diff --git a/.secrets-baseline b/.secrets-baseline
index 179200f89..669212610 100644
--- a/.secrets-baseline
+++ b/.secrets-baseline
@@ -3,7 +3,7 @@
     "files": null,
     "lines": null
   },
-  "generated_at": "2020-07-16T19:13:08Z",
+  "generated_at": "2020-10-08T19:53:38Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -303,13 +303,13 @@
       {
         "hashed_secret": "97752a468368b0d6b192140d6a140c38fd0cbd8b",
         "is_verified": false,
-        "line_number": 305,
+        "line_number": 320,
         "type": "Secret Keyword"
       },
       {
         "hashed_secret": "364bdf2ed77a8544d3b711a03b69eeadcc63c9d7",
         "is_verified": false,
-        "line_number": 829,
+        "line_number": 997,
         "type": "Secret Keyword"
       }
     ],
diff --git a/src/api/middleware.ts b/src/api/middleware.ts
index 4ebcb6b98..69d21dfdc 100644
--- a/src/api/middleware.ts
+++ b/src/api/middleware.ts
@@ -272,7 +272,7 @@ export function errorReportingMiddleware(req: $RequestExtend, res: $ResponseExte
     res.report_error ||
     function(err: VerdaccioError): void {
       if (err.status && err.status >= HTTP_STATUS.BAD_REQUEST && err.status < 600) {
-        if (_.isNil(res.headersSent) === false) {
+        if (!res.headersSent) {
           res.status(err.status);
           next({ error: err.message || API_ERROR.UNKNOWN_ERROR });
         }
diff --git a/test/unit/modules/api/api.spec.ts b/test/unit/modules/api/api.spec.ts
index 78a0db270..1304b85e7 100644
--- a/test/unit/modules/api/api.spec.ts
+++ b/test/unit/modules/api/api.spec.ts
@@ -2,6 +2,8 @@ import request from 'supertest';
 import _ from 'lodash';
 import path from 'path';
 import rimraf from 'rimraf';
+import nock from 'nock';
+import { Readable } from 'stream';
 
 import configDefault from '../../partials/config';
 import publishMetadata from '../../partials/publish-api';
@@ -32,6 +34,12 @@ import {
   generateVersion,
 } from '../../__helper/utils';
 
+const sleep = (delay) => {  
+  return new Promise(resolve => {  
+    setTimeout(resolve, delay)  
+  });  
+}
+
 require('../../../../src/lib/logger').setup([
   { type: 'stdout', format: 'pretty', level: 'warn' }
 ]);
@@ -51,11 +59,11 @@ const putVersion = (app, name, publishMetadata) => {
 
 describe('endpoint unit test', () => {
   let app;
+  const mockServerPort = 55549;
   let mockRegistry;
 
   beforeAll(function(done) {
-    const store = path.join(__dirname, '../../partials/store/test-storage-api-spec');
-    const mockServerPort = 55549;
+    const store = path.join(__dirname, '../../partials/store/test-storage-api-spec');    
     rimraf(store, async () => {
       const configForTest = configDefault({
         auth: {
@@ -74,6 +82,12 @@ describe('endpoint unit test', () => {
         uplinks: {
           npmjs: {
             url: `http://${DOMAIN_SERVERS}:${mockServerPort}`
+          },
+          socketTimeout: {
+            url: `http://some.registry.timeout.com`,
+            max_fails: 2,
+            timeout: '1s',
+            fail_timeout: '1s'
           }
         },
         logs: [
@@ -92,6 +106,10 @@ describe('endpoint unit test', () => {
     done();
   });
 
+  afterEach(() => {
+    nock.cleanAll();
+  })
+
   describe('Registry API Endpoints', () => {
 
     describe('should test ping api', () => {
@@ -355,6 +373,39 @@ describe('endpoint unit test', () => {
           });
       });
 
+      test('should fails with socket time out fetch tarball timeout package from remote uplink', async () => {
+        const timeOutPkg = generatePackageMetadata('timeout', '1.5.1');
+        const responseText = 'fooooooooooooooooo';
+        const readable = Readable.from([responseText]);
+        timeOutPkg.versions['1.5.1'].dist.tarball = 'http://some.registry.timeout.com/timeout/-/timeout-1.5.1.tgz';
+        nock('http://some.registry.timeout.com')
+          .get('/timeout')
+          .reply(200, timeOutPkg);
+        nock('http://some.registry.timeout.com')
+          .get('/timeout/-/timeout-1.5.1.tgz')
+          .twice()
+          .socketDelay(50000)
+        .reply(200);
+        nock('http://some.registry.timeout.com')
+        .get('/timeout/-/timeout-1.5.1.tgz')
+        .reply(200, () => readable);        
+        const agent = request.agent(app);
+        await agent
+          .get('/timeout/-/timeout-1.5.1.tgz')
+          .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.OCTET_STREAM)
+          .expect(HTTP_STATUS.INTERNAL_ERROR);
+        await agent
+          .get('/timeout/-/timeout-1.5.1.tgz')
+          .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.OCTET_STREAM)
+          .expect(HTTP_STATUS.INTERNAL_ERROR);
+        await sleep(2000);  
+        // await agent      
+        await agent
+          .get('/timeout/-/timeout-1.5.1.tgz')
+          .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.OCTET_STREAM)
+          .expect(HTTP_STATUS.OK);           
+      }, 10000);
+
       test('should fetch jquery specific version package from remote uplink', (done) => {
 
         request(app)
diff --git a/test/unit/partials/config/yaml/api.spec.yaml b/test/unit/partials/config/yaml/api.spec.yaml
index 432e38e55..1a3d48a5e 100644
--- a/test/unit/partials/config/yaml/api.spec.yaml
+++ b/test/unit/partials/config/yaml/api.spec.yaml
@@ -27,6 +27,10 @@ packages:
     access: $all
     publish: $all
     proxy: npmjs
+  'timeout':
+    access: $all
+    publish: $all
+    proxy: socketTimeout
   '@scope/*':
     access: test
     publish: dsadsa