feat: migrateToSecureLegacySignature 6.x (#4643)

* migrate to forceMigrateToSecureLegacySignature

update dependencies

* Update ci.yml

* Update ci.yml

* format

* improve ci

.github/workflows/ci.yml

@@ -2,6 +2,12 @@ name: CI
 
 on: [push, pull_request]
 
+permissions:
+  contents: read
+concurrency:
+  group: ci-${{ github.ref }}
+  cancel-in-progress: true  
+
 jobs:
   ci:
     name: Node ${{ matrix.node_version }}
@@ -10,7 +16,7 @@ jobs:
       fail-fast: false
       matrix:
         # only suported versions defined at https://nodejs.org/en/about/previous-releases
-        node_version: [18, 20, 21]
+        node_version: [18, 20, 21, 22]
 
     runs-on: ubuntu-latest
 

.github/workflows/e2e-angular-cli-workflow.yml

@@ -5,43 +5,6 @@ on:
 
 name: 'E2E Angular CLI with verdaccio'
 jobs:
-  npm7:
-    name: 'npm7:angular example'
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
-
-      - name: 'Use Node.js'
-        uses: actions/setup-node@7c12f8017d5436eb855f1ed4399f037a36fbd9e8 # v2.5.2
-        with:
-          node-version-file: '.nvmrc'
-      - name: 'install latest npm'
-        run: npm i -g npm@next-7
-      - name: Install Dependencies
-        run: yarn install
-      - name: 'Run verdaccio in the background'
-        run: |
-          nohup yarn node ./scripts/run-verdaccio.js --config ./scripts/e2e-config.yaml &
-      - name: 'Ping to verdaccio'
-        run: |
-          npm ping --registry http://localhost:4873
-      - name: 'Running the integration test'
-        run: |
-          source scripts/e2e-setup-ci.sh
-          echo "registry=http://localhost:4873" > ~/.npmrc
-          npm config set loglevel="silent"
-          npm config set fetch-retries="5"
-          npm config set fetch-retry-factor="50"
-          npm config set fetch-retry-mintimeout="20000"
-          npm config set fetch-retry-maxtimeout="80000"
-          npm install -g @angular/cli
-          ng new verdaccio-angular --interactive=false
-
-          cd verdaccio-angular
-          npm install @angular-devkit/core@next @babel/preset-env @babel/core -D
-
-          npm run ng build --aot
   npm8:
     name: 'npm8:angular example'
     runs-on: ubuntu-latest

.github/workflows/e2e-jest-workflow.yml

@@ -202,8 +202,8 @@ jobs:
           yarn add left-pad --registry http://localhost:4873 --verbose
           echo "const leftPad = require('left-pad'); it('should resolve a module', () => { expect(typeof leftPad).toBe('function');});" | tee module.test.js
           yarn jest module.test.js
-  pnpm7:
-    name: 'pnpm:7:jest example'
+  pnpm9:
+    name: 'pnpm:9:jest example'
     runs-on: ubuntu-latest
 
     steps:
@@ -214,7 +214,7 @@ jobs:
         with:
           node-version-file: '.nvmrc'
       - name: 'install latest pnpm'
-        run: npm i -g pnpm@latest-7
+        run: npm i -g pnpm@latest-9
       - name: Install Dependencies
         run: yarn install
       - name: 'Run verdaccio in the background'

package.json

@@ -19,22 +19,22 @@
     "url": "https://opencollective.com/verdaccio"
   },
   "dependencies": {
-    "@verdaccio/auth": "7.0.0-next-7.13",
-    "@verdaccio/config": "7.0.0-next-7.13",
-    "@verdaccio/core": "7.0.0-next-7.13",
-    "@verdaccio/hooks": "7.0.0-next-7.13",
-    "@verdaccio/loaders": "7.0.0-next-7.13",
+    "@verdaccio/auth": "7.0.0-next-7.15",
+    "@verdaccio/config": "7.0.0-next-7.15",
+    "@verdaccio/core": "7.0.0-next-7.15",
+    "@verdaccio/hooks": "7.0.0-next-7.15",
+    "@verdaccio/loaders": "7.0.0-next-7.15",
     "@verdaccio/local-storage": "10.3.4",
-    "@verdaccio/logger": "7.0.0-next-7.13",
-    "@verdaccio/middleware": "7.0.0-next-7.13",
-    "@verdaccio/proxy": "7.0.0-next-7.13",
-    "@verdaccio/search": "7.0.0-next-7.2",
-    "@verdaccio/signature": "7.0.0-next.3",
+    "@verdaccio/logger": "7.0.0-next-7.15",
+    "@verdaccio/middleware": "7.0.0-next-7.15",
+    "@verdaccio/proxy": "7.0.0-next-7.15",
+    "@verdaccio/search": "7.0.0-next-7.4",
+    "@verdaccio/signature": "7.0.0-next-7.5",
     "@verdaccio/streams": "10.2.1",
-    "@verdaccio/tarball": "12.0.0-next-7.13",
-    "@verdaccio/ui-theme": "7.0.0-next-7.13",
-    "@verdaccio/url": "12.0.0-next-7.13",
-    "@verdaccio/utils": "7.0.0-next-7.13",
+    "@verdaccio/tarball": "12.0.0-next-7.15",
+    "@verdaccio/ui-theme": "3.4.1",
+    "@verdaccio/url": "12.0.0-next-7.15",
+    "@verdaccio/utils": "7.0.0-next-7.15",
     "async": "3.2.5",
     "clipanion": "3.2.1",
     "compression": "1.7.4",
@@ -53,32 +53,32 @@
     "mkdirp": "1.0.4",
     "mv": "2.1.1",
     "pkginfo": "0.4.1",
-    "semver": "7.6.0",
-    "validator": "13.11.0",
-    "verdaccio-audit": "12.0.0-next-7.13",
-    "verdaccio-htpasswd": "12.0.0-next-7.13"
+    "semver": "7.6.2",
+    "validator": "13.12.0",
+    "verdaccio-audit": "12.0.0-next-7.15",
+    "verdaccio-htpasswd": "12.0.0-next-7.15"
   },
   "devDependencies": {
-    "@babel/cli": "7.23.4",
-    "@babel/core": "7.23.7",
-    "@babel/eslint-parser": "7.23.3",
-    "@babel/node": "7.22.19",
+    "@babel/cli": "7.24.5",
+    "@babel/core": "7.24.5",
+    "@babel/eslint-parser": "7.24.5",
+    "@babel/node": "7.23.9",
     "@babel/plugin-proposal-class-properties": "7.18.6",
     "@babel/plugin-syntax-dynamic-import": "7.8.3",
     "@babel/polyfill": "^7.12.1",
-    "@babel/preset-env": "7.23.8",
-    "@babel/preset-typescript": "7.23.3",
+    "@babel/preset-env": "7.24.5",
+    "@babel/preset-typescript": "7.24.1",
     "@babel/register": "7.23.7",
-    "@babel/runtime": "7.23.8",
-    "@octokit/rest": "20.0.2",
+    "@babel/runtime": "7.24.5",
+    "@octokit/rest": "20.1.1",
     "@trivago/prettier-plugin-sort-imports": "4.3.0",
     "@types/async": "3.2.24",
     "@types/express": "4.17.21",
-    "@types/express-serve-static-core": "4.17.42",
+    "@types/express-serve-static-core": "4.19.0",
     "@types/http-errors": "2.0.4",
-    "@types/jest": "29.5.11",
-    "@types/lodash": "4.14.202",
-    "@types/mime": "3.0.4",
+    "@types/jest": "29.5.12",
+    "@types/lodash": "4.17.1",
+    "@types/mime": "3.0.0",
     "@types/minimatch": "5.1.2",
     "@types/node": "20.11.7",
     "@types/semver": "7.5.6",
@@ -109,13 +109,13 @@
     "lockfile-lint": "4.13.2",
     "mockdate": "3.0.5",
     "nock": "13.5.0",
-    "prettier": "3.2.4",
-    "rimraf": "5.0.5",
+    "prettier": "3.2.5",
+    "rimraf": "5.0.7",
     "selfsigned": "2.4.1",
     "standard-version": "9.5.0",
     "supertest": "6.3.4",
     "ts-node": "10.9.2",
-    "typescript": "5.3.3",
+    "typescript": "5.4.5",
     "verdaccio-auth-memory": "10.2.2",
     "verdaccio-memory": "10.3.2"
   },

src/index.ts

@@ -1,6 +1,3 @@
-export { parseConfigFile } from './lib/utils';
+export { ConfigBuilder, parseConfigFile, findConfigFile } from '@verdaccio/config';
 export { startVerdaccio as default, startVerdaccio } from './lib/bootstrap';
-// Similar structure as v6 but with different functions
-// this is a bridge for easy migration to v6
 export { runServer } from './lib/run-server';
-export { ConfigBuilder } from '@verdaccio/config';

src/lib/cli/commands/init.ts

@@ -1,12 +1,11 @@
 import { Command, Option } from 'clipanion';
 import path from 'path';
 
+import { findConfigFile, parseConfigFile } from '@verdaccio/config';
 import { warningUtils } from '@verdaccio/core';
 import { ConfigYaml } from '@verdaccio/types';
 
 import { listenDefaultCallback, startVerdaccio } from '../../bootstrap';
-import findConfigFile from '../../config-path';
-import { parseConfigFile } from '../../utils';
 
 require('pkginfo')(module);
 const pkgVersion = module.exports.version;

src/lib/config.ts

@@ -6,7 +6,7 @@ import { Config as ConfigCore } from '@verdaccio/config';
 class Config extends ConfigCore {
   public constructor(config: any) {
     config.configPath = config.self_path;
-    super(config, { forceEnhancedLegacySignature: false });
+    super(config, { forceMigrateToSecureLegacySignature: true });
   }
 }
 

src/lib/run-server.ts

@@ -6,13 +6,12 @@ import https from 'https';
 import _, { assign } from 'lodash';
 import path from 'path';
 
+import { findConfigFile, parseConfigFile } from '@verdaccio/config';
 import { Config, HttpsConfKeyCert, HttpsConfPfx } from '@verdaccio/types';
 
 import endPointAPI from '../api/index';
 import { getListListenAddresses } from './cli/utils';
-import findConfigFile from './config-path';
 import { API_ERROR } from './constants';
-import { parseConfigFile } from './utils';
 
 const debug = buildDebug('verdaccio');
 

src/lib/utils.ts

@@ -4,7 +4,6 @@ import semver from 'semver';
 import { URL } from 'url';
 import validator from 'validator';
 
-import { parseConfigFile } from '@verdaccio/config';
 // eslint-disable-next-line max-len
 import { errorUtils, validatioUtils } from '@verdaccio/core';
 import { StringValue } from '@verdaccio/types';
@@ -472,4 +471,4 @@ export function hasLogin(config: Config) {
   return _.isNil(config?.web?.login) || config?.web?.login === true;
 }
 
-export { buildTokenUtil as buildToken, parseConfigFile };
+export { buildTokenUtil as buildToken };

test/unit/modules/bootstrap/legacy.spec.ts

@@ -1,7 +1,8 @@
 import { join } from 'path';
 
+import { parseConfigFile } from '@verdaccio/config';
+
 import startVerdaccioDeault, { startVerdaccio } from '../../../../src';
-import { parseConfigFile } from '../../../../src/lib/utils';
 
 describe('bootstrap legacy', () => {
   describe('startVerdaccio', () => {