Problems when trying to use npm audit with bucket storage

[pedrow-coelho]

ENVIRONMENT

• versão verdaccio: 5.29.2
• versão do nó : 14.0.0
• gerenciador de pacotes: npm@7
• os: linux
• plataforma: npm

BUG
When trying to run npm audit or npm audit fix it returns the following error

npm http fetch POST 400 https://verdaccio.devops.seguros.vitta.com.br/-/npm/v1/security/audits/quick 617ms
npm verb audit error HttpErrorGeneral: 400 Bad Request - POST https://verdaccio.myhost.com.br.com.br/-/npm/v1/security/audits/quick
npm verb audit error   statusCode: 400,
npm verb audit error   code: 'E400',
npm verb audit error   method: 'POST',
npm verb audit error   uri: 'https://verdaccio.verdaccio.myhost.com.br.com.br/-/npm/v1/security/audits/quick',
npm verb audit error   body: <Buffer >,
npm verb audit error   pkgid: undefined
npm verb audit error }
npm sill audit error 
npm sill audit report null
npm WARN audit 400 Bad Request - POST https://verdaccio.myhost.com.br/-/npm/v1/security/audits/quick

I'm using an S3 bucket as storage and it just doesn't work with that. When I try to use the storage on my k8s volume it works normally

REPRODUCE

upload verdaccio in a k8s environment, configure it with a google auth plugin, npm audit and s3 bucket, configure them and then authenticate and get a token.
Now go to your project, export the captured registry and token values ​​and run npm install and then npm audit.

Comportamento esperado
return the output of an npm audit

Arquivo de configuração (cat ~/.config/verdaccio/config.yaml)

image:
  repository:
  tag: 1.1.0
  pullPolicy: Always

affinity:
{{- if .Values.affinity }}
{{ toYaml .Values.affinity | indent 4 }}
{{- end }}

ingress:
  enabled: true
  className: nginx
  paths:
    - /
  hosts:
    - {{ .Values.lbHostname }}

# Extra Environment Values - allows yaml definitions
extraEnvVars:
  - name: VERDACCIO_PORT
    value: "4873"

configMap: |
  max_body_size: 100mb
  storage: /verdaccio/storage/data
  plugins: /verdaccio/plugins

  web:
    title: Verdaccio

  auth:
    {{ if .Values.googleAuth.enabled -}}
    google-oauth-ui-2:
     client-id: {{ .Values.clientID }}
     client-secret: {{ .Values.clientSecret }}
     domain: {{ .Values.googleAuth.allowedDomain }}
    {{ end -}}

    htpasswd:
      # Do not change this path if secrets htpasswd is used.
      file: /verdaccio/storage/htpasswd
      # Maximum amount of users allowed to register, defaults to "+infinity".

      # You can set this to -1 to disable registration.
      algorithm: bcrypt

      # Rounds number for "bcrypt", will be ignored for other algorithms.
      rounds: 10
      max_users: -1

  security:
    api:
      legacy: false
      jwt:
        sign:
          expiresIn: 365d

    web:
      sign:
        expiresIn: 7d

  # a list of other known repositories we can talk to
  uplinks:
    npmjs:
      url: https://registry.npmjs.org/
      maxage: 60m
      agent_options:
        keepAlive: true
        maxSockets: 40
        maxFreeSockets: 10

    "@*/*":
      access: '$authenticated'
      publish: '$authenticated'
      unpublish: '$authenticated'
      proxy: npmjs

    "**":
      access: '$authenticated'
      publish: '$authenticated'
      unpublish: '$authenticated'
      proxy: npmjs

  middlewares:
    audit:
      enabled: true

    {{ if .Values.googleAuth.enabled -}}
    google-oauth-ui-2:
      enabled: true
    {{ end -}}

  {{ if .Values.bucketS3.enabled -}}
  store:
    aws-s3-storage:
      bucket: {{ .Values.bucketS3.name }}
      region: {{ .Values.bucketS3.region }}
      accessKeyId: {{ .Values.bucketS3.accessKeyId }}
      secretAccessKey: {{ .Values.bucketS3.secretAccessKey }}
  {{ end -}}

[mbtools]

Set the log level to debug. then you can see in the log how the audit request is forwarded to registry.npmjs.com and what kind of error is returned to verdaccio.