The token function cannot be used on CentOS systems

I use it on macOS and it works well, but when I run verdaccio on centos system, it doesn’t work, the error is as follows

[root@localhost verdaccio]# docker-compose -f verdaccio.yml logs -f
Attaching to verdaccio
verdaccio    |  warn --- config file  - /verdaccio/conf/config.yaml
verdaccio    |  warn --- ⚠️  experiments are enabled, we recommend do not use experiments in production, comment out this section to disable it
verdaccio    |  warn ---  - support for token is enabled
verdaccio    |  warn --- Verdaccio started
verdaccio    |  warn --- Plugin successfully loaded: verdaccio-htpasswd
verdaccio    |  warn --- Plugin successfully loaded: verdaccio-audit
verdaccio    |  warn --- http address - http://0.0.0.0:4873/ - verdaccio/4.4.1
verdaccio    |  http <-- 404, user: null(192.168.1.128), req: 'POST /-/v1/login', bytes: 37/150
verdaccio    |  http <-- 404, user: null(192.168.1.128), req: 'POST /-/v1/login', bytes: 37/150
verdaccio    |  http <-- 409, user: null(192.168.1.128), req: 'PUT /-/user/org.couchdb.user:admin', error: username is already registered
verdaccio    |  http <-- 409, user: null(192.168.1.128), req: 'PUT /-/user/org.couchdb.user:admin', error: username is already registered
verdaccio    |  http <-- 200, user: null(192.168.1.128), req: 'GET /-/user/org.couchdb.user:admin?write=true', bytes: 0/51
verdaccio    |  http <-- 200, user: null(192.168.1.128), req: 'GET /-/user/org.couchdb.user:admin?write=true', bytes: 0/51
verdaccio    | (node:7) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
verdaccio    |  http <-- 201, user: admin(192.168.1.128), req: 'PUT /-/user/org.couchdb.user:admin/-rev/undefined', bytes: 172/589
verdaccio    |  http <-- 201, user: admin(192.168.1.128), req: 'PUT /-/user/org.couchdb.user:admin/-rev/undefined', bytes: 172/589
verdaccio    | (node:7) UnhandledPromiseRejectionWarning: OpenError: IO error: /verdaccio/storage/data/.token-db/LOCK: No such file or directory
verdaccio    |     at /opt/verdaccio/node_modules/levelup/lib/levelup.js:96:23
verdaccio    |     at /opt/verdaccio/node_modules/abstract-leveldown/abstract-leveldown.js:30:14
verdaccio    |     at /opt/verdaccio/node_modules/deferred-leveldown/deferred-leveldown.js:20:21
verdaccio    |     at /opt/verdaccio/node_modules/encoding-down/node_modules/abstract-leveldown/abstract-leveldown.js:30:14
verdaccio    |     at /opt/verdaccio/node_modules/leveldown/node_modules/abstract-leveldown/abstract-leveldown.js:30:14
verdaccio    | (node:7) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 1)
verdaccio    | (node:7) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

My current processing method is to give it root permissions in order to create a .token-db directory. This configuration makes it work, but it is not secure.The docker-compose.yml I use is as follows

version: '3'

services:
  verdaccio:
    image: verdaccio/verdaccio:token-feat
    hostname: verdaccio
    container_name: verdaccio
    user: root
    ports:
      - 4873:4873
    volumes:
      - ./storage:/verdaccio/storage
      - ./plugins:/verdaccio/plugins
      - ./conf:/verdaccio/conf
    restart: always

The configuration is as follows

#
# This is the config file used for the docker images.
# It allows all users to do anything, so don't use it on production systems.
#
# Do not configure host and port under `listen` in this file
# as it will be ignored when using docker.
# see https://verdaccio.org/docs/en/docker#docker-and-custom-port-configuration
#
# Look here for more config file examples:
# https://github.com/verdaccio/verdaccio/tree/master/conf
#

# path to a directory with all packages
storage: /verdaccio/storage/data
# path to a directory with plugins to include
plugins: /verdaccio/plugins

web:
  # WebUI is enabled as default, if you want disable it, just uncomment this line
  #enable: false
  title: Verdaccio
  # comment out to disable gravatar support
  # gravatar: false
  # by default packages are ordercer ascendant (asc|desc)
  # sort_packages: asc

auth:
  htpasswd:
    file: /verdaccio/conf/htpasswd
    # Maximum amount of users allowed to register, defaults to "+infinity".
    # You can set this to -1 to disable registration.
    # max_users: 1000

security:
  api:
    jwt:
      sign:
        expiresIn: 60d
        notBefore: 1
  web:
    sign:
      expiresIn: 7d
      notBefore: 1

# a list of other known repositories we can talk to
uplinks:
  npmjs:
    url: https://registry.npm.taobao.org/

packages:
  '@*/*':
    # scoped packages
    access: $authenticated
    publish: $authenticated
    unpublish: $authenticated
    proxy: npmjs

  '**':
    # allow all users (including non-authenticated users) to read and
    # publish all packages
    #
    # you can specify usernames/groupnames (depending on your auth plugin)
    # and three keywords: "$all", "$anonymous", "$authenticated"
    access: $authenticated

    # allow all known users to publish/publish packages
    # (anyone can register by default, remember?)
    publish: $authenticated
    unpublish: $authenticated

    # if package is not available locally, proxy requests to 'npmjs' registry
    proxy: npmjs

middlewares:
  audit:
    enabled: true

# log settings
logs:
  - { type: stdout, format: pretty, level: http }
  #- {type: file, path: verdaccio.log, level: info}

experiments:
  token: true