs/heads/master') || github.event_name == 'workflow_dispatch'
+    steps:
+      - uses: actions/checkout@v2.3.1
+      - uses: actions/setup-node@v1
+        with:
+          node-version: 14
+      - uses: actions/download-artifact@v2
+        with:
+          name: verdaccio-artifact
+      - name: untar packages
+        run: tar -xzvf pkg.tar.gz -C ${{ github.workspace }}/packages    
+      - name: Install pnpm
+        run: npm i pnpm@6.10.3 -g
+      - uses: actions/cache@v2
+        with:
+          path: ~/.pnpm-store
+          key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}                                          
+      - name: Install
+        ## we need scripts, pupetter downloads aditional content
+        run: pnpm recursive install --frozen-lockfile
+      - name: generate website translations
+        run: pnpm write-translations --filter ...@verdaccio/website       
+      - name: sync
+        env:
+          CROWDIN_VERDACCIO_PROJECT_ID: ${{ secrets.CROWDIN_VERDACCIO_PROJECT_ID }}
+          CROWDIN_VERDACCIO_API_KEY: ${{ secrets.CROWDIN_VERDACCIO_API_KEY }}
+          CONTEXT: production
+        run: pnpm crowdin:sync              

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,52 @@
+name: 'Code scanning - action'
+
+on:
+  pull_request:
+    paths:
+      - .github/workflows/codeql-analysis.yml
+      - 'packages/**'
+  schedule:
+    - cron: '0 2 * * 4'
+
+jobs:
+  CodeQL-Build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2.3.1
+        with:
+          # We must fetch at least the immediate parents so that if this is
+          # a pull request then we can checkout the head.
+          fetch-depth: 2
+
+      # If this run was triggered by a pull request event, then checkout
+      # the head of the pull request instead of the merge commit.
+      - run: git checkout HEAD^2
+        if: ${{ github.event_name == 'pull_request' }}
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v1
+
+      # Override language selection by uncommenting this and choosing your languages
+      # with:
+      #   languages: go, javascript, csharp, python, cpp, java
+      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+      # If this step fails, then you should remove it and run the build manually (see below)
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v1
+
+      # ℹ️ Command-line programs to run using the OS shell.
+      # 📚 https://git.io/JvXDl
+
+      # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+      #    and modify them (or add more) to build your code if your project
+      #    uses a compiled language
+
+      #- run: |
+      #   make bootstrap
+      #   make release
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v1

.github/workflows/docker-publish.yml

@@ -0,0 +1,51 @@
+name: Docker publish to docker.io
+
+on:
+  push:
+    paths:
+      - .github/workflows/docker-publish.yml
+      - .github/workflows/docker-publish.yml
+      - 'packages/**'
+      - 'docker-bin/**'
+      - 'package.json'
+      - 'pnpm-*.yaml'
+      - 'Dockerfile'
+      - '.dockerignore'
+    branches:
+      - 'master'
+    tags:
+      - 'v*'
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: docker/setup-qemu-action@v1
+      - uses: docker/setup-buildx-action@v1
+        with:
+          driver-opts: network=host
+      - uses: docker/login-action@v1
+        name: Login Docker Hub
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      - name: Prepare docker image tags
+        id: docker_meta
+        uses: crazy-max/ghaction-docker-meta@v1
+        with:
+          images: ${{ github.repository }}
+          tag-custom: nightly-master
+          tag-custom-only: ${{ github.ref == 'refs/heads/master' }}
+          tag-semver: |
+            {{version}}
+            {{major}}
+            {{major}}.{{minor}}
+      - name: Build & Push
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./Dockerfile
+          platforms: linux/amd64
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.docker_meta.outputs.tags }}
+          labels: ${{ steps.docker_meta.outputs.labels }}

.github/workflows/website.yml

@@ -0,0 +1,148 @@
+name: Verdaccio Website CI
+
+on:
+  workflow_dispatch:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+    paths:
+      - 'website/**'
+      - 'package.json'
+      - './.github/workflows/website.yml'
+  push:
+    branches:
+      - 'master'
+    paths:
+      - 'website/**'
+      - 'package.json'
+      - './.github/workflows/website.yml'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    env:
+      NODE_OPTIONS: --max_old_space_size=4096
+    steps:
+      - uses: actions/checkout@v2.3.1
+
+      - name: Use Node 14
+        uses: actions/setup-node@v2
+        with:
+          node-version: 14
+
+      - name: Cache pnpm modules
+        uses: actions/cache@v2
+        env:
+          cache-name: cache-pnpm-modules
+        with:
+          path: ~/.pnpm-store
+          key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ matrix.node-version }}-${{ hashFiles('**/pnpm-lock.yaml') }}
+          restore-keys: |
+            ${{ runner.os }}-build-${{ env.cache-name }}-${{ matrix.node-version }}-
+
+      - uses: pnpm/action-setup@v2.0.1
+        with:
+          version: 6.10.2
+          run_install: |
+            - recursive: true
+              args: [--frozen-lockfile]
+
+      - name: Lint And Pretty
+        run: |
+          pnpm eslint:check --filter ...@verdaccio/website
+          pnpm prettier:check --filter ...@verdaccio/website
+
+      - name: Cache Docusaurus Build
+        uses: actions/cache@v2
+        with:
+          path: website/node_modules/.cache/webpack
+          key: cache/webpack-${{github.ref}}-${{ hashFiles('**/pnpm-lock.yaml') }}
+          restore-keys: cache/webpack-${{github.ref}}
+
+      # Will deploy to production on:
+        # 1st: When a push occurs on master branch
+        # 2nd: When we force the worflow dispatch through the UI
+      - name: Build Production
+        if: (github.event_name == 'push' && github.ref == 'refs/heads/master') || github.event_name == 'workflow_dispatch'
+        env:
+          CROWDIN_VERDACCIO_PROJECT_ID: ${{ secrets.CROWDIN_VERDACCIO_PROJECT_ID }}
+          CROWDIN_VERDACCIO_API_KEY: ${{ secrets.CROWDIN_VERDACCIO_API_KEY }}
+          CONTEXT: production
+        run: pnpm netlify:build:production --filter ...@verdaccio/website
+
+      - name: 🔥 Deploy Production Netlify
+        if: (github.event_name == 'push' && github.ref == 'refs/heads/master') || github.event_name == 'workflow_dispatch'
+        uses: semoal/action-netlify-deploy@master
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          netlify-auth-token: ${{ secrets.NETLIFY_AUTH_TOKEN }}
+          netlify-site-id: ${{ secrets.NETLIFY_SITE_ID }}
+          build-dir: './website/build'
+
+      # Will deploy to Preview URL, only when a pull request is open with changes on the website
+      - name: Build Deployment Preview
+        if: github.event_name == 'pull_request' && github.ref != 'refs/heads/master' && github.event.label.name == 'trigger-preview'
+        env:
+          CONTEXT: deploy-preview
+        run: pnpm netlify:build:deployPreview --filter ...@verdaccio/website
+
+      - name: 🤖 Deploy Preview Netlify
+        if: github.event_name == 'pull_request' && github.ref != 'refs/heads/master' && github.event.label.name == 'trigger-preview'
+        uses: semoal/action-netlify-deploy@master
+        id: netlify_preview
+        with:
+          draft: true
+          comment-on-pull-request: true
+          github-deployment-is-production: false
+          github-deployment-is-transient: true
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          netlify-auth-token: ${{ secrets.NETLIFY_AUTH_TOKEN }}
+          netlify-site-id: ${{ secrets.NETLIFY_SITE_ID }}
+          build-dir: './website/build'
+
+      - name: Audit preview URL with Lighthouse
+        if: github.event_name == 'pull_request' && github.ref != 'refs/heads/master' && github.event.label.name == 'trigger-preview'
+        id: lighthouse_audit
+        uses: treosh/lighthouse-ci-action@v3
+        with:
+          urls: |
+            ${{ steps.netlify_preview.outputs.preview-url }}
+          uploadArtifacts: true
+          temporaryPublicStorage: true
+
+      - name: Format lighthouse score
+        if: github.event_name == 'pull_request' && github.ref != 'refs/heads/master' && github.event.label.name == 'trigger-preview'
+        id: format_lighthouse_score
+        uses: actions/github-script@v3
+        with:
+          github-token: ${{secrets.GITHUB_TOKEN}}
+          script: |
+            const result = ${{ steps.lighthouse_audit.outputs.manifest }}[0].summary
+            const links = ${{ steps.lighthouse_audit.outputs.links }}
+            const formatResult = (res) => Math.round((res * 100))
+            Object.keys(result).forEach(key => result[key] = formatResult(result[key]))
+            const score = res => res >= 90 ? '🟢' : res >= 50 ? '🟠' : '🔴'
+            const comment = [
+                `⚡️ [Lighthouse report](${Object.values(links)[0]}) for the changes in this PR:`,
+                '| Category | Score |',
+                '| --- | --- |',
+                `| ${score(result.performance)} Performance | ${result.performance} |`,
+                `| ${score(result.accessibility)} Accessibility | ${result.accessibility} |`,
+                `| ${score(result['best-practices'])} Best practices | ${result['best-practices']} |`,
+                `| ${score(result.seo)} SEO | ${result.seo} |`,
+                ' ',
+                `*Lighthouse ran on [${Object.keys(links)[0]}](${Object.keys(links)[0]})*`
+            ].join('\n')
+             core.setOutput("comment", comment);
+
+      - name: Add comment to PR
+        if: github.event_name == 'pull_request' && github.ref != 'refs/heads/master' && github.event.label.name == 'trigger-preview'
+        id: comment_to_pr
+        uses: marocchino/sticky-pull-request-comment@v1
+        with:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          number: ${{ github.event.issue.number }}
+          header: lighthouse
+          message: |
+            ${{ steps.format_lighthouse_score.outputs.comment }}

.gitignore

@@ -1,39 +1,52 @@
-npm-debug.log
+*.log*
 verdaccio-*.tgz
 .DS_Store
 build/
+dist/
+.eslintcache
+node_modules
 
-### Test
-
-test/unit/partials/store/test-*-storage/*
-test/unit/partials/store/*-storage/*
-test/unit/partials/store/storage_default_storage/*
+### database
 .verdaccio-db.json
 .sinopia-db.json
 
-###
-!bin/verdaccio
+### test
 test-storage*
-access-storage*
 .verdaccio_test_env
-node_modules
-package-lock.json
-npm_test-fails-add-tarball*
-yarn-error.log
 
+# docker examples
+docker-examples/v5/reverse_proxy/nginx/relative_path/storage/*
+docker-examples/v5/**/storage/*
 
-# Istanbul
+# jest
+reports/
 coverage/
-.nyc*
 
+## IDE
 .idea/
 
-
-# React
-bundle.js
-bundle.js.map
-__tests__
-
 # Compiled script
-static/*
+packages/partials
+tsconfig.tsbuildinfo
 
+## bundle files
+packages/standalone/dist/
+
+## ui
+packages/plugins/ui-theme/static
+/packages/plugins/ui-theme/src/i18n/download_translations/
+!/packages/plugins/ui-theme/src/i18n/crowdin/ui.json
+
+
+# CI Pnpm cache
+.pnpm-store/
+
+# benchmark
+api-results.json
+hyper-results.json
+hyper-results*.json
+api-results*.json
+
+#docs 
+./api
+packages/core/core/docs

.husky/pre-commit

@@ -0,0 +1,5 @@
+#!/bin/sh
+. "$(dirname "$0")/_/husky.sh"
+
+#./node_modules/.bin/lint-staged
+npm run husky:pre-commit

.netlify/netlify-plugin-pnpm/index.js

@@ -0,0 +1,10 @@
+module.exports = {
+  onPreBuild: async ({ utils: { build, run } }) => {
+    try {
+      await run.command("npm install -g pnpm")
+      await run.command("pnpm install --ignore-scripts --frozen-lockfile")
+    } catch (error) {
+      return build.failBuild(error)
+    }
+  }
+}

.netlify/netlify-plugin-pnpm/manifest.yml

@@ -0,0 +1,2 @@
+name: netlify-plugin-pnpm
+inputs: []

.npmignore

@@ -1,4 +1,3 @@
-
 ## npm
 npm-debug.log
 yarn-error.log
@@ -13,8 +12,8 @@ src/
 .vscode/
 .circleci/
 debug/
-
-
+docker-examples/
+reports/
 ## assets and website
 assets/
 
@@ -23,7 +22,6 @@ docs/
 wiki/
 
 ## flow
-flow-typed/
 types/
 
 # jest

.npmrc

@@ -0,0 +1,5 @@
+always-auth = true
+recursive-install = true
+registry = https://registry.verdaccio.org
+loglevel=info
+fetch-retries="10"

.nvmrc

@@ -0,0 +1 @@
+16

.prettierignore

@@ -0,0 +1,33 @@
+.cache/
+**/corrupted-package/package.json
+**/corrupted.json
+**/invalid.js
+**/invalid.json
+**/pnpm-lock.yaml
+**/verdaccio-corrupted.db.json
+**/wrong.package.json
+crowdin.yaml
+/docs/website
+/website/*
+/website/translated_docs/
+CHANGELOG.md
+CONTRIBUTORS.md
+node_modules/
+**/coverage/**
+**/static/*.js
+**/build/*.js
+packages/core/local-storage/_storage/**
+packages/partials/storage_default_storage/
+packages/standalone/dist/bundle.js
+docker-examples/v5/reverse_proxy/nginx/relative_path/storage/*
+docker-examples/
+build/
+.vscode/
+.github/
+.netlify/
+packages/**/docs/**
+packages/mock/mock-store/**
+api/**
+packages/core/local-storage/tests/__fixtures__/test-storage/
+packages/plugins/ui-theme/static/
+.verdaccio-db.json

.prettierrc

@@ -1,12 +1,11 @@
 {
+  "endOfLine": "lf",
   "useTabs": false,
-  "printWidth": 160,
+  "printWidth": 100,
   "tabWidth": 2,
   "singleQuote": true,
-  "requirePragma": true,
   "bracketSpacing": true,
   "jsxBracketSameLine": true,
   "trailingComma": "es5",
-  "semi": true,
-  "parser": "typescript"
+  "semi": true
 }

.project

@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>verdaccio-dev</name>
+	<comment></comment>
+	<projects>
+	</projects>
+	<buildSpec>
+	</buildSpec>
+	<natures>
+	</natures>
+	<filteredResources>
+		<filter>
+			<id>1630305579538</id>
+			<name></name>
+			<type>26</type>
+			<matcher>
+				<id>org.eclipse.ui.ide.multiFilter</id>
+				<arguments>1.0-name-matches-true-false-node_modules</arguments>
+			</matcher>
+		</filter>
+	</filteredResources>
+</projectDescription>

.vscode/launch.json

@@ -1,79 +1,91 @@
 {
-	// Use IntelliSense to learn about possible Node.js debug attributes.
-	// Hover to view descriptions of existing attributes.
-	// For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
-	"version": "0.2.0",
-	"configurations": [
-		{
-			"type": "node",
-			"request": "launch",
-			"name": "CLI Babel Registry",
-			"stopOnEntry": false,
-			"program": "${workspaceFolder}/debug/bootstrap.js",
-			"args": ["-l", "0.0.0.0:4873"],
-			"env": {
-				"BABEL_ENV": "registry"
-			},
-			"preLaunchTask": "npm: build:webui",
-			"console": "integratedTerminal"
-		},
-		{
-			"name": "Unit Tests",
-			"type": "node",
-			"request": "launch",
-			"program": "${workspaceRoot}/node_modules/jest-cli/bin/jest.js",
-			"stopOnEntry": false,
-			"args": [
-				"--debug=true" ],
-			"cwd": "${workspaceRoot}",
-			"preLaunchTask": "pre-test",
-			"runtimeExecutable": null,
-			"runtimeArgs": [
-				"--nolazy"
-			],
-			"env": {
-				"NODE_ENV": "test",
-				"TZ": "UTC"
-			},
-			"console": "integratedTerminal"
-		},
-		{
-			"name": "Functional Tests",
-			"type": "node",
-			"request": "launch",
-			"program": "${workspaceRoot}/node_modules/.bin/jest",
-			"stopOnEntry": false,
-			"args": [
-				"--config",
-				"./test/jest.config.functional.js",
-				"--testPathPattern",
-				"./test/functional/index*",
-				"--debug=false",
-				"--verbose",
-				"--useStderr",
-				"--detectOpenHandles"],
-			"cwd": "${workspaceRoot}",
-			"env": {
-				"BABEL_ENV": "testOldEnv",
-				"VERDACCIO_DEBUG": "true",
-				"VERDACCIO_DEBUG_INJECT": "true",
-				"NODE_DEBUG": "TO_DEBUG_REQUEST_REMOVE_THIS_request"
-			},
-			"preLaunchTask": "pre-test",
-			"console": "integratedTerminal",
-			"runtimeExecutable": null,
-			"runtimeArgs": [
-				"--nolazy"
-			],
-		},
-		{
-			"type": "node",
-			"request": "launch",
-			"name": "Verdaccio Compiled",
-			"preLaunchTask": "npm: code:build",
-			"program": "${workspaceRoot}/bin/verdaccio",
-			"args": ["-l", "0.0.0.0:4873"],
-			"console": "integratedTerminal"
-		}
-	]
+  // Use IntelliSense to learn about possible Node.js debug attributes.
+  // Hover to view descriptions of existing attributes.
+  // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
+  "version": "0.2.0",
+  "configurations": [
+
+  {
+    "name": "Attach",
+    "port": 9229,
+    "request": "attach",
+    "skipFiles": [
+      "<node_internals>/**"
+    ],
+    "type": "pwa-node"
+  },
+    {
+      "name": "Verdaccio Debug",
+      "port": 9229,
+      "request": "attach",
+      "skipFiles": ["<node_internals>/**"],
+      "type": "pwa-node"
+    },
+    {
+      "type": "node",
+      "request": "launch",
+      "name": "CLI Babel Registry",
+      "stopOnEntry": false,
+      "program": "${workspaceFolder}/debug/bootstrap.js",
+      "args": ["-l", "0.0.0.0:4873"],
+      "env": {
+        "BABEL_ENV": "registry"
+      },
+      "preLaunchTask": "npm: build:webui",
+      "console": "integratedTerminal"
+    },
+    {
+      "name": "Unit Tests",
+      "type": "node",
+      "request": "launch",
+      "program": "${workspaceRoot}/node_modules/bin/jest",
+      "stopOnEntry": false,
+      "args": ["--debug=true"],
+      "cwd": "${workspaceRoot}",
+      "runtimeExecutable": null,
+      "runtimeArgs": ["--nolazy"],
+      "env": {
+        "NODE_ENV": "test",
+        "TZ": "UTC"
+      },
+      "console": "integratedTerminal"
+    },
+    {
+      "name": "Functional Tests",
+      "type": "node",
+      "request": "launch",
+      "program": "${workspaceRoot}/node_modules/.bin/jest",
+      "stopOnEntry": false,
+      "args": [
+        "--config",
+        "./test/jest.config.functional.js",
+        "--testPathPattern",
+        "./test/functional/index*",
+        "--debug=false",
+        "--verbose",
+        "--useStderr",
+        "--detectOpenHandles"
+      ],
+      "cwd": "${workspaceRoot}",
+      "env": {
+        "BABEL_ENV": "testOldEnv",
+        "VERDACCIO_DEBUG": "true",
+        "VERDACCIO_DEBUG_INJECT": "true",
+        "NODE_DEBUG": "TO_DEBUG_REQUEST_REMOVE_THIS_request"
+      },
+      "preLaunchTask": "pre-test",
+      "console": "integratedTerminal",
+      "runtimeExecutable": null,
+      "runtimeArgs": ["--nolazy"]
+    },
+    {
+      "type": "node",
+      "request": "launch",
+      "name": "Verdaccio Compiled",
+      "preLaunchTask": "npm: code:build",
+      "program": "${workspaceRoot}/bin/verdaccio",
+      "args": ["-l", "0.0.0.0:4873"],
+      "console": "integratedTerminal"
+    }
+  ]
 }

.vscode/settings.json

@@ -1,9 +1,12 @@
 // Place your settings in this file to overwrite default and user settings.
 {
-	"files.exclude": {
-		"**/.idea": false,
-		"**/.nyc_output": true,
-		"**/build": true,
-		"**/coverage": true
-	}
-}
+  "files.exclude": {
+    "**/.nyc_output": true,
+    "**/build": false,
+    "**/coverage": true,
+    ".idea": true,
+    "storage_default_storage": true,
+    ".yarn": true
+  },
+  "typescript.tsdk": "node_modules/typescript/lib"
+}

.vscode/tasks.json

@@ -1,24 +1,21 @@
 {
-	// See https://go.microsoft.com/fwlink/?LinkId=733558
-	// for the documentation about the tasks.json format
-	"version": "2.0.0",
-	"tasks": [
-		{
-			"type": "npm",
-			"script": "build:webui",
-			"problemMatcher": []
-		},
-		{
-			"type": "npm",
-			"script": "code:build",
-			"problemMatcher": []
-		},
-		{
-			"label": "pre-test",
-			"dependsOn": [
-					"npm: code:build",
-					"npm: test:clean"
-			]
-	}
-	]
-}
+  // See https://go.microsoft.com/fwlink/?LinkId=733558
+  // for the documentation about the tasks.json format
+  "version": "2.0.0",
+  "tasks": [
+    {
+      "type": "npm",
+      "script": "build:webui",
+      "problemMatcher": []
+    },
+    {
+      "type": "npm",
+      "script": "code:build",
+      "problemMatcher": []
+    },
+    {
+      "label": "pre-test",
+      "dependsOn": ["npm: code:build", "npm: test:clean"]
+    }
+  ]
+}

.yarnrc

@@ -1,2 +0,0 @@
-save-prefix ""
-registry "http://registry.npmjs.org/"

CODE_OF_CONDUCT.md

@@ -8,19 +8,19 @@ In the interest of fostering an open and welcoming environment, we as contributo
 
 Examples of behavior that contributes to creating a positive environment include:
 
-* Using welcoming and inclusive language
-* Being respectful of differing viewpoints and experiences
-* Gracefully accepting constructive criticism
-* Focusing on what is best for the community
-* Showing empathy towards other community members
+- Using welcoming and inclusive language
+- Being respectful of differing viewpoints and experiences
+- Gracefully accepting constructive criticism
+- Focusing on what is best for the community
+- Showing empathy towards other community members
 
 Examples of unacceptable behavior by participants include:
 
-* The use of sexualized language or imagery and unwelcome sexual attention or advances
-* Trolling, insulting/derogatory comments, and personal or political attacks
-* Public or private harassment
-* Publishing others' private information, such as a physical or electronic address, without explicit permission
-* Other conduct which could reasonably be considered inappropriate in a professional setting
+- The use of sexualized language or imagery and unwelcome sexual attention or advances
+- Trolling, insulting/derogatory comments, and personal or political attacks
+- Public or private harassment
+- Publishing others' private information, such as a physical or electronic address, without explicit permission
+- Other conduct which could reasonably be considered inappropriate in a professional setting
 
 ## Our Responsibilities
 

CONTRIBUTING.md

@@ -1,96 +1,239 @@
-# Contributing to Verdaccio
+# Contributing
 
-We are happy that you wish to contribute to this project. For that reason, we
-present you with this guide.
+> Any change matters, whatever the size, just do it.
 
-Additional information is available on the
-[wiki](https://github.com/verdaccio/verdaccio/wiki).
+We're happy that you're considering contributing! To help, we've prepared these
+guidelines for you:
 
-## Contents
+**Table of Contents**
 
-- [Contents](#contents)
-- [How Do I Contribute?](#how-do-i-contribute)
-- [Development](#development)
-- [Reporting Bugs](#reporting-bugs)
+- [Contributing](#contributing)
+  - [How Do I Contribute?](#how-do-i-contribute)
+  - [Development Setup](#development-setup)
+    - [Building the project](#building-the-project)
+    - [Running test](#running-test)
+    - [Running and debugging](#running-and-debugging)
+    - [Debugging compiled code](#debugging-compiled-code)
+  - [Reporting Bugs](#reporting-bugs)
+    - [Read the documentation](#read-the-documentation)
+    - [What's is not considered a bug?](#whats-is-not-considered-a-bug)
     - [Issue Search](#issue-search)
-    - [Check Website For Solution](#check-website-for-solution)
     - [Chat](#chat)
-    - [Check If It's Been Fixed](#check-if-its-been-fixed)
-- [Request Features](#request-features)
+  - [Translations](#translations)
+  - [Request Features](#request-features)
+  - [Contributing Guidelines](#contributing-guidelines)
     - [Submitting a Pull Request](#submitting-a-pull-request)
     - [Make Changes and Commit](#make-changes-and-commit)
-- [Update Tests](#update-tests)
-- [Develop Plugins](#develop-plugins)
+      - [Caveats](#caveats)
+      - [Before Commit](#before-commit)
+      - [Commit Guidelines](#commit-guidelines)
+    - [Adding a changeset](#adding-a-changeset)
+    - [Update Tests](#update-tests)
+  - [Develop Plugins](#develop-plugins)
 
 ## How Do I Contribute?
 
-There are different ways to contribute, each with a different level
-of involvement and technical knowledge required, such as:
+There are many ways to contribute:
 
-* [Reporting Bugs](#reporting-bugs)
-* [Request Features](#request-features)
-* [Develop Plugins](#develop-plugins)
-* [Improve Documentation](http://www.verdaccio.org/docs/en/installation.html)
+- Report a bug
+- Request a feature you think would be great for Verdaccio
+- Fix bugs
+- Test and triage bugs reported by others
+- Work on requested/approved features
+- Improve the codebase (linting, naming, comments, test descriptions, etc...)
 
-**Please read this document carefully. It will help maintainers and readers
-in solving your issue(s), evaluating your feature request, etc.**
+The Verdaccio project is split into several areas:
 
-## Development
+- **Core**: The [core](https://github.com/verdaccio/verdaccio) is the main repository, built with **Node.js**.
+- **Website**: we use [**Docusaurus**](https://docusaurus.io/) for the **website** and if you are familiar with this technology, you might become the official webmaster.
+- **User Interface**: The [user Interface](https://github.com/verdaccio/ui) is based in **react** and **material-ui** and looking for front-end contributors.
+- **Kubernetes and Helm**: Ts the official repository for the [**Helm chart**](https://github.com/verdaccio/charts).
 
-Development guides can be found on the [wiki](https://github.com/verdaccio/verdaccio/wiki):
+> There are other areas to contribute, like documentation, translation which are
+> not hosted on this repo but check the last section of this notes for further
+> information.
 
-* [Building the project](https://github.com/verdaccio/verdaccio/wiki/Build-Source-Code)
-* [Running, debugging, and testing](https://github.com/verdaccio/verdaccio/wiki/Running-and-Debugging-tests)
+## Development Setup
+
+Verdaccio uses [pnpm](https://pnpm.io) as the package manager for development in this repository.
+
+If you are using pnpm for the first time the [pnpm configuration documentation](https://pnpm.io/configuring) may be useful to avoid any potential problems with the following steps.
+
+**Note**: pnpm uses npm's configuration formats so check that your global `.npmrc` file does not inadvertently disable package locks. In other words, your `.npmrc` file **should not** contain
+
+```
+package-lock=false
+```
+
+This setting would cause the `pnpm install` command to install incorrect versions of package dependencies and the subsequent `pnpm build` step would likely fail.
+
+To begin your development setup, please install the latest version of pnpm globally:
+
+```
+npm i -g pnpm
+```
+
+With pnpm installed, the first step is installing all dependencies:
+
+```
+pnpm install
+```
+
+### Building the project
+
+To build the project run
+
+```
+pnpm build
+```
+
+### Running test
+
+```
+pnpm test
+```
+
+Verdaccio is a mono repository. To run the tests for for a specific package:
+
+```
+cd packages/store
+pnpm test
+```
+
+or an specific test in that package:
+
+```
+pnpm test test/merge.dist.tags.spec.ts
+```
+
+or a single test unit:
+
+```
+pnpm test test/merge.dist.tags.spec.ts -- -t 'simple'
+```
+
+Coverage reporting is enabled by default, but you can turn it off to speed up
+test runs:
+
+```
+pnpm test test/merge.dist.tags.spec.ts -- -t 'simple' --coverage=false
+```
+
+You can enable increased [`debug`](https://www.npmjs.com/package/debug) output:
+
+```
+DEBUG=verdaccio:* pnpm test
+```
+
+More details in the debug section
+
+### Running and debugging
+
+We use [`debug`](https://www.npmjs.com/package/debug) to add helpful debugging
+output to the code. Each package has it owns namespace.
+
+#### Debugging compiled code
+
+Currently you can only run pre-compiled packages in debug mode. To enable debug
+while running add the `verdaccio` namespace using the `DEBUG` environment
+variable, like this:
+
+```
+DEBUG=verdaccio:* node packages/verdaccio/debug/bootstrap.js
+```
+
+You can filter this output to just the packages you're interested in using
+namespaces:
+
+```
+DEBUG=verdaccio:plugin:* node packages/verdaccio/debug/bootstrap.js
+```
+
+The debug code is intended to analyze what is happening under the hood and none
+of the output is sent to the logger module.
 
 ## Reporting Bugs
 
-We welcome clear, detailed bug reports.
-
 **Bugs are considered features that are not working as described in
 documentation.**
 
-If you've found a bug in Verdaccio **that isn't a security risk**, please file 
+If you've found a bug in Verdaccio **that isn't a security risk**, please file
 a report in our [issue tracker](https://github.com/verdaccio/verdaccio/issues).
 
-**NOTE: Verdaccio still does not support all npm commands. Some were not
-considered important and others have not been requested yet.**
+> **NOTE: Verdaccio still does not support all npm commands. Some were not
+> considered important and others have not been requested yet.**
+
+### What's is not considered a bug?
+
+- _Third party integrations_: proxies integrations, external plugins
+- _Package managers_: If a package manager does not support a specific command
+  or cannot be reproduced with another package manager
+- _Features clearly flagged as not supported_
+- _Node.js issues installation in any platform_: If you cannot install the
+  global package (this is considered external issue)
+- Any ticket which has beed flagged as an [external issue
+  ](https://github.com/verdaccio/verdaccio/labels/external-issue)
+
+If you intend to report a **security** issue, please follow our [Security policy
+guidelines](https://github.com/verdaccio/verdaccio/security/policy).
 
 ### Issue Search
 
-Search to see if it has already been reported via
-the issue search.
+Before reporting a bug please:
 
-Additionally, we have labelled questions for easy follow-up as [questions](https://github.com/verdaccio/verdaccio/labels/question).
+- Search for existing issues to see if it has already been reported
+- Look for the **question** label: we have labelled questions for easy follow-up
+  as [questions](https://github.com/verdaccio/verdaccio/labels/question)
 
-If so, up-vote it (using GitHub reactions) or add additional helpful details to
-the existing issue to show that it's affecting multiple people.
- 
-### Check Website For Solution
-
-Some of the most popular topics can be found in our website(http://www.verdaccio.org/docs/en/installation.html)
+In case any of those match with your search, up-vote it (using GitHub reactions)
+or add additional helpful details to the existing issue to show that it's
+affecting multiple people.
 
 ### Chat
 
-Questions can be asked via [Discord](http://chat.verdaccio.org/)
+Questions can be asked via [Discord](https://discord.gg/7qWJxBf)
 
-**Please use the `#questions#` and `#development` channels.**
+**Please use the `#help` channel.**
 
-### Check If It's Been Fixed
+## Translations
 
-Check if the issue has been fixed — try to reproduce it using the latest
-`master` or development branch in the repository.
+All translations are provided by the `crowdin` platform:
+[https://translate.verdaccio.org/](https://translate.verdaccio.org/)
+
+If you want to contribute by adding translations, create an account (GitHub could be used as fast alternative), in the platform you can contribute to two areas, the website or improve User Interface translations.
+
+If a language is not listed, ask for it in the [Discord](https://discord.gg/7qWJxBf) channel #contribute channel.
+
+For adding a new **language** on the UI follow these steps:
+
+1. Ensure the **language** has been enabled, must be visible in the `crowdin` platform.
+2. Find in the explorer the file `en.US.json` in the path `packages/plugins/ui-theme/src/i18n/crowdin/ui.json` and complete the translations, **not need to find approval on this**.
+3. Into the project, add a new field into `packages/plugins/ui-theme/src/i18n/crowdin/ui.json` file, in the section `lng`, the new language, eg: `{ lng: {korean:"Korean"}}`. (This file is English based, once the PR has been merged, this string will be available in crowdin for translate to the targeted language).
+4. Add the language, [flag icon](https://www.npmjs.com/package/country-flag-icons), and the menu key fort he new language eg: `menuKey: 'lng.korean'` to the file `packages/plugins/ui-theme/src/i18n/enabledLanguages.ts`.
+5. For local testing, read `packages/plugins/ui-theme/src/i18n/ABOUT_TRANSLATIONS.md`.
+6. Add a `changeset` file, see more info below.
 
 ## Request Features
 
 New feature requests are welcome. Analyse whether the idea fits within scope of
-the project. Then, detail your request, ensuring context and use case is provided.
+the project. Adding in context and the use-case will really help!
 
 **Please provide:**
 
-* A detailed description the advantages of your request
-* Whether or not it's compatible with `npm` and `yarn`
-* A potential implementation or design
-* Whatever else you have in your mind 🤓
+- A detailed description the advantages of your request
+- Whether or not it's compatible with `npm`, `pnpm` and [_yarn classic_
+  ](https://github.com/yarnpkg/yarn) or [_yarn berry_
+  ](https://github.com/yarnpkg/berry).
+- A potential implementation or design
+- Whatever else is on your mind! 🤓
+
+## Contributing Guidelines
+
+It's very exciting to become a Verdaccio contributor 🙌🏼. To ensure a fast code
+review and merge, please follow the next guidelines:
+
+> Any contribution gives you the right to be part of this organization as
+> _collaborator_.
 
 ### Submitting a Pull Request
 
@@ -114,32 +257,38 @@ information on [rebasing](https://git-scm.com/book/en/v2/Git-Branching-Rebasing)
 
 ### Make Changes and Commit
 
+#### Caveats
+
+Feel free to commit as much times you want in your branch, but keep on mind on
+this repository we `git squash` on merge by default, as we like to maintain a
+clean git history.
+
 #### Before Commit
 
 Before committing, **you must ensure there are no linting errors and
-all tests pass.**
-
-To do this, run all tests (including e2e):
+all tests pass.** To do this, run these commands before create the PR:
 
 ```bash
-yarn test:all
+pnpm lint
+pnpm format
+pnpm build
+pnpm test
 ```
 
-Then, and only then, you can create your pull request.
+> note: eslint and formatting are run separately, keep code formatting
+> before push.
+
+All good? Perfect! You should create the pull request.
 
 #### Commit Guidelines
 
-We follow the [conventional commit messages](https://conventionalcommits.org/)
-convention in order to automate CHANGELOG generation and to automate
-semantic versioning.
-
 For example:
 
-* `feat: A new feature`
-* `fix: A bug fix`
+- `feat: A new feature`
+- `fix: A bug fix`
 
-A commit of the type feat introduces a new feature to the codebase
-(this correlates with MINOR in semantic versioning).
+A commit of the type feat introduces a new feature to the codebase (this
+correlates with MINOR in semantic versioning).
 
 e.g.:
 
@@ -147,39 +296,105 @@ e.g.:
 feat: xxxxxxxxxx
 ```
 
-A commit of the type fix patches a bug in your codebase (this correlates with PATCH in semantic versioning).
+A commit of the type fix patches a bug in your codebase (this correlates with
+PATCH in semantic versioning).
 
 e.g.:
 
 ```
-fix: xxxxxxxxxx
+fix: xxxxxxxxxxx
 ```
 
-Commits types such as as `docs:`,`style:`,`refactor:`,`perf:`,`test:`
-and `chore:` are valid but have no effect on versioning. **It would be great
-if you use them.**
+Commits types such as as `docs:`,`style:`,`refactor:`,`perf:`,`test:` and
+`chore:` are valid but have no effect on versioning: **please use them!**
 
-Use `npm run commitmsg` to check your commit message format.
+All commits message are going to be validated when they are created using
+_husky_ hooks.
+
+> Please try to provide one single commit to help a clean and easy merge process
+
+### Adding a changeset
+
+We use [changesets](https://github.com/atlassian/changesets) in order to
+generate a detailed Changelog as possible.
+
+Adding a changeset with your Pull Request is essential if you want your
+contribution to get merged (unless is a change that does not affect library
+functionality, eg: typo, docs, readme, add additional test or linting code). To
+create a changeset please run:
+
+```
+pnpm changeset
+```
+
+Then select the packages you want to include in your changeset navigating
+through them and press the spacebar to check it, on finish press enter to move
+to the next step.
+
+```
+🦋  Which packages would you like to include? …
+✔ changed packages
+ changed packages
+  ✔ @verdaccio/api
+  ✔ @verdaccio/auth
+  ✔ @verdaccio/cli
+  ✔ @verdaccio/config
+  ✔ @verdaccio/commons-api
+```
+
+The next question would be if you want a _major bump_. This is not the usual
+scenario, most likely you want a patch, and in that case press enter 2 times
+(to skip minor)
+
+```
+🦋  Which packages should have a major bump? …
+✔ all packages
+  ✔ @verdaccio/config@5.0.0-alpha.0
+```
+
+Once you have the desired bump you need, the CLI will ask for a summary. Here
+you have full freedom on what to include:
+
+```
+🦋  Which packages would you like to include? · @verdaccio/config
+🦋  Which packages should have a major bump? · No items were selected
+🦋  Which packages should have a minor bump? · No items were selected
+🦋  The following packages will be patch bumped:
+🦋  @verdaccio/config@5.0.0-alpha.0
+🦋  Please enter a summary for this change (this will be in the changelogs). Submit empty line to open external editor
+🦋  Summary ›
+```
+
+The last step is to confirm your changeset or abort the operation:
+
+```
+🦋  Is this your desired changeset? (Y/n) · true
+🦋  Changeset added! - you can now commit it
+🦋
+🦋  If you want to modify or expand on the changeset summary, you can find it here
+🦋  info /Users/user/verdaccio.clone/.changeset/light-scissors-smell.md
+```
+
+Once the changeset is added (all will have an unique name) you can freely edit
+using markdown, adding additional information, code snippets or whatever else
+you consider to be relevant.
+
+All that information will be part of the **changelog**. Be concise but
+informative! It's recommended to add your nickname and GitHub link to your
+profile.
 
 **PRs that do not follow the commit message guidelines will not be merged.**
 
-## Update Tests
+### Update Tests
 
 **Any change in source code must include test updates**.
 
-If you need help with how testing works, please [refer to the following guide](https://github.com/verdaccio/verdaccio/wiki/Running-and-Debugging-tests).
+If you need help with how testing works, please [refer to the following guide
+](https://github.com/verdaccio/verdaccio/wiki/Running-and-Debugging-tests).
 
 **If you are introducing new features, you MUST include new tests. PRs for
 features without tests will not be merged.**
 
-Things excluded from tests:
-* Documentation
-* Website
-* Build
-* Deployment
-* Assets
-* Flow types
-
 ## Develop Plugins
 
 Plugins are add-ons that extend the functionality of the application.
@@ -187,7 +402,9 @@ Plugins are add-ons that extend the functionality of the application.
 If you want to develop your own plugin:
 
 1. Check whether there is a legacy Sinopia plugin for the feature that you need
-    via [npmjs](https://www.npmjs.com/search?q=sinopia)
-2. Keep in mind the [life-cycle to load a plugin](https://verdaccio.org/docs/en/dev-plugins)
-3. You are free to host your plugin in your repository or ours (just ask)
-4. Provide a detailed description of your plugin to help users understand it
+   via [npmjs](https://www.npmjs.com/search?q=sinopia)
+2. Keep in mind the [life-cycle to load a plugin
+   ](https://verdaccio.org/docs/en/dev-plugins)
+3. You are free to host your plugin in your repository
+4. Provide a detailed description of your plugin to help users understand how to
+   use it

CONTRIBUTORS.md

@@ -0,0 +1,39 @@
+<!-- ALL-CONTRIBUTORS-LIST:START - Do not remove or modify this section -->
+<!-- markdownlint-disable -->
+<table>
+  <tr>
+    <td align="center"><a href="https://www.linkedin.com/in/jotadeveloper/"><img src="https://avatars0.githubusercontent.com/u/558752?v=4" width="100px;" alt=""/><br /><sub><b>Juan Picado</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=juanpicado" title="Documentation">📖</a> <a href="https://github.com/verdaccio/verdaccio/commits?author=juanpicado" title="Code">💻</a> <a href="#infra-juanpicado" title="Infrastructure (Hosting, Build-Tools, etc)">🚇</a> <a href="#eventOrganizing-juanpicado" title="Event Organizing">📋</a> <a href="#blog-juanpicado" title="Blogposts">📝</a> <a href="#maintenance-juanpicado" title="Maintenance">🚧</a></td>
+    <td align="center"><a href="https://github.com/sergiohgz"><img src="https://avatars3.githubusercontent.com/u/14012309?v=4" width="100px;" alt=""/><br /><sub><b>Sergio Herrera</b></sub></a><br /><a href="#infra-sergiohgz" title="Infrastructure (Hosting, Build-Tools, etc)">🚇</a> <a href="#maintenance-sergiohgz" title="Maintenance">🚧</a></td>
+    <td align="center"><a href="https://daniel-ruf.de/"><img src="https://avatars1.githubusercontent.com/u/827205?v=4" width="100px;" alt=""/><br /><sub><b>Daniel Ruf</b></sub></a><br /><a href="#security-DanielRuf" title="Security">🛡️</a> <a href="#infra-DanielRuf" title="Infrastructure (Hosting, Build-Tools, etc)">🚇</a> <a href="#maintenance-DanielRuf" title="Maintenance">🚧</a></td>
+    <td align="center"><a href="https://priscilawebdev.github.io/priscilaoliveira/"><img src="https://avatars1.githubusercontent.com/u/29228205?v=4" width="100px;" alt=""/><br /><sub><b>Priscila Oliveira</b></sub></a><br /><a href="#design-priscilawebdev" title="Design">🎨</a> <a href="https://github.com/verdaccio/verdaccio/commits?author=priscilawebdev" title="Code">💻</a> <a href="#maintenance-priscilawebdev" title="Maintenance">🚧</a></td>
+    <td align="center"><a href="http://ayusharma.github.io/"><img src="https://avatars0.githubusercontent.com/u/6918450?v=4" width="100px;" alt=""/><br /><sub><b>Ayush Sharma</b></sub></a><br /><a href="#infra-ayusharma" title="Infrastructure (Hosting, Build-Tools, etc)">🚇</a> <a href="https://github.com/verdaccio/verdaccio/commits?author=ayusharma" title="Code">💻</a> <a href="#design-ayusharma" title="Design">🎨</a></td>
+    <td align="center"><a href="https://github.com/trentearl"><img src="https://avatars2.githubusercontent.com/u/802857?v=4" width="100px;" alt=""/><br /><sub><b>Trent Earl</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=trentearl" title="Code">💻</a></td>
+    <td align="center"><a href="https://github.com/jmwilkinson"><img src="https://avatars0.githubusercontent.com/u/17836030?v=4" width="100px;" alt=""/><br /><sub><b>jmwilkinson</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=jmwilkinson" title="Code">💻</a></td>
+  </tr>
+  <tr>
+    <td align="center"><a href="https://github.com/bufferoverflow"><img src="https://avatars2.githubusercontent.com/u/378909?v=4" width="100px;" alt=""/><br /><sub><b>Roger Meier</b></sub></a><br /><a href="#plugin-bufferoverflow" title="Plugin/utility libraries">🔌</a></td>
+    <td align="center"><a href="https://ghuser.io/jamesgeorge007"><img src="https://avatars2.githubusercontent.com/u/25279263?v=4" width="100px;" alt=""/><br /><sub><b>James George</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=jamesgeorge007" title="Code">💻</a></td>
+    <td align="center"><a href="https://github.com/AvailCat"><img src="https://avatars3.githubusercontent.com/u/19658647?v=4" width="100px;" alt=""/><br /><sub><b>AvailCat</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=AvailCat" title="Code">💻</a> <a href="#infra-AvailCat" title="Infrastructure (Hosting, Build-Tools, etc)">🚇</a> <a href="#maintenance-AvailCat" title="Maintenance">🚧</a></td>
+    <td align="center"><a href="https://www.luciusgaitan.com/"><img src="https://avatars0.githubusercontent.com/u/5970350?v=4" width="100px;" alt=""/><br /><sub><b>Lucius Gaitán</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=lgaitan" title="Code">💻</a></td>
+    <td align="center"><a href="https://github.com/ramonornela"><img src="https://avatars1.githubusercontent.com/u/187946?v=4" width="100px;" alt=""/><br /><sub><b>Ramon Henrique Ornelas</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=ramonornela" title="Code">💻</a></td>
+    <td align="center"><a href="https://people.freebsd.org/~mi/resume/"><img src="https://avatars1.githubusercontent.com/u/1486340?v=4" width="100px;" alt=""/><br /><sub><b>UnitedMarsupials-zz</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=UnitedMarsupials-zz" title="Code">💻</a></td>
+    <td align="center"><a href="http://www.codingintrigue.co.uk/"><img src="https://avatars0.githubusercontent.com/u/9048902?v=4" width="100px;" alt=""/><br /><sub><b>Ryan Graham</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=ryan-codingintrigue" title="Code">💻</a></td>
+  </tr>
+  <tr>
+    <td align="center"><a href="https://github.com/coolsp"><img src="https://avatars1.githubusercontent.com/u/1246647?v=4" width="100px;" alt=""/><br /><sub><b>coolsp</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=coolsp" title="Code">💻</a></td>
+    <td align="center"><a href="http://ashishsurana.in/"><img src="https://avatars0.githubusercontent.com/u/5610944?v=4" width="100px;" alt=""/><br /><sub><b>Ashish Surana</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=ashishsurana" title="Code">💻</a></td>
+    <td align="center"><a href="https://github.com/buffaybu"><img src="https://avatars3.githubusercontent.com/u/2025661?v=4" width="100px;" alt=""/><br /><sub><b>Wang Yifei</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=buffaybu" title="Code">💻</a></td>
+    <td align="center"><a href="https://twitter.com/liran_tal"><img src="https://avatars1.githubusercontent.com/u/316371?v=4" width="100px;" alt=""/><br /><sub><b>Liran Tal</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=lirantal" title="Code">💻</a></td>
+    <td align="center"><a href="https://github.com/brenordr"><img src="https://avatars2.githubusercontent.com/u/19731692?v=4" width="100px;" alt=""/><br /><sub><b>Breno Rodrigues</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=brenordr" title="Code">💻</a></td>
+    <td align="center"><a href="https://github.com/jachstet-sea"><img src="https://avatars0.githubusercontent.com/u/7993508?v=4" width="100px;" alt=""/><br /><sub><b>jachstet-sea</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=jachstet-sea" title="Code">💻</a></td>
+    <td align="center"><a href="https://patrik.votocek.cz/"><img src="https://avatars1.githubusercontent.com/u/112567?v=4" width="100px;" alt=""/><br /><sub><b>Patrik Votoček</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=Vrtak-CZ" title="Code">💻</a></td>
+  </tr>
+  <tr>
+    <td align="center"><a href="https://github.com/monkeywithacupcake"><img src="https://avatars3.githubusercontent.com/u/7316730?v=4" width="100px;" alt=""/><br /><sub><b>jess</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=monkeywithacupcake" title="Code">💻</a></td>
+    <td align="center"><a href="https://github.com/toolsofraj"><img src="https://avatars0.githubusercontent.com/u/2507152?v=4" width="100px;" alt=""/><br /><sub><b>toolsofraj</b></sub></a><br /><a href="https://github.com/verdaccio/verdaccio/commits?author=toolsofraj" title="Code">💻</a></td>
+    <td align="center"><a href="https://github.com/ddhp"><img src="https://avatars1.githubusercontent.com/u/1715380?v=4" width="100px;" alt=""/><br /><sub><b>Jian-Chen Chen (jesse)</b></sub></a><br /><a href="#translation-ddhp" title="Translation">🌍</a> <a href="https://github.com/verdaccio/verdaccio/commits?author=ddhp" title="Code">💻</a></td>
+  </tr>
+</table>
+
+<!-- markdownlint-enable -->
+<!-- ALL-CONTRIBUTORS-LIST:END -->

Dockerfile

@@ -1,7 +1,7 @@
-FROM node:10.15.3-alpine as builder
+FROM --platform=${BUILDPLATFORM:-linux/amd64} node:14.18.1-alpine as builder
 
-ENV NODE_ENV=production \
-    VERDACCIO_BUILD_REGISTRY=https://registry.npmjs.org
+ENV NODE_ENV=development \
+    VERDACCIO_BUILD_REGISTRY=https://registry.verdaccio.org
 
 RUN apk --no-cache add openssl ca-certificates wget && \
     apk --no-cache add g++ gcc libgcc libstdc++ linux-headers make python && \
@@ -12,16 +12,14 @@ RUN apk --no-cache add openssl ca-certificates wget && \
 WORKDIR /opt/verdaccio-build
 COPY . .
 
-RUN yarn config set registry $VERDACCIO_BUILD_REGISTRY && \
-    yarn install --production=false --no-lockfile && \
-    yarn lint && \
-    yarn code:docker-build && \
-    yarn cache clean && \
-    yarn install --production=true --no-lockfile
+RUN npm -g i pnpm@6.10.3 && \
+    pnpm config set registry $VERDACCIO_BUILD_REGISTRY && \
+    pnpm recursive install --frozen-lockfile --ignore-scripts && \
+    pnpm run build
+# FIXME: need to remove devDependencies from the build
+# RUN pnpm install --prod --ignore-scripts
 
-
-
-FROM node:10.15.3-alpine
+FROM node:14.18.1-alpine
 LABEL maintainer="https://github.com/verdaccio/verdaccio"
 
 ENV VERDACCIO_APPDIR=/opt/verdaccio \
@@ -40,10 +38,11 @@ RUN mkdir -p /verdaccio/storage /verdaccio/plugins /verdaccio/conf
 
 COPY --from=builder /opt/verdaccio-build .
 
-ADD conf/docker.yaml /verdaccio/conf/config.yaml
+RUN ls packages/config/src/conf
+ADD packages/config/src/conf/docker.yaml /verdaccio/conf/config.yaml
 
 RUN adduser -u $VERDACCIO_USER_UID -S -D -h $VERDACCIO_APPDIR -g "$VERDACCIO_USER_NAME user" -s /sbin/nologin $VERDACCIO_USER_NAME && \
-    chmod -R +x $VERDACCIO_APPDIR/bin $VERDACCIO_APPDIR/docker-bin && \
+    chmod -R +x $VERDACCIO_APPDIR/packages/verdaccio/bin $VERDACCIO_APPDIR/docker-bin && \
     chown -R $VERDACCIO_USER_UID:root /verdaccio/storage && \
     chmod -R g=u /verdaccio/storage /etc/passwd
 
@@ -55,4 +54,4 @@ VOLUME /verdaccio/storage
 
 ENTRYPOINT ["uid_entrypoint"]
 
-CMD $VERDACCIO_APPDIR/bin/verdaccio --config /verdaccio/conf/config.yaml --listen $VERDACCIO_PROTOCOL://0.0.0.0:$VERDACCIO_PORT
+CMD $VERDACCIO_APPDIR/packages/verdaccio/bin/verdaccio --config /verdaccio/conf/config.yaml --listen $VERDACCIO_PROTOCOL://0.0.0.0:$VERDACCIO_PORT

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2018 Verdaccio community
+Copyright (c) 2021 Verdaccio contributors
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -2,7 +2,9 @@
 
 ![verdaccio gif](https://cdn.verdaccio.dev/readme/readme-website.png)
 
-# Version 4
+# Version 6 (Development branch)
+
+> Looking for Verdaccio 5? Check branch `5.x`.
 
 [Verdaccio](https://verdaccio.org/) is a simple, **zero-config-required local private npm registry**.
 No need for an entire database just to get started! Verdaccio comes out of the box with
@@ -12,33 +14,41 @@ For those looking to extend their storage capabilities, Verdaccio
 **supports various community-made plugins to hook into services such as Amazon's s3,
 Google Cloud Storage** or create your own plugin.
 
-
 [![verdaccio (latest)](https://img.shields.io/npm/v/verdaccio/latest.svg)](https://www.npmjs.com/package/verdaccio)
-[![verdaccio (downloads)](http://img.shields.io/npm/dy/verdaccio.svg)](https://www.npmjs.com/package/verdaccio)
+[![verdaccio (downloads)](https://img.shields.io/npm/dy/verdaccio.svg)](https://www.npmjs.com/package/verdaccio)
 [![docker pulls](https://img.shields.io/docker/pulls/verdaccio/verdaccio.svg?maxAge=43200)](https://verdaccio.org/docs/en/docker.html)
 [![backers](https://opencollective.com/verdaccio/tiers/backer/badge.svg?label=Backer&color=brightgreen)](https://opencollective.com/verdaccio)
 [![stackshare](https://img.shields.io/badge/Follow%20on-StackShare-blue.svg?logo=stackshare&style=flat)](https://stackshare.io/verdaccio)
 
-![circle ci status](https://circleci.com/gh/verdaccio/verdaccio.svg?style=shield&circle-token=:circle-token)
-[![codecov](https://img.shields.io/codecov/c/github/verdaccio/verdaccio/master.svg)](https://codecov.io/gh/verdaccio/verdaccio)
 [![discord](https://img.shields.io/discord/388674437219745793.svg)](http://chat.verdaccio.org/)
-[![node](https://img.shields.io/node/v/verdaccio/latest.svg)](https://www.npmjs.com/package/verdaccio)
-![MIT](https://img.shields.io/github/license/mashape/apistatus.svg)
+[![MIT](https://img.shields.io/github/license/mashape/apistatus.svg)](https://github.com/verdaccio/verdaccio/blob/master/LICENSE)
 [![Crowdin](https://d322cqt584bo4o.cloudfront.net/verdaccio/localized.svg)](https://crowdin.com/project/verdaccio)
 
-
 [![Twitter followers](https://img.shields.io/twitter/follow/verdaccio_npm.svg?style=social&label=Follow)](https://twitter.com/verdaccio_npm)
 [![Github](https://img.shields.io/github/stars/verdaccio/verdaccio.svg?style=social&label=Stars)](https://github.com/verdaccio/verdaccio/stargazers)
 
-
 ## Install
 
+> Latest Node.js v14
+
 Install with npm:
 
 ```bash
-npm install --global verdaccio
+npm install --global verdaccio@6-next
 ```
 
+or
+
+```bash
+docker pull verdaccio/verdaccio:nightly-master
+```
+
+## Donations
+
+Verdaccio is run by **volunteers**; nobody is working full-time on it. If you find this project to be useful and would like to support its development, consider making a donation - **your logo might end up in this readme.** 😉
+
+**[Donate](https://github.com/sponsors/verdaccio)** 💵👍🏻 starting from _$1/month_ or just one single contribution.
+
 ## What does Verdaccio do for me?
 
 ### Use private packages
@@ -47,23 +57,37 @@ If you want to use all benefits of npm package system in your company without se
 
 ### Cache npmjs.org registry
 
-   If you have more than one server you want to install packages on, you might want to use this to decrease latency
-   (presumably "slow" npmjs.org will be connected to only once per package/version) and provide limited failover (if npmjs.org is down, we might still find something useful in the cache) or avoid issues like *[How one developer just broke Node, Babel and thousands of projects in 11 lines of JavaScript](https://www.theregister.co.uk/2016/03/23/npm_left_pad_chaos/)*, *[Many packages suddenly disappeared](https://github.com/npm/registry-issue-archive/issues/255)* or *[Registry returns 404 for a package I have installed before](https://github.com/npm/registry-issue-archive/issues/329)*.
+If you have more than one server you want to install packages on, you might want to use this to decrease latency
+(presumably "slow" npmjs.org will be connected to only once per package/version) and provide limited failover (if npmjs.org is down, we might still find something useful in the cache) or avoid issues like _[How one developer just broke Node, Babel and thousands of projects in 11 lines of JavaScript](https://www.theregister.co.uk/2016/03/23/npm_left_pad_chaos/)_, _[Many packages suddenly disappeared](https://github.com/npm/registry-issue-archive/issues/255)_ or _[Registry returns 404 for a package I have installed before](https://github.com/npm/registry-issue-archive/issues/329)_.
 
 ### Link multiple registries
 
 If you use multiples registries in your organization and need to fetch packages from multiple sources in one single project you might take advance of the uplinks feature with Verdaccio, chaining multiple registries and fetching from one single endpoint.
 
-
 ### Override public packages
 
-If you want to use a modified version of some 3rd-party package (for example, you found a bug, but maintainer didn't accept pull request yet), you can publish your version locally under the same name. See in detail each of these [use cases](https://github.com/verdaccio/verdaccio/tree/master/docs/use-cases.md).
+If you want to use a modified version of some 3rd-party package (for example, you found a bug, but maintainer didn't accept pull request yet), you can publish your version locally under the same name. See in detail [here](https://verdaccio.org/docs/en/best#override-public-packages).
 
 ### E2E Testing
 
 Verdaccio has proved to be a lightweight registry that can be
 booted in a couple of seconds, fast enough for any CI. Many open source projects use verdaccio for end to end testing, to mention some examples, **create-react-app**, **mozilla neutrino**, **pnpm**, **storybook**, **alfresco** or **eclipse theia**. You can read more in dedicated article to E2E in our blog.
 
+## Talks
+
+### **Testing the integrity of your React components by publishing in a private registry - React Finland 2021**.
+
+[![beerjscrb](https://cdn.verdaccio.dev/readme/react-finland-2021-jpicado.jpeg)](https://www.youtube.com/watch?v=bRKZbrlQqLY&t=16s&ab_channel=ReactFinland)
+
+You might want to check out as well our previous talks:
+
+- [BeerJS Cba Meetup No. 53 May 2021 - **Juan Picado**](https://www.youtube.com/watch?v=6SyjqBmS49Y&ab_channel=BeerJSCba)
+- [Node.js Dependency Confusion Attacks - April 2021 - **Juan Picado\***](https://www.youtube.com/watch?v=qTRADSp3Hpo)
+- [**OpenJS World 2020** about \*Cover your Projects with a Multi purpose Lightweight Node.js Registry - **Juan Picado\***](https://www.youtube.com/watch?v=oVCjDWeehAQ)
+- [ViennaJS Meetup - Introduction to Verdaccio by **Priscila Olivera** and **Juan Picado**](https://www.youtube.com/watch?v=hDIFKzmoCa)
+- [Open Source? trivago - Verdaccio (**Ayush** and **Juan Picado**) January 2020](https://www.youtube.com/watch?v=A5CWxJC9xzc)
+- [GitNation Open Source Stage - How we have built a Node.js Registry with React - **Juan Picado** December 2019](https://www.youtube.com/watch?v=gpjC8Qp9B9A)
+- [Verdaccio - A lightweight Private Proxy Registry built in Node.js | **Juan Picado** at The Destro Dev Show](https://www.youtube.com/watch?reload=9&v=P_hxy7W-IL4&ab_channel=TheDestroDevShow)
 
 ## Get Started
 
@@ -79,13 +103,19 @@ You would need set some npm configuration, this is optional.
 $ npm set registry http://localhost:4873/
 ```
 
+For one-off commands or to avoid setting the registry globally:
+
+```bash
+NPM_CONFIG_REGISTRY=http://localhost:4873 npm i
+```
+
 Now you can navigate to [http://localhost:4873/](http://localhost:4873/) where your local packages will be listed and can be searched.
 
 > Warning: Verdaccio [does not currently support PM2's cluster mode](https://github.com/verdaccio/verdaccio/issues/1301#issuecomment-489302298), running it with cluster mode may cause unknown behavior.
 
 ## Publishing
 
-#### 1. create an user and log in
+#### 1. create a user and log in
 
 ```bash
 npm adduser --registry http://localhost:4873
@@ -105,23 +135,17 @@ npm publish --registry http://localhost:4873
 
 This will prompt you for user credentials which will be saved on the `verdaccio` server.
 
-
 ## Docker
 
-Below are the most commonly needed informations,
+Below are the most commonly needed information,
 every aspect of Docker and verdaccio is [documented separately](https://www.verdaccio.org/docs/en/docker.html)
 
-
 ```
-docker pull verdaccio/verdaccio
+docker pull verdaccio/verdaccio:nightly-master
 ```
 
 Available as [tags](https://hub.docker.com/r/verdaccio/verdaccio/tags/).
 
-```
-docker pull verdaccio/verdaccio:4
-```
-
 ### Running verdaccio using Docker
 
 To run the docker container:
@@ -145,14 +169,14 @@ Verdaccio aims to support all features of a standard npm client that make sense
 
 - Unpublishing packages (npm unpublish) - **supported**
 - Tagging (npm tag) - **supported**
-- Deprecation (npm deprecate) - not supported - *PR-welcome*
+- Deprecation (npm deprecate) - **supported**
 
 ### User management
 
 - Registering new users (npm adduser {newuser}) - **supported**
-- Change password (npm profile set password)  - **supported**
-- Transferring ownership (npm owner add {user} {pkg}) - not supported, *PR-welcome*
-- Token (npm token) - wip [#1271](https://github.com/verdaccio/verdaccio/pull/1271)
+- Change password (npm profile set password) - **supported**
+- Transferring ownership (npm owner add {user} {pkg}) - not supported, _PR-welcome_
+- Token (npm token) - **supported**
 
 ### Miscellany
 
@@ -168,37 +192,51 @@ Verdaccio aims to support all features of a standard npm client that make sense
 
 If you want to report a security vulnerability, please follow the steps which we have defined for you in our [security policy](https://github.com/verdaccio/verdaccio/security/policy).
 
-## Core Team
+## Special Thanks
 
-The core team is responsible for driving this project ahead, team is ordered by antiquity and areas of responsibility.
+Thanks to the following companies to help us to achieve our goals providing free open source licenses. Every company provides enough resources to move this project forward.
 
-|  [Juan Picado](https://github.com/juanpicado) |  [Ayush Sharma](https://github.com/ayusharma)  | [Sergio Hg](https://github.com/sergiohgz)  |  [Priscila Oliveria](https://github.com/priscilawebdev) | 
-|---|---|---|---|
-| ![jotadeveloper](https://avatars3.githubusercontent.com/u/558752?s=120&v=4)   | ![ayusharma](https://avatars2.githubusercontent.com/u/6918450?s=120&v=4)     | ![sergiohgz](https://avatars2.githubusercontent.com/u/14012309?s=120&v=4)       | ![priscilawebdev](https://avatars2.githubusercontent.com/u/29228205?s=120&v=4) | 
-| [@jotadeveloper](https://twitter.com/jotadeveloper)  | [@ayusharma_](https://twitter.com/ayusharma_) | [@sergiohgz](https://twitter.com/sergiohgz)  | [@priscilawebdev](https://twitter.com/priscilawebdev) |
-| All areas  |  All areas | Docker,Builds,Stack |  UI, Stack  | 
+| Company      | Logo                                                                                                                            | License                                                                           |
+| ------------ | ------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------- |
+| JetBrains    | [![jetbrain](assets/thanks/jetbrains/logo.png)](https://www.jetbrains.com/)                                                     | JetBrains provides licenses for products for active maintainers, renewable yearly |
+| Crowdin      | [![crowdin](assets/thanks/crowdin/logo.png)](https://crowdin.com/)                                                              | Crowdin provides platform for translations                                        |
+| BrowserStack | [![browserstack](https://cdn.verdaccio.dev/readme/browserstack_logo.png)](https://www.browserstack.com/)                        | BrowserStack provides plan to run End to End testing for the UI                   |
+| Netlify      | [![netlify](https://www.netlify.com/img/global/badges/netlify-color-accent.svg)](https://www.netlify.com/)                      | Netlify provides pro plan for website deployment                                  |
+| Algolia      | [![algolia](https://cdn.verdaccio.dev/sponsor/logo/algolia/logo.png)](https://algolia.com/)                                     | Algolia provides search services for the website                                  |
+| Docker       | [![docker](https://cdn.verdaccio.dev/sponsor/logo/docker/docker.png)](https://www.docker.com/community/open-source/application) | Docker offers unlimited pulls and unlimited egress to any and all users           |
 
-You can find and chat with then over Discord, click [here](http://chat.verdaccio.org) or follow them at *Twitter*.
+## Maintainers
+
+| [Juan Picado](https://github.com/juanpicado)                                   | [Ayush Sharma](https://github.com/ayusharma)                             | [Sergio Hg](https://github.com/sergiohgz)                                 |
+| ------------------------------------------------------------------------------ | ------------------------------------------------------------------------ | ------------------------------------------------------------------------- |
+| ![jotadeveloper](https://avatars3.githubusercontent.com/u/558752?s=120&v=4)    | ![ayusharma](https://avatars2.githubusercontent.com/u/6918450?s=120&v=4) | ![sergiohgz](https://avatars2.githubusercontent.com/u/14012309?s=120&v=4) |
+| [@jotadeveloper](https://twitter.com/jotadeveloper)                            | [@ayusharma\_](https://twitter.com/ayusharma_)                           | [@sergiohgz](https://twitter.com/sergiohgz)                               |
+| [Priscila Oliveria](https://github.com/priscilawebdev)                         | [Daniel Ruf](https://github.com/DanielRuf)                               |
+| ![priscilawebdev](https://avatars2.githubusercontent.com/u/29228205?s=120&v=4) | ![DanielRuf](https://avatars3.githubusercontent.com/u/827205?s=120&v=4)  |
+| [@priscilawebdev](https://twitter.com/priscilawebdev)                          | [@DanielRufde](https://twitter.com/DanielRufde)                          |
+
+You can find and chat with then over Discord, click [here](http://chat.verdaccio.org) or follow them at _Twitter_.
 
 ## Who is using Verdaccio?
 
-* [create-react-app](https://github.com/facebook/create-react-app/blob/master/CONTRIBUTING.md#contributing-to-e2e-end-to-end-tests) *(+67k ⭐️)*
-* [Storybook](https://github.com/storybooks/storybook) *(+37k ⭐️)*
-* [Gatsby](https://github.com/gatsbyjs/gatsby) *(+34k ⭐️)* 
-* [Angular CLI](https://github.com/angular/angular-cli) *(+21k ⭐️)* 
-* [Uppy](https://github.com/transloadit/uppy) *(+19k ⭐️)*
-* [Aurelia Framework](https://github.com/aurelia) *(+11k ⭐️)*
-* [bit](https://github.com/teambit/bit) *(+6k ⭐️)*
-* [pnpm](https://github.com/pnpm/pnpm) *(+5k ⭐️)*
-* [Mozilla Neutrino](https://github.com/neutrinojs/neutrino) *(+3k ⭐️)*
-* [Hyperledger Composer](https://github.com/hyperledger/composer) *(+1.6k ⭐️)*
-* [webiny-js](https://github.com/Webiny/webiny-js) *(+1k ⭐️)*
+- [create-react-app](https://github.com/facebook/create-react-app/blob/master/CONTRIBUTING.md#customizing-e2e-registry-configuration) _(+86.2k ⭐️)_
+- [Gatsby](https://github.com/gatsbyjs/gatsby) _(+49.2k ⭐️)_
+- [Babel.js](https://github.com/babel/babel) _(+38.5k ⭐️)_
+- [Vue CLI](https://github.com/vuejs/vue-cli) _(+27.4k ⭐️)_
+- [Angular CLI](https://github.com/angular/angular-cli) _(+24.3k ⭐️)_
+- [Uppy](https://github.com/transloadit/uppy) _(+23.8k ⭐️)_
+- [bit](https://github.com/teambit/bit) _(+13k ⭐️)_
+- [Aurelia Framework](https://github.com/aurelia/framework) _(+11.6k ⭐️)_
+- [pnpm](https://github.com/pnpm/pnpm) _(+10.1k ⭐️)_
+- [ethereum/web3.js](https://github.com/ethereum/web3.js) _(+9.8k ⭐️)_
+- [NX](https://github.com/nrwl/nx) _(+6.1k ⭐️)_
+- [webiny-js](https://github.com/webiny/webiny-js) _(+4.3k ⭐️)_
+- [Mozilla Neutrino](https://github.com/neutrinojs/neutrino) _(+3.7k ⭐️)_
+- [workshopper how to npm](https://github.com/workshopper/how-to-npm) _(+1k ⭐️)_
+- [Amazon SDK v3](https://github.com/aws/aws-sdk-js-v3)
+- [Amazon Encryption SDK for Javascript](https://github.com/aws/aws-encryption-sdk-javascript)
 
-🤓 Don't be shy, you also can be in [the list](https://github.com/verdaccio/website/blob/master/docs/who-is-using.md). 
-
-## Sponsorship
-
-If you are a *company/project* and you 😍 Verdaccio and FOSS, your **logo can be here** 😉 if you support our activities. [Donate](https://opencollective.com/verdaccio).
+🤓 Don't be shy, you also can be in [the list](https://github.com/verdaccio/website/blob/master/docs/who-is-using.md).
 
 ## Open Collective Sponsors
 
@@ -221,37 +259,28 @@ Thank you to all our backers! 🙏 [[Become a backer](https://opencollective.com
 
 [![backers](https://opencollective.com/verdaccio/backers.svg?width=890)](https://opencollective.com/verdaccio#backers)
 
-## Special Thanks
-
-Thanks to the following companies to help us to achieve our goals providing free open source licenses.
-
-[![jetbrain](assets/thanks/jetbrains/logo.png)](https://www.jetbrains.com/)
-[![crowdin](assets/thanks/crowdin/logo.png)](https://crowdin.com/)
-[![balsamiq](assets/thanks/balsamiq/logo.jpg)](https://balsamiq.com/)
-
 ## Contributors
 
 This project exists thanks to all the people who contribute. [[Contribute](CONTRIBUTING.md)].
 
-[![contrubitors](https://opencollective.com/verdaccio/contributors.svg?width=890&button=true)](../../graphs/contributors)
+[![contributors](https://opencollective.com/verdaccio/contributors.svg?width=890&button=true)](../../graphs/contributors)
 
 ### FAQ / Contact / Troubleshoot
 
 If you have any issue you can try the following options, do no desist to ask or check our issues database, perhaps someone has asked already what you are looking for.
 
-* [Blog](https://verdaccio.org/blog/)
-* [Donations](https://opencollective.com/verdaccio)
-* [Reporting an issue](https://github.com/verdaccio/verdaccio/blob/master/CONTRIBUTING.md#reporting-a-bug)
-* [Running discussions](https://github.com/verdaccio/verdaccio/issues?q=is%3Aissue+is%3Aopen+label%3Adiscuss)
-* [Chat](http://chat.verdaccio.org/)
-* [Logos](https://verdaccio.org/docs/en/logo)
-* [Docker Examples](https://github.com/verdaccio/docker-examples)
-* [FAQ](https://github.com/verdaccio/verdaccio/issues?utf8=%E2%9C%93&q=is%3Aissue%20label%3Aquestion%20)
-
+- [Blog](https://verdaccio.org/blog/)
+- [Donations](https://github.com/sponsors/verdaccio)
+- [Reporting an issue](https://github.com/verdaccio/verdaccio/issues/new/choose)
+- [Running discussions](https://github.com/verdaccio/verdaccio/issues?q=is%3Aissue+is%3Aopen+label%3Adiscuss)
+- [Chat](https://discord.gg/7qWJxBf)
+- [Logos](https://verdaccio.org/docs/en/logo)
+- [Docker Examples](https://github.com/verdaccio/verdaccio/tree/master/docker-examples)
+- [FAQ](https://github.com/verdaccio/verdaccio/discussions/categories/q-a)
 
 ### License
 
 Verdaccio is [MIT licensed](https://github.com/verdaccio/verdaccio/blob/master/LICENSE)
 
-The Verdaccio documentation and logos (excluding /thanks, e.g., .md, .png, .sketch)  files within the /assets folder) is
- [Creative Commons licensed](https://github.com/verdaccio/verdaccio/blob/master/LICENSE-docs).
+The Verdaccio documentation and logos (excluding /thanks, e.g., .md, .png, .sketch) files within the /assets folder) is
+[Creative Commons licensed](https://creativecommons.org/licenses/by/4.0/).

SECURITY.md

@@ -4,11 +4,13 @@
 
 The following table describes the versions of this project that are currently supported with security updates:
 
-| Version | Supported          |
-| ------- | ------------------ |
-| 2.x   | :x:                  |
-| 3.x   | :white_check_mark:   |
-| 4.x   | :white_check_mark:   |
+| Version   | Supported          |
+| --------- | ------------------ |
+| 2.x       | :x:                |
+| 3.x       | :x:                |
+| 4.x       | :x:                |
+| 5.x       | :white_check_mark: |
+| 6.x alpha | :x:                |
 
 ## Responsible disclosure security policy
 
@@ -20,15 +22,17 @@ We kindly ask you to refrain from malicious acts that put our users, the project
 
 ## Reporting a security issue
 
+> Please do not use the provided email address to report issues which are not related to security vulnerabilities
+
 At Verdaccio, we consider the security of our systems a top priority. But no matter how much effort we put into system security, there can still be vulnerabilities present.
 
 If you discover a security vulnerability, please use one of the following means of communications to report it to us:
 
-* Report the security issue to the Node.js Security WG through the [HackerOne program](https://hackerone.com/nodejs-ecosystem) for ecosystem modules on npm, or to [Snyk Security Team](https://snyk.io/vulnerability-disclosure). They will help triage the security issue and work with all involved parties to remediate and release a fix.
+- Report the security issue to the Node.js Security WG through the [HackerOne program](https://hackerone.com/nodejs-ecosystem) for ecosystem modules on npm, or to [Snyk Security Team](https://snyk.io/vulnerability-disclosure). They will help triage the security issue and work with all involved parties to remediate and release a fix.
 
 Note that time-frame and processes are subject to each program’s own policy.
 
-* Report the security issue to the project maintainers directly at verdaccio@pm.me. If the report contains highly sensitive information, please be advised to encrypt your findings using our [PGP key](https://verdaccio.nyc3.digitaloceanspaces.com/gpg/publickey.verdaccio@pm.me.asc) which is also available in this document.
+- Report the security issue to the project maintainers directly at verdaccio@pm.me. If the report contains highly sensitive information, please be advised to encrypt your findings using our [PGP key](https://cdn.verdaccio.dev/gpg/publickey.verdaccio@pm.me.asc) which is also available in this document.
 
 Your efforts to responsibly disclose your findings are sincerely appreciated and will be taken into account to acknowledge your contributions.
 

bin/verdaccio

@@ -1,3 +0,0 @@
-#!/usr/bin/env node
-
-require('../build/lib/cli');

codecov.yml

@@ -0,0 +1,29 @@
+codecov:
+  require_ci_to_pass: yes
+
+coverage:
+  precision: 2
+  round: down
+  range: '80...85'
+
+  status:
+    project:
+      default:
+        target: auto
+        threshold: 1%
+        base: auto
+    patch: no
+    changes: no
+
+parsers:
+  gcov:
+    branch_detection:
+      conditional: yes
+      loop: yes
+      method: no
+      macro: no
+
+comment:
+  layout: 'diff,flags,tree'
+  behavior: default
+  require_changes: no

conf/README.md

@@ -1,9 +0,0 @@
-## Looking 👀 for Documentation?
-
-This directory host the default configuration file, but you can find more here:
-
-* [https://verdaccio.org/docs/en/installation](https://verdaccio.org/docs/en/installation)
-* [Chat with us](http://chat.verdaccio.org) <- You need a Discord account
-* [Follou us on Twitter](https://twitter.com/verdaccio_npm)
-
-Enjoy Verdaccio !