From 0fd7ca52fa0e2931a5b207eadf4dca38d2b92035 Mon Sep 17 00:00:00 2001 From: npm CLI robot Date: Sat, 8 Jul 2023 12:19:46 -0700 Subject: [PATCH] deps: upgrade npm to 9.8.0 PR-URL: https://github.com/nodejs/node/pull/48665 Reviewed-By: Luke Karrys Reviewed-By: Luigi Pinca Reviewed-By: Mohammed Keyvanzadeh --- deps/npm/bin/npm | 27 +- deps/npm/bin/npm.ps1 | 35 +++ deps/npm/bin/npx | 27 +- deps/npm/bin/npx.ps1 | 35 +++ deps/npm/docs/content/commands/npm-ls.md | 2 +- deps/npm/docs/content/commands/npm-pkg.md | 8 + deps/npm/docs/content/commands/npm.md | 2 +- deps/npm/docs/output/commands/npm-ls.html | 2 +- deps/npm/docs/output/commands/npm-pkg.html | 8 + deps/npm/docs/output/commands/npm.html | 2 +- deps/npm/lib/commands/pkg.js | 8 + deps/npm/man/man1/npm-access.1 | 2 +- deps/npm/man/man1/npm-adduser.1 | 2 +- deps/npm/man/man1/npm-audit.1 | 2 +- deps/npm/man/man1/npm-bugs.1 | 2 +- deps/npm/man/man1/npm-cache.1 | 2 +- deps/npm/man/man1/npm-ci.1 | 2 +- deps/npm/man/man1/npm-completion.1 | 2 +- deps/npm/man/man1/npm-config.1 | 2 +- deps/npm/man/man1/npm-dedupe.1 | 2 +- deps/npm/man/man1/npm-deprecate.1 | 2 +- deps/npm/man/man1/npm-diff.1 | 2 +- deps/npm/man/man1/npm-dist-tag.1 | 2 +- deps/npm/man/man1/npm-docs.1 | 2 +- deps/npm/man/man1/npm-doctor.1 | 2 +- deps/npm/man/man1/npm-edit.1 | 2 +- deps/npm/man/man1/npm-exec.1 | 2 +- deps/npm/man/man1/npm-explain.1 | 2 +- deps/npm/man/man1/npm-explore.1 | 2 +- deps/npm/man/man1/npm-find-dupes.1 | 2 +- deps/npm/man/man1/npm-fund.1 | 2 +- deps/npm/man/man1/npm-help-search.1 | 2 +- deps/npm/man/man1/npm-help.1 | 2 +- deps/npm/man/man1/npm-hook.1 | 2 +- deps/npm/man/man1/npm-init.1 | 2 +- deps/npm/man/man1/npm-install-ci-test.1 | 2 +- deps/npm/man/man1/npm-install-test.1 | 2 +- deps/npm/man/man1/npm-install.1 | 2 +- deps/npm/man/man1/npm-link.1 | 2 +- deps/npm/man/man1/npm-login.1 | 2 +- deps/npm/man/man1/npm-logout.1 | 2 +- deps/npm/man/man1/npm-ls.1 | 4 +- deps/npm/man/man1/npm-org.1 | 2 +- deps/npm/man/man1/npm-outdated.1 | 2 +- deps/npm/man/man1/npm-owner.1 | 2 +- deps/npm/man/man1/npm-pack.1 | 2 +- deps/npm/man/man1/npm-ping.1 | 2 +- deps/npm/man/man1/npm-pkg.1 | 7 +- deps/npm/man/man1/npm-prefix.1 | 2 +- deps/npm/man/man1/npm-profile.1 | 2 +- deps/npm/man/man1/npm-prune.1 | 2 +- deps/npm/man/man1/npm-publish.1 | 2 +- deps/npm/man/man1/npm-query.1 | 2 +- deps/npm/man/man1/npm-rebuild.1 | 2 +- deps/npm/man/man1/npm-repo.1 | 2 +- deps/npm/man/man1/npm-restart.1 | 2 +- deps/npm/man/man1/npm-root.1 | 2 +- deps/npm/man/man1/npm-run-script.1 | 2 +- deps/npm/man/man1/npm-search.1 | 2 +- deps/npm/man/man1/npm-shrinkwrap.1 | 2 +- deps/npm/man/man1/npm-star.1 | 2 +- deps/npm/man/man1/npm-stars.1 | 2 +- deps/npm/man/man1/npm-start.1 | 2 +- deps/npm/man/man1/npm-stop.1 | 2 +- deps/npm/man/man1/npm-team.1 | 2 +- deps/npm/man/man1/npm-test.1 | 2 +- deps/npm/man/man1/npm-token.1 | 2 +- deps/npm/man/man1/npm-uninstall.1 | 2 +- deps/npm/man/man1/npm-unpublish.1 | 2 +- deps/npm/man/man1/npm-unstar.1 | 2 +- deps/npm/man/man1/npm-update.1 | 2 +- deps/npm/man/man1/npm-version.1 | 2 +- deps/npm/man/man1/npm-view.1 | 2 +- deps/npm/man/man1/npm-whoami.1 | 2 +- deps/npm/man/man1/npm.1 | 4 +- deps/npm/man/man1/npx.1 | 2 +- deps/npm/man/man5/folders.5 | 2 +- deps/npm/man/man5/install.5 | 2 +- deps/npm/man/man5/npm-global.5 | 2 +- deps/npm/man/man5/npm-json.5 | 2 +- deps/npm/man/man5/npm-shrinkwrap-json.5 | 2 +- deps/npm/man/man5/npmrc.5 | 2 +- deps/npm/man/man5/package-json.5 | 2 +- deps/npm/man/man5/package-lock-json.5 | 2 +- deps/npm/man/man7/config.7 | 2 +- deps/npm/man/man7/dependency-selectors.7 | 2 +- deps/npm/man/man7/developers.7 | 2 +- deps/npm/man/man7/logging.7 | 2 +- deps/npm/man/man7/orgs.7 | 2 +- deps/npm/man/man7/package-spec.7 | 2 +- deps/npm/man/man7/registry.7 | 2 +- deps/npm/man/man7/removal.7 | 2 +- deps/npm/man/man7/scope.7 | 2 +- deps/npm/man/man7/scripts.7 | 2 +- deps/npm/man/man7/workspaces.7 | 2 +- .../@npmcli/arborist/lib/arborist/reify.js | 3 +- .../@npmcli/arborist/package.json | 4 +- .../@npmcli/package-json/lib/index.js | 172 ++++++---- .../@npmcli/package-json/lib/normalize.js | 88 +++++- .../@npmcli/package-json/package.json | 2 +- .../node_modules/@sigstore/tuf/package.json | 12 +- deps/npm/node_modules/libnpmdiff/package.json | 4 +- deps/npm/node_modules/libnpmexec/package.json | 4 +- deps/npm/node_modules/libnpmfund/package.json | 4 +- deps/npm/node_modules/libnpmpack/package.json | 4 +- .../libnpmpublish/lib/provenance.js | 82 +++-- .../node_modules/libnpmpublish/package.json | 2 +- .../node_modules/sigstore/dist/config.d.ts | 3 + .../sigstore/dist/external/rekor.d.ts | 4 +- .../sigstore/dist/merkle/digest.d.ts | 8 - .../sigstore/dist/merkle/digest.js | 48 --- .../sigstore/dist/merkle/index.d.ts | 2 - .../sigstore/dist/merkle/index.js | 22 -- .../sigstore/dist/merkle/verify.d.ts | 3 - .../sigstore/dist/merkle/verify.js | 78 ----- .../sigstore/dist/sigstore-utils.js | 2 +- .../node_modules/sigstore/dist/sigstore.d.ts | 4 + .../node_modules/sigstore/dist/sigstore.js | 24 +- .../sigstore/dist/tlog/verify/index.d.ts | 2 +- .../sigstore/dist/tlog/verify/index.js | 10 +- .../sigstore/dist/tlog/verify/merkle.d.ts | 2 + .../sigstore/dist/tlog/verify/merkle.js | 109 +++++++ .../sigstore/dist/types/sigstore/index.d.ts | 27 +- .../sigstore/dist/types/sigstore/index.js | 67 ++-- .../dist/types/sigstore/serialized.d.ts | 11 +- .../dist/types/sigstore/validate.d.ts | 2 +- .../sigstore/dist/types/sigstore/validate.js | 15 + .../node_modules/sigstore/dist/verify.d.ts | 2 +- deps/npm/node_modules/sigstore/package.json | 17 +- .../store/public-good-instance-root.json | 1 - deps/npm/package.json | 18 +- .../tap-snapshots/test/lib/docs.js.test.cjs | 2 + deps/npm/test/bin/windows-shims.js | 294 ++++++++++++------ deps/npm/test/lib/commands/pkg.js | 18 ++ deps/npm/test/lib/commands/publish.js | 2 +- 135 files changed, 941 insertions(+), 570 deletions(-) create mode 100644 deps/npm/bin/npm.ps1 create mode 100644 deps/npm/bin/npx.ps1 delete mode 100644 deps/npm/node_modules/sigstore/dist/merkle/digest.d.ts delete mode 100644 deps/npm/node_modules/sigstore/dist/merkle/digest.js delete mode 100644 deps/npm/node_modules/sigstore/dist/merkle/index.d.ts delete mode 100644 deps/npm/node_modules/sigstore/dist/merkle/index.js delete mode 100644 deps/npm/node_modules/sigstore/dist/merkle/verify.d.ts delete mode 100644 deps/npm/node_modules/sigstore/dist/merkle/verify.js create mode 100644 deps/npm/node_modules/sigstore/dist/tlog/verify/merkle.d.ts create mode 100644 deps/npm/node_modules/sigstore/dist/tlog/verify/merkle.js delete mode 100644 deps/npm/node_modules/sigstore/store/public-good-instance-root.json diff --git a/deps/npm/bin/npm b/deps/npm/bin/npm index a08b4d113c444a..7f210b936e1fad 100755 --- a/deps/npm/bin/npm +++ b/deps/npm/bin/npm @@ -11,6 +11,16 @@ case `uname` in *CYGWIN*) basedir=`cygpath -w "$basedir"`;; esac +if [ `uname` = 'Linux' ] && type wslpath &>/dev/null ; then + IS_WSL="true" +fi + +function no_node_dir { + # if this didn't work, then everything else below will fail + echo "Could not determine Node.js install directory" >&2 + exit 1 +} + NODE_EXE="$basedir/node.exe" if ! [ -x "$NODE_EXE" ]; then NODE_EXE="$basedir/node" @@ -21,13 +31,20 @@ fi # this path is passed to node.exe, so it needs to match whatever # kind of paths Node.js thinks it's using, typically win32 paths. -CLI_BASEDIR="$("$NODE_EXE" -p 'require("path").dirname(process.execPath)')" +CLI_BASEDIR="$("$NODE_EXE" -p 'require("path").dirname(process.execPath)' 2> /dev/null)" +if [ $? -ne 0 ]; then + # this fails under WSL 1 so add an additional message. we also suppress stderr above + # because the actual error raised is not helpful. in WSL 1 node.exe cannot handle + # output redirection properly. See https://github.com/microsoft/WSL/issues/2370 + if [ "$IS_WSL" == "true" ]; then + echo "WSL 1 is not supported. Please upgrade to WSL 2 or above." >&2 + fi + no_node_dir +fi NPM_CLI_JS="$CLI_BASEDIR/node_modules/npm/bin/npm-cli.js" NPM_PREFIX=`"$NODE_EXE" "$NPM_CLI_JS" prefix -g` if [ $? -ne 0 ]; then - # if this didn't work, then everything else below will fail - echo "Could not determine Node.js install directory" >&2 - exit 1 + no_node_dir fi NPM_PREFIX_NPM_CLI_JS="$NPM_PREFIX/node_modules/npm/bin/npm-cli.js" @@ -37,7 +54,7 @@ NPM_WSL_PATH="/.." # WSL can run Windows binaries, so we have to give it the win32 path # however, WSL bash tests against posix paths, so we need to construct that # to know if npm is installed globally. -if [ `uname` = 'Linux' ] && type wslpath &>/dev/null ; then +if [ "$IS_WSL" == "true" ]; then NPM_WSL_PATH=`wslpath "$NPM_PREFIX_NPM_CLI_JS"` fi if [ -f "$NPM_PREFIX_NPM_CLI_JS" ] || [ -f "$NPM_WSL_PATH" ]; then diff --git a/deps/npm/bin/npm.ps1 b/deps/npm/bin/npm.ps1 new file mode 100644 index 00000000000000..f2f236adc23db2 --- /dev/null +++ b/deps/npm/bin/npm.ps1 @@ -0,0 +1,35 @@ +#!/usr/bin/env pwsh +$basedir=Split-Path $MyInvocation.MyCommand.Definition -Parent + +$exe="" +if ($PSVersionTable.PSVersion -lt "6.0" -or $IsWindows) { + # Fix case when both the Windows and Linux builds of Node + # are installed in the same directory + $exe=".exe" +} +$ret=0 + +$nodeexe = "node$exe" +$nodebin = $(Get-Command $nodeexe -ErrorAction SilentlyContinue -ErrorVariable F).Source +if ($nodebin -eq $null) { + Write-Host "$nodeexe not found." + exit 1 +} +$nodedir = $(New-Object -ComObject Scripting.FileSystemObject).GetFile("$nodebin").ParentFolder.Path + +$npmclijs="$nodedir/node_modules/npm/bin/npm-cli.js" +$npmprefix=(& $nodeexe $npmclijs prefix -g) +if ($LASTEXITCODE -ne 0) { + Write-Host "Could not determine Node.js install directory" + exit 1 +} +$npmprefixclijs="$npmprefix/node_modules/npm/bin/npm-cli.js" + +# Support pipeline input +if ($MyInvocation.ExpectingInput) { + $input | & $nodeexe $npmprefixclijs $args +} else { + & $nodeexe $npmprefixclijs $args +} +$ret=$LASTEXITCODE +exit $ret diff --git a/deps/npm/bin/npx b/deps/npm/bin/npx index c51ad45cb68aea..719ff8ecdc19b9 100755 --- a/deps/npm/bin/npx +++ b/deps/npm/bin/npx @@ -11,6 +11,16 @@ case `uname` in *CYGWIN*) basedir=`cygpath -w "$basedir"`;; esac +if [ `uname` = 'Linux' ] && type wslpath &>/dev/null ; then + IS_WSL="true" +fi + +function no_node_dir { + # if this didn't work, then everything else below will fail + echo "Could not determine Node.js install directory" >&2 + exit 1 +} + NODE_EXE="$basedir/node.exe" if ! [ -x "$NODE_EXE" ]; then NODE_EXE="$basedir/node" @@ -21,14 +31,21 @@ fi # this path is passed to node.exe, so it needs to match whatever # kind of paths Node.js thinks it's using, typically win32 paths. -CLI_BASEDIR="$("$NODE_EXE" -p 'require("path").dirname(process.execPath)')" +CLI_BASEDIR="$("$NODE_EXE" -p 'require("path").dirname(process.execPath)' 2> /dev/null)" +if [ $? -ne 0 ]; then + # this fails under WSL 1 so add an additional message. we also suppress stderr above + # because the actual error raised is not helpful. in WSL 1 node.exe cannot handle + # output redirection properly. See https://github.com/microsoft/WSL/issues/2370 + if [ "$IS_WSL" == "true" ]; then + echo "WSL 1 is not supported. Please upgrade to WSL 2 or above." >&2 + fi + no_node_dir +fi NPM_CLI_JS="$CLI_BASEDIR/node_modules/npm/bin/npm-cli.js" NPX_CLI_JS="$CLI_BASEDIR/node_modules/npm/bin/npx-cli.js" NPM_PREFIX=`"$NODE_EXE" "$NPM_CLI_JS" prefix -g` if [ $? -ne 0 ]; then - # if this didn't work, then everything else below will fail - echo "Could not determine Node.js install directory" >&2 - exit 1 + no_node_dir fi NPM_PREFIX_NPX_CLI_JS="$NPM_PREFIX/node_modules/npm/bin/npx-cli.js" @@ -38,7 +55,7 @@ NPX_WSL_PATH="/.." # WSL can run Windows binaries, so we have to give it the win32 path # however, WSL bash tests against posix paths, so we need to construct that # to know if npm is installed globally. -if [ `uname` = 'Linux' ] && type wslpath &>/dev/null ; then +if [ "$IS_WSL" == "true" ]; then NPX_WSL_PATH=`wslpath "$NPM_PREFIX_NPX_CLI_JS"` fi if [ -f "$NPM_PREFIX_NPX_CLI_JS" ] || [ -f "$NPX_WSL_PATH" ]; then diff --git a/deps/npm/bin/npx.ps1 b/deps/npm/bin/npx.ps1 new file mode 100644 index 00000000000000..437e2a7b74c3af --- /dev/null +++ b/deps/npm/bin/npx.ps1 @@ -0,0 +1,35 @@ +#!/usr/bin/env pwsh +$basedir=Split-Path $MyInvocation.MyCommand.Definition -Parent + +$exe="" +if ($PSVersionTable.PSVersion -lt "6.0" -or $IsWindows) { + # Fix case when both the Windows and Linux builds of Node + # are installed in the same directory + $exe=".exe" +} +$ret=0 + +$nodeexe = "node$exe" +$nodebin = $(Get-Command $nodeexe -ErrorAction SilentlyContinue -ErrorVariable F).Source +if ($nodebin -eq $null) { + Write-Host "$nodeexe not found." + exit 1 +} +$nodedir = $(New-Object -ComObject Scripting.FileSystemObject).GetFile("$nodebin").ParentFolder.Path + +$npmclijs="$nodedir/node_modules/npm/bin/npm-cli.js" +$npmprefix=(& $nodeexe $npmclijs prefix -g) +if ($LASTEXITCODE -ne 0) { + Write-Host "Could not determine Node.js install directory" + exit 1 +} +$npmprefixclijs="$npmprefix/node_modules/npm/bin/npx-cli.js" + +# Support pipeline input +if ($MyInvocation.ExpectingInput) { + $input | & $nodeexe $npmprefixclijs $args +} else { + & $nodeexe $npmprefixclijs $args +} +$ret=$LASTEXITCODE +exit $ret diff --git a/deps/npm/docs/content/commands/npm-ls.md b/deps/npm/docs/content/commands/npm-ls.md index 274c45361042d3..9f9e07445353f7 100644 --- a/deps/npm/docs/content/commands/npm-ls.md +++ b/deps/npm/docs/content/commands/npm-ls.md @@ -27,7 +27,7 @@ packages will *also* show the paths to the specified packages. For example, running `npm ls promzard` in npm's source tree will show: ```bash -npm@9.7.2 /path/to/npm +npm@9.8.0 /path/to/npm └─┬ init-package-json@0.0.4 └── promzard@0.1.5 ``` diff --git a/deps/npm/docs/content/commands/npm-pkg.md b/deps/npm/docs/content/commands/npm-pkg.md index 1df2a8d1ddb898..79f2e9647eecd2 100644 --- a/deps/npm/docs/content/commands/npm-pkg.md +++ b/deps/npm/docs/content/commands/npm-pkg.md @@ -12,6 +12,7 @@ npm pkg get [ [ ...]] npm pkg delete [ ...] npm pkg set [[].= ...] npm pkg set [[].= ...] +npm pkg fix ``` ### Description @@ -141,6 +142,13 @@ Returned values are always in **json** format. npm pkg delete scripts.build ``` +* `npm pkg fix` + + Auto corrects common errors in your `package.json`. npm already + does this during `publish`, which leads to subtle (mostly harmless) + differences between the contents of your `package.json` file and the + manifest that npm uses during installation. + ### Workspaces support You can set/get/delete items across your configured workspaces by using the diff --git a/deps/npm/docs/content/commands/npm.md b/deps/npm/docs/content/commands/npm.md index eafb7474e439b2..bf73b4670cf418 100644 --- a/deps/npm/docs/content/commands/npm.md +++ b/deps/npm/docs/content/commands/npm.md @@ -14,7 +14,7 @@ Note: This command is unaware of workspaces. ### Version -9.7.2 +9.8.0 ### Description diff --git a/deps/npm/docs/output/commands/npm-ls.html b/deps/npm/docs/output/commands/npm-ls.html index 2ab7bf6aa3f6ad..85cc2d7a9a64cb 100644 --- a/deps/npm/docs/output/commands/npm-ls.html +++ b/deps/npm/docs/output/commands/npm-ls.html @@ -160,7 +160,7 @@

Description

the results to only the paths to the packages named. Note that nested packages will also show the paths to the specified packages. For example, running npm ls promzard in npm's source tree will show:

-
npm@9.7.2 /path/to/npm
+
npm@9.8.0 /path/to/npm
 └─┬ init-package-json@0.0.4
   └── promzard@0.1.5
 
diff --git a/deps/npm/docs/output/commands/npm-pkg.html b/deps/npm/docs/output/commands/npm-pkg.html index 210547252e7677..0a0b84107b7587 100644 --- a/deps/npm/docs/output/commands/npm-pkg.html +++ b/deps/npm/docs/output/commands/npm-pkg.html @@ -151,6 +151,7 @@

Table of contents

npm pkg delete <key> [<key> ...] npm pkg set [<array>[<index>].<key>=<value> ...] npm pkg set [<array>[].<key>=<value> ...] +npm pkg fix

Description

A command that automates the management of package.json files. @@ -236,6 +237,13 @@

Description

npm pkg delete scripts.build
 
+
  • +

    npm pkg fix

    +

    Auto corrects common errors in your package.json. npm already +does this during publish, which leads to subtle (mostly harmless) +differences between the contents of your package.json file and the +manifest that npm uses during installation.

    +
  • Workspaces support

    You can set/get/delete items across your configured workspaces by using the diff --git a/deps/npm/docs/output/commands/npm.html b/deps/npm/docs/output/commands/npm.html index 15c22b36a3026e..5e34bb2bffaad4 100644 --- a/deps/npm/docs/output/commands/npm.html +++ b/deps/npm/docs/output/commands/npm.html @@ -150,7 +150,7 @@

    Table of contents

    Note: This command is unaware of workspaces.

    Version

    -

    9.7.2

    +

    9.8.0

    Description

    npm is the package manager for the Node JavaScript platform. It puts modules in place so that node can find them, and manages dependency diff --git a/deps/npm/lib/commands/pkg.js b/deps/npm/lib/commands/pkg.js index 5cdcd207887c9e..29bd4e89cc3c17 100644 --- a/deps/npm/lib/commands/pkg.js +++ b/deps/npm/lib/commands/pkg.js @@ -11,6 +11,7 @@ class Pkg extends BaseCommand { 'delete [ ...]', 'set [[].= ...]', 'set [[].= ...]', + 'fix', ] static params = [ @@ -45,6 +46,8 @@ class Pkg extends BaseCommand { return this.set(_args) case 'delete': return this.delete(_args) + case 'fix': + return this.fix(_args) default: throw this.usageError() } @@ -136,6 +139,11 @@ class Pkg extends BaseCommand { pkgJson.update(q.toJSON()) await pkgJson.save() } + + async fix () { + const pkgJson = await PackageJson.fix(this.prefix) + await pkgJson.save() + } } module.exports = Pkg diff --git a/deps/npm/man/man1/npm-access.1 b/deps/npm/man/man1/npm-access.1 index 96534a0850595a..b6266e1c49ba22 100644 --- a/deps/npm/man/man1/npm-access.1 +++ b/deps/npm/man/man1/npm-access.1 @@ -1,4 +1,4 @@ -.TH "NPM-ACCESS" "1" "June 2023" "" "" +.TH "NPM-ACCESS" "1" "July 2023" "" "" .SH "NAME" \fBnpm-access\fR - Set access level on published packages .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-adduser.1 b/deps/npm/man/man1/npm-adduser.1 index 3a018dbdb9bc15..c38b6251f94abe 100644 --- a/deps/npm/man/man1/npm-adduser.1 +++ b/deps/npm/man/man1/npm-adduser.1 @@ -1,4 +1,4 @@ -.TH "NPM-ADDUSER" "1" "June 2023" "" "" +.TH "NPM-ADDUSER" "1" "July 2023" "" "" .SH "NAME" \fBnpm-adduser\fR - Add a registry user account .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-audit.1 b/deps/npm/man/man1/npm-audit.1 index da9a483715f697..35fb73e57860c5 100644 --- a/deps/npm/man/man1/npm-audit.1 +++ b/deps/npm/man/man1/npm-audit.1 @@ -1,4 +1,4 @@ -.TH "NPM-AUDIT" "1" "June 2023" "" "" +.TH "NPM-AUDIT" "1" "July 2023" "" "" .SH "NAME" \fBnpm-audit\fR - Run a security audit .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-bugs.1 b/deps/npm/man/man1/npm-bugs.1 index a5ddd4e79cf712..8fac5248b8a812 100644 --- a/deps/npm/man/man1/npm-bugs.1 +++ b/deps/npm/man/man1/npm-bugs.1 @@ -1,4 +1,4 @@ -.TH "NPM-BUGS" "1" "June 2023" "" "" +.TH "NPM-BUGS" "1" "July 2023" "" "" .SH "NAME" \fBnpm-bugs\fR - Report bugs for a package in a web browser .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-cache.1 b/deps/npm/man/man1/npm-cache.1 index 5669388f55387d..f16723a031d50b 100644 --- a/deps/npm/man/man1/npm-cache.1 +++ b/deps/npm/man/man1/npm-cache.1 @@ -1,4 +1,4 @@ -.TH "NPM-CACHE" "1" "June 2023" "" "" +.TH "NPM-CACHE" "1" "July 2023" "" "" .SH "NAME" \fBnpm-cache\fR - Manipulates packages cache .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-ci.1 b/deps/npm/man/man1/npm-ci.1 index 05e435ec7b9fcf..a8c641634a7a76 100644 --- a/deps/npm/man/man1/npm-ci.1 +++ b/deps/npm/man/man1/npm-ci.1 @@ -1,4 +1,4 @@ -.TH "NPM-CI" "1" "June 2023" "" "" +.TH "NPM-CI" "1" "July 2023" "" "" .SH "NAME" \fBnpm-ci\fR - Clean install a project .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-completion.1 b/deps/npm/man/man1/npm-completion.1 index d72df722ccd343..fbf5a68626d391 100644 --- a/deps/npm/man/man1/npm-completion.1 +++ b/deps/npm/man/man1/npm-completion.1 @@ -1,4 +1,4 @@ -.TH "NPM-COMPLETION" "1" "June 2023" "" "" +.TH "NPM-COMPLETION" "1" "July 2023" "" "" .SH "NAME" \fBnpm-completion\fR - Tab Completion for npm .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-config.1 b/deps/npm/man/man1/npm-config.1 index 4b19fa0e473575..77fd28de8f05f9 100644 --- a/deps/npm/man/man1/npm-config.1 +++ b/deps/npm/man/man1/npm-config.1 @@ -1,4 +1,4 @@ -.TH "NPM-CONFIG" "1" "June 2023" "" "" +.TH "NPM-CONFIG" "1" "July 2023" "" "" .SH "NAME" \fBnpm-config\fR - Manage the npm configuration files .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-dedupe.1 b/deps/npm/man/man1/npm-dedupe.1 index 56e57db5eb54d0..bb97e329c50bce 100644 --- a/deps/npm/man/man1/npm-dedupe.1 +++ b/deps/npm/man/man1/npm-dedupe.1 @@ -1,4 +1,4 @@ -.TH "NPM-DEDUPE" "1" "June 2023" "" "" +.TH "NPM-DEDUPE" "1" "July 2023" "" "" .SH "NAME" \fBnpm-dedupe\fR - Reduce duplication in the package tree .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-deprecate.1 b/deps/npm/man/man1/npm-deprecate.1 index 1458a880fca9d2..36b97e30f0aa02 100644 --- a/deps/npm/man/man1/npm-deprecate.1 +++ b/deps/npm/man/man1/npm-deprecate.1 @@ -1,4 +1,4 @@ -.TH "NPM-DEPRECATE" "1" "June 2023" "" "" +.TH "NPM-DEPRECATE" "1" "July 2023" "" "" .SH "NAME" \fBnpm-deprecate\fR - Deprecate a version of a package .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-diff.1 b/deps/npm/man/man1/npm-diff.1 index 44df189c3910b9..99bbc2fe01d0ca 100644 --- a/deps/npm/man/man1/npm-diff.1 +++ b/deps/npm/man/man1/npm-diff.1 @@ -1,4 +1,4 @@ -.TH "NPM-DIFF" "1" "June 2023" "" "" +.TH "NPM-DIFF" "1" "July 2023" "" "" .SH "NAME" \fBnpm-diff\fR - The registry diff command .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-dist-tag.1 b/deps/npm/man/man1/npm-dist-tag.1 index 11e501009fb13b..16ebcdbf0311d3 100644 --- a/deps/npm/man/man1/npm-dist-tag.1 +++ b/deps/npm/man/man1/npm-dist-tag.1 @@ -1,4 +1,4 @@ -.TH "NPM-DIST-TAG" "1" "June 2023" "" "" +.TH "NPM-DIST-TAG" "1" "July 2023" "" "" .SH "NAME" \fBnpm-dist-tag\fR - Modify package distribution tags .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-docs.1 b/deps/npm/man/man1/npm-docs.1 index dd701e97099786..779b89157c4e81 100644 --- a/deps/npm/man/man1/npm-docs.1 +++ b/deps/npm/man/man1/npm-docs.1 @@ -1,4 +1,4 @@ -.TH "NPM-DOCS" "1" "June 2023" "" "" +.TH "NPM-DOCS" "1" "July 2023" "" "" .SH "NAME" \fBnpm-docs\fR - Open documentation for a package in a web browser .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-doctor.1 b/deps/npm/man/man1/npm-doctor.1 index b1d36f31034abb..a1eef652698146 100644 --- a/deps/npm/man/man1/npm-doctor.1 +++ b/deps/npm/man/man1/npm-doctor.1 @@ -1,4 +1,4 @@ -.TH "NPM-DOCTOR" "1" "June 2023" "" "" +.TH "NPM-DOCTOR" "1" "July 2023" "" "" .SH "NAME" \fBnpm-doctor\fR - Check your npm environment .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-edit.1 b/deps/npm/man/man1/npm-edit.1 index 140946f3a1d30c..ee7b76bd9d7dec 100644 --- a/deps/npm/man/man1/npm-edit.1 +++ b/deps/npm/man/man1/npm-edit.1 @@ -1,4 +1,4 @@ -.TH "NPM-EDIT" "1" "June 2023" "" "" +.TH "NPM-EDIT" "1" "July 2023" "" "" .SH "NAME" \fBnpm-edit\fR - Edit an installed package .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-exec.1 b/deps/npm/man/man1/npm-exec.1 index d6efae12633f32..9e6af781c52267 100644 --- a/deps/npm/man/man1/npm-exec.1 +++ b/deps/npm/man/man1/npm-exec.1 @@ -1,4 +1,4 @@ -.TH "NPM-EXEC" "1" "June 2023" "" "" +.TH "NPM-EXEC" "1" "July 2023" "" "" .SH "NAME" \fBnpm-exec\fR - Run a command from a local or remote npm package .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-explain.1 b/deps/npm/man/man1/npm-explain.1 index 1a32c14c1d3d71..9985e3cb482836 100644 --- a/deps/npm/man/man1/npm-explain.1 +++ b/deps/npm/man/man1/npm-explain.1 @@ -1,4 +1,4 @@ -.TH "NPM-EXPLAIN" "1" "June 2023" "" "" +.TH "NPM-EXPLAIN" "1" "July 2023" "" "" .SH "NAME" \fBnpm-explain\fR - Explain installed packages .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-explore.1 b/deps/npm/man/man1/npm-explore.1 index 2e9549c753aa92..ee3ee6b7d64dc8 100644 --- a/deps/npm/man/man1/npm-explore.1 +++ b/deps/npm/man/man1/npm-explore.1 @@ -1,4 +1,4 @@ -.TH "NPM-EXPLORE" "1" "June 2023" "" "" +.TH "NPM-EXPLORE" "1" "July 2023" "" "" .SH "NAME" \fBnpm-explore\fR - Browse an installed package .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-find-dupes.1 b/deps/npm/man/man1/npm-find-dupes.1 index 13d9d3adebaafa..9d373635de18be 100644 --- a/deps/npm/man/man1/npm-find-dupes.1 +++ b/deps/npm/man/man1/npm-find-dupes.1 @@ -1,4 +1,4 @@ -.TH "NPM-FIND-DUPES" "1" "June 2023" "" "" +.TH "NPM-FIND-DUPES" "1" "July 2023" "" "" .SH "NAME" \fBnpm-find-dupes\fR - Find duplication in the package tree .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-fund.1 b/deps/npm/man/man1/npm-fund.1 index 074cd075823dc8..794d0431b4ed79 100644 --- a/deps/npm/man/man1/npm-fund.1 +++ b/deps/npm/man/man1/npm-fund.1 @@ -1,4 +1,4 @@ -.TH "NPM-FUND" "1" "June 2023" "" "" +.TH "NPM-FUND" "1" "July 2023" "" "" .SH "NAME" \fBnpm-fund\fR - Retrieve funding information .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-help-search.1 b/deps/npm/man/man1/npm-help-search.1 index 1de2840e884e26..0f85ec27c96f65 100644 --- a/deps/npm/man/man1/npm-help-search.1 +++ b/deps/npm/man/man1/npm-help-search.1 @@ -1,4 +1,4 @@ -.TH "NPM-HELP-SEARCH" "1" "June 2023" "" "" +.TH "NPM-HELP-SEARCH" "1" "July 2023" "" "" .SH "NAME" \fBnpm-help-search\fR - Search npm help documentation .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-help.1 b/deps/npm/man/man1/npm-help.1 index 340db5486a6451..9226fac417504f 100644 --- a/deps/npm/man/man1/npm-help.1 +++ b/deps/npm/man/man1/npm-help.1 @@ -1,4 +1,4 @@ -.TH "NPM-HELP" "1" "June 2023" "" "" +.TH "NPM-HELP" "1" "July 2023" "" "" .SH "NAME" \fBnpm-help\fR - Get help on npm .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-hook.1 b/deps/npm/man/man1/npm-hook.1 index 4dfab8c702c82e..df6ff9f56f0d66 100644 --- a/deps/npm/man/man1/npm-hook.1 +++ b/deps/npm/man/man1/npm-hook.1 @@ -1,4 +1,4 @@ -.TH "NPM-HOOK" "1" "June 2023" "" "" +.TH "NPM-HOOK" "1" "July 2023" "" "" .SH "NAME" \fBnpm-hook\fR - Manage registry hooks .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-init.1 b/deps/npm/man/man1/npm-init.1 index d74c57e3266c81..7a6722bea212f7 100644 --- a/deps/npm/man/man1/npm-init.1 +++ b/deps/npm/man/man1/npm-init.1 @@ -1,4 +1,4 @@ -.TH "NPM-INIT" "1" "June 2023" "" "" +.TH "NPM-INIT" "1" "July 2023" "" "" .SH "NAME" \fBnpm-init\fR - Create a package.json file .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-install-ci-test.1 b/deps/npm/man/man1/npm-install-ci-test.1 index 0aac5f1f874954..306c5e3e9b6895 100644 --- a/deps/npm/man/man1/npm-install-ci-test.1 +++ b/deps/npm/man/man1/npm-install-ci-test.1 @@ -1,4 +1,4 @@ -.TH "NPM-INSTALL-CI-TEST" "1" "June 2023" "" "" +.TH "NPM-INSTALL-CI-TEST" "1" "July 2023" "" "" .SH "NAME" \fBnpm-install-ci-test\fR - Install a project with a clean slate and run tests .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-install-test.1 b/deps/npm/man/man1/npm-install-test.1 index 2c80fec8d5d311..47dfcea404dcd3 100644 --- a/deps/npm/man/man1/npm-install-test.1 +++ b/deps/npm/man/man1/npm-install-test.1 @@ -1,4 +1,4 @@ -.TH "NPM-INSTALL-TEST" "1" "June 2023" "" "" +.TH "NPM-INSTALL-TEST" "1" "July 2023" "" "" .SH "NAME" \fBnpm-install-test\fR - Install package(s) and run tests .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-install.1 b/deps/npm/man/man1/npm-install.1 index 2b00bdfff809ae..1e93c6dba476e3 100644 --- a/deps/npm/man/man1/npm-install.1 +++ b/deps/npm/man/man1/npm-install.1 @@ -1,4 +1,4 @@ -.TH "NPM-INSTALL" "1" "June 2023" "" "" +.TH "NPM-INSTALL" "1" "July 2023" "" "" .SH "NAME" \fBnpm-install\fR - Install a package .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-link.1 b/deps/npm/man/man1/npm-link.1 index 38df2396ca9b08..9494902cf2f18a 100644 --- a/deps/npm/man/man1/npm-link.1 +++ b/deps/npm/man/man1/npm-link.1 @@ -1,4 +1,4 @@ -.TH "NPM-LINK" "1" "June 2023" "" "" +.TH "NPM-LINK" "1" "July 2023" "" "" .SH "NAME" \fBnpm-link\fR - Symlink a package folder .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-login.1 b/deps/npm/man/man1/npm-login.1 index f593dbb817ef87..fb07b4981e49a9 100644 --- a/deps/npm/man/man1/npm-login.1 +++ b/deps/npm/man/man1/npm-login.1 @@ -1,4 +1,4 @@ -.TH "NPM-LOGIN" "1" "June 2023" "" "" +.TH "NPM-LOGIN" "1" "July 2023" "" "" .SH "NAME" \fBnpm-login\fR - Login to a registry user account .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-logout.1 b/deps/npm/man/man1/npm-logout.1 index 1f3fbb5f40b0f4..9ee817a430f1fd 100644 --- a/deps/npm/man/man1/npm-logout.1 +++ b/deps/npm/man/man1/npm-logout.1 @@ -1,4 +1,4 @@ -.TH "NPM-LOGOUT" "1" "June 2023" "" "" +.TH "NPM-LOGOUT" "1" "July 2023" "" "" .SH "NAME" \fBnpm-logout\fR - Log out of the registry .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-ls.1 b/deps/npm/man/man1/npm-ls.1 index f33f857414b398..18be3b12c6599e 100644 --- a/deps/npm/man/man1/npm-ls.1 +++ b/deps/npm/man/man1/npm-ls.1 @@ -1,4 +1,4 @@ -.TH "NPM-LS" "1" "June 2023" "" "" +.TH "NPM-LS" "1" "July 2023" "" "" .SH "NAME" \fBnpm-ls\fR - List installed packages .SS "Synopsis" @@ -20,7 +20,7 @@ Positional arguments are \fBname@version-range\fR identifiers, which will limit .P .RS 2 .nf -npm@9.7.2 /path/to/npm +npm@9.8.0 /path/to/npm └─┬ init-package-json@0.0.4 └── promzard@0.1.5 .fi diff --git a/deps/npm/man/man1/npm-org.1 b/deps/npm/man/man1/npm-org.1 index 0d1d4458e2f0c5..f4584893ab84da 100644 --- a/deps/npm/man/man1/npm-org.1 +++ b/deps/npm/man/man1/npm-org.1 @@ -1,4 +1,4 @@ -.TH "NPM-ORG" "1" "June 2023" "" "" +.TH "NPM-ORG" "1" "July 2023" "" "" .SH "NAME" \fBnpm-org\fR - Manage orgs .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-outdated.1 b/deps/npm/man/man1/npm-outdated.1 index b1665a772b0b94..0c5d218eaa3526 100644 --- a/deps/npm/man/man1/npm-outdated.1 +++ b/deps/npm/man/man1/npm-outdated.1 @@ -1,4 +1,4 @@ -.TH "NPM-OUTDATED" "1" "June 2023" "" "" +.TH "NPM-OUTDATED" "1" "July 2023" "" "" .SH "NAME" \fBnpm-outdated\fR - Check for outdated packages .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-owner.1 b/deps/npm/man/man1/npm-owner.1 index 16a6febff6c7c6..b2d19405e83ca5 100644 --- a/deps/npm/man/man1/npm-owner.1 +++ b/deps/npm/man/man1/npm-owner.1 @@ -1,4 +1,4 @@ -.TH "NPM-OWNER" "1" "June 2023" "" "" +.TH "NPM-OWNER" "1" "July 2023" "" "" .SH "NAME" \fBnpm-owner\fR - Manage package owners .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-pack.1 b/deps/npm/man/man1/npm-pack.1 index 7803db5d7a8f8a..38869efc2e3f26 100644 --- a/deps/npm/man/man1/npm-pack.1 +++ b/deps/npm/man/man1/npm-pack.1 @@ -1,4 +1,4 @@ -.TH "NPM-PACK" "1" "June 2023" "" "" +.TH "NPM-PACK" "1" "July 2023" "" "" .SH "NAME" \fBnpm-pack\fR - Create a tarball from a package .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-ping.1 b/deps/npm/man/man1/npm-ping.1 index 568a752ae79da4..fdbc131fba1438 100644 --- a/deps/npm/man/man1/npm-ping.1 +++ b/deps/npm/man/man1/npm-ping.1 @@ -1,4 +1,4 @@ -.TH "NPM-PING" "1" "June 2023" "" "" +.TH "NPM-PING" "1" "July 2023" "" "" .SH "NAME" \fBnpm-ping\fR - Ping npm registry .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-pkg.1 b/deps/npm/man/man1/npm-pkg.1 index ec10aec156d281..806a5ae62bac31 100644 --- a/deps/npm/man/man1/npm-pkg.1 +++ b/deps/npm/man/man1/npm-pkg.1 @@ -1,4 +1,4 @@ -.TH "NPM-PKG" "1" "June 2023" "" "" +.TH "NPM-PKG" "1" "July 2023" "" "" .SH "NAME" \fBnpm-pkg\fR - Manages your package.json .SS "Synopsis" @@ -10,6 +10,7 @@ npm pkg get \[lB] \[lB] ...\[rB]\[rB] npm pkg delete \[lB] ...\[rB] npm pkg set \[lB]\[lB]\[rB].= ...\[rB] npm pkg set \[lB]\[lB]\[rB].= ...\[rB] +npm pkg fix .fi .RE .SS "Description" @@ -138,6 +139,10 @@ The same syntax used to set values from your package can also be used to remove npm pkg delete scripts.build .fi .RE +.IP \(bu 4 +\fBnpm pkg fix\fR +.P +Auto corrects common errors in your \fBpackage.json\fR. npm already does this during \fBpublish\fR, which leads to subtle (mostly harmless) differences between the contents of your \fBpackage.json\fR file and the manifest that npm uses during installation. .RE 0 .SS "Workspaces support" diff --git a/deps/npm/man/man1/npm-prefix.1 b/deps/npm/man/man1/npm-prefix.1 index 9b24982794ac1b..764e9b9dc31ff4 100644 --- a/deps/npm/man/man1/npm-prefix.1 +++ b/deps/npm/man/man1/npm-prefix.1 @@ -1,4 +1,4 @@ -.TH "NPM-PREFIX" "1" "June 2023" "" "" +.TH "NPM-PREFIX" "1" "July 2023" "" "" .SH "NAME" \fBnpm-prefix\fR - Display prefix .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-profile.1 b/deps/npm/man/man1/npm-profile.1 index cc5daf398a546e..47c7d2eca05841 100644 --- a/deps/npm/man/man1/npm-profile.1 +++ b/deps/npm/man/man1/npm-profile.1 @@ -1,4 +1,4 @@ -.TH "NPM-PROFILE" "1" "June 2023" "" "" +.TH "NPM-PROFILE" "1" "July 2023" "" "" .SH "NAME" \fBnpm-profile\fR - Change settings on your registry profile .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-prune.1 b/deps/npm/man/man1/npm-prune.1 index d724cc5282c7c5..fd4492f40845ed 100644 --- a/deps/npm/man/man1/npm-prune.1 +++ b/deps/npm/man/man1/npm-prune.1 @@ -1,4 +1,4 @@ -.TH "NPM-PRUNE" "1" "June 2023" "" "" +.TH "NPM-PRUNE" "1" "July 2023" "" "" .SH "NAME" \fBnpm-prune\fR - Remove extraneous packages .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-publish.1 b/deps/npm/man/man1/npm-publish.1 index bb315398794607..888977f67626f3 100644 --- a/deps/npm/man/man1/npm-publish.1 +++ b/deps/npm/man/man1/npm-publish.1 @@ -1,4 +1,4 @@ -.TH "NPM-PUBLISH" "1" "June 2023" "" "" +.TH "NPM-PUBLISH" "1" "July 2023" "" "" .SH "NAME" \fBnpm-publish\fR - Publish a package .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-query.1 b/deps/npm/man/man1/npm-query.1 index 84dcbb9775770d..e8bda254f3e19c 100644 --- a/deps/npm/man/man1/npm-query.1 +++ b/deps/npm/man/man1/npm-query.1 @@ -1,4 +1,4 @@ -.TH "NPM-QUERY" "1" "June 2023" "" "" +.TH "NPM-QUERY" "1" "July 2023" "" "" .SH "NAME" \fBnpm-query\fR - Dependency selector query .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-rebuild.1 b/deps/npm/man/man1/npm-rebuild.1 index e0f8c8e084c297..4d7644fa5dabaa 100644 --- a/deps/npm/man/man1/npm-rebuild.1 +++ b/deps/npm/man/man1/npm-rebuild.1 @@ -1,4 +1,4 @@ -.TH "NPM-REBUILD" "1" "June 2023" "" "" +.TH "NPM-REBUILD" "1" "July 2023" "" "" .SH "NAME" \fBnpm-rebuild\fR - Rebuild a package .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-repo.1 b/deps/npm/man/man1/npm-repo.1 index 91d81761c10586..233ae1c8def62b 100644 --- a/deps/npm/man/man1/npm-repo.1 +++ b/deps/npm/man/man1/npm-repo.1 @@ -1,4 +1,4 @@ -.TH "NPM-REPO" "1" "June 2023" "" "" +.TH "NPM-REPO" "1" "July 2023" "" "" .SH "NAME" \fBnpm-repo\fR - Open package repository page in the browser .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-restart.1 b/deps/npm/man/man1/npm-restart.1 index 0caa8f7eea4486..5df4da83185575 100644 --- a/deps/npm/man/man1/npm-restart.1 +++ b/deps/npm/man/man1/npm-restart.1 @@ -1,4 +1,4 @@ -.TH "NPM-RESTART" "1" "June 2023" "" "" +.TH "NPM-RESTART" "1" "July 2023" "" "" .SH "NAME" \fBnpm-restart\fR - Restart a package .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-root.1 b/deps/npm/man/man1/npm-root.1 index e640d17e025d2a..9d7f65b1eaf15e 100644 --- a/deps/npm/man/man1/npm-root.1 +++ b/deps/npm/man/man1/npm-root.1 @@ -1,4 +1,4 @@ -.TH "NPM-ROOT" "1" "June 2023" "" "" +.TH "NPM-ROOT" "1" "July 2023" "" "" .SH "NAME" \fBnpm-root\fR - Display npm root .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-run-script.1 b/deps/npm/man/man1/npm-run-script.1 index cdd5e4ad7ddb4b..2b458fc495568e 100644 --- a/deps/npm/man/man1/npm-run-script.1 +++ b/deps/npm/man/man1/npm-run-script.1 @@ -1,4 +1,4 @@ -.TH "NPM-RUN-SCRIPT" "1" "June 2023" "" "" +.TH "NPM-RUN-SCRIPT" "1" "July 2023" "" "" .SH "NAME" \fBnpm-run-script\fR - Run arbitrary package scripts .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-search.1 b/deps/npm/man/man1/npm-search.1 index f26ddca63b832d..30a9e7c0f9371b 100644 --- a/deps/npm/man/man1/npm-search.1 +++ b/deps/npm/man/man1/npm-search.1 @@ -1,4 +1,4 @@ -.TH "NPM-SEARCH" "1" "June 2023" "" "" +.TH "NPM-SEARCH" "1" "July 2023" "" "" .SH "NAME" \fBnpm-search\fR - Search for packages .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-shrinkwrap.1 b/deps/npm/man/man1/npm-shrinkwrap.1 index 0d641645964db9..932c73fa284ff4 100644 --- a/deps/npm/man/man1/npm-shrinkwrap.1 +++ b/deps/npm/man/man1/npm-shrinkwrap.1 @@ -1,4 +1,4 @@ -.TH "NPM-SHRINKWRAP" "1" "June 2023" "" "" +.TH "NPM-SHRINKWRAP" "1" "July 2023" "" "" .SH "NAME" \fBnpm-shrinkwrap\fR - Lock down dependency versions for publication .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-star.1 b/deps/npm/man/man1/npm-star.1 index 2bbd7b3e2de063..83bec1215ce124 100644 --- a/deps/npm/man/man1/npm-star.1 +++ b/deps/npm/man/man1/npm-star.1 @@ -1,4 +1,4 @@ -.TH "NPM-STAR" "1" "June 2023" "" "" +.TH "NPM-STAR" "1" "July 2023" "" "" .SH "NAME" \fBnpm-star\fR - Mark your favorite packages .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-stars.1 b/deps/npm/man/man1/npm-stars.1 index 3f8721a2fcf260..7651506c9135ee 100644 --- a/deps/npm/man/man1/npm-stars.1 +++ b/deps/npm/man/man1/npm-stars.1 @@ -1,4 +1,4 @@ -.TH "NPM-STARS" "1" "June 2023" "" "" +.TH "NPM-STARS" "1" "July 2023" "" "" .SH "NAME" \fBnpm-stars\fR - View packages marked as favorites .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-start.1 b/deps/npm/man/man1/npm-start.1 index 27c095652c3994..6d3fa76cd86681 100644 --- a/deps/npm/man/man1/npm-start.1 +++ b/deps/npm/man/man1/npm-start.1 @@ -1,4 +1,4 @@ -.TH "NPM-START" "1" "June 2023" "" "" +.TH "NPM-START" "1" "July 2023" "" "" .SH "NAME" \fBnpm-start\fR - Start a package .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-stop.1 b/deps/npm/man/man1/npm-stop.1 index 14742a96d8a10a..54611e36b08633 100644 --- a/deps/npm/man/man1/npm-stop.1 +++ b/deps/npm/man/man1/npm-stop.1 @@ -1,4 +1,4 @@ -.TH "NPM-STOP" "1" "June 2023" "" "" +.TH "NPM-STOP" "1" "July 2023" "" "" .SH "NAME" \fBnpm-stop\fR - Stop a package .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-team.1 b/deps/npm/man/man1/npm-team.1 index abed5a5d48d008..7b806f4412061b 100644 --- a/deps/npm/man/man1/npm-team.1 +++ b/deps/npm/man/man1/npm-team.1 @@ -1,4 +1,4 @@ -.TH "NPM-TEAM" "1" "June 2023" "" "" +.TH "NPM-TEAM" "1" "July 2023" "" "" .SH "NAME" \fBnpm-team\fR - Manage organization teams and team memberships .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-test.1 b/deps/npm/man/man1/npm-test.1 index 7f4945ba882db3..5e02ed40cdb14e 100644 --- a/deps/npm/man/man1/npm-test.1 +++ b/deps/npm/man/man1/npm-test.1 @@ -1,4 +1,4 @@ -.TH "NPM-TEST" "1" "June 2023" "" "" +.TH "NPM-TEST" "1" "July 2023" "" "" .SH "NAME" \fBnpm-test\fR - Test a package .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-token.1 b/deps/npm/man/man1/npm-token.1 index a9aeb2f6c24f53..242c82f2feb528 100644 --- a/deps/npm/man/man1/npm-token.1 +++ b/deps/npm/man/man1/npm-token.1 @@ -1,4 +1,4 @@ -.TH "NPM-TOKEN" "1" "June 2023" "" "" +.TH "NPM-TOKEN" "1" "July 2023" "" "" .SH "NAME" \fBnpm-token\fR - Manage your authentication tokens .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-uninstall.1 b/deps/npm/man/man1/npm-uninstall.1 index b35a578da663db..d89488ffc91a22 100644 --- a/deps/npm/man/man1/npm-uninstall.1 +++ b/deps/npm/man/man1/npm-uninstall.1 @@ -1,4 +1,4 @@ -.TH "NPM-UNINSTALL" "1" "June 2023" "" "" +.TH "NPM-UNINSTALL" "1" "July 2023" "" "" .SH "NAME" \fBnpm-uninstall\fR - Remove a package .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-unpublish.1 b/deps/npm/man/man1/npm-unpublish.1 index 151d24baa7c8c7..faa9bd23baf2c9 100644 --- a/deps/npm/man/man1/npm-unpublish.1 +++ b/deps/npm/man/man1/npm-unpublish.1 @@ -1,4 +1,4 @@ -.TH "NPM-UNPUBLISH" "1" "June 2023" "" "" +.TH "NPM-UNPUBLISH" "1" "July 2023" "" "" .SH "NAME" \fBnpm-unpublish\fR - Remove a package from the registry .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-unstar.1 b/deps/npm/man/man1/npm-unstar.1 index 802ccf68678ed6..157e7f53fcbede 100644 --- a/deps/npm/man/man1/npm-unstar.1 +++ b/deps/npm/man/man1/npm-unstar.1 @@ -1,4 +1,4 @@ -.TH "NPM-UNSTAR" "1" "June 2023" "" "" +.TH "NPM-UNSTAR" "1" "July 2023" "" "" .SH "NAME" \fBnpm-unstar\fR - Remove an item from your favorite packages .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-update.1 b/deps/npm/man/man1/npm-update.1 index 787e2ee663875b..c72b717593f356 100644 --- a/deps/npm/man/man1/npm-update.1 +++ b/deps/npm/man/man1/npm-update.1 @@ -1,4 +1,4 @@ -.TH "NPM-UPDATE" "1" "June 2023" "" "" +.TH "NPM-UPDATE" "1" "July 2023" "" "" .SH "NAME" \fBnpm-update\fR - Update packages .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-version.1 b/deps/npm/man/man1/npm-version.1 index 3a88228dc2f261..482727246288a4 100644 --- a/deps/npm/man/man1/npm-version.1 +++ b/deps/npm/man/man1/npm-version.1 @@ -1,4 +1,4 @@ -.TH "NPM-VERSION" "1" "June 2023" "" "" +.TH "NPM-VERSION" "1" "July 2023" "" "" .SH "NAME" \fBnpm-version\fR - Bump a package version .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-view.1 b/deps/npm/man/man1/npm-view.1 index 50b8dcb5e4cfbd..ea6fdfeb518b2d 100644 --- a/deps/npm/man/man1/npm-view.1 +++ b/deps/npm/man/man1/npm-view.1 @@ -1,4 +1,4 @@ -.TH "NPM-VIEW" "1" "June 2023" "" "" +.TH "NPM-VIEW" "1" "July 2023" "" "" .SH "NAME" \fBnpm-view\fR - View registry info .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-whoami.1 b/deps/npm/man/man1/npm-whoami.1 index 7bc53ca0d7796b..799d85fc0275e3 100644 --- a/deps/npm/man/man1/npm-whoami.1 +++ b/deps/npm/man/man1/npm-whoami.1 @@ -1,4 +1,4 @@ -.TH "NPM-WHOAMI" "1" "June 2023" "" "" +.TH "NPM-WHOAMI" "1" "July 2023" "" "" .SH "NAME" \fBnpm-whoami\fR - Display npm username .SS "Synopsis" diff --git a/deps/npm/man/man1/npm.1 b/deps/npm/man/man1/npm.1 index 5aa26f5c4dd899..114d4defc34b8b 100644 --- a/deps/npm/man/man1/npm.1 +++ b/deps/npm/man/man1/npm.1 @@ -1,4 +1,4 @@ -.TH "NPM" "1" "June 2023" "" "" +.TH "NPM" "1" "July 2023" "" "" .SH "NAME" \fBnpm\fR - javascript package manager .SS "Synopsis" @@ -12,7 +12,7 @@ npm Note: This command is unaware of workspaces. .SS "Version" .P -9.7.2 +9.8.0 .SS "Description" .P npm is the package manager for the Node JavaScript platform. It puts modules in place so that node can find them, and manages dependency conflicts intelligently. diff --git a/deps/npm/man/man1/npx.1 b/deps/npm/man/man1/npx.1 index 62545305dc679e..f1c9b4cbf676ca 100644 --- a/deps/npm/man/man1/npx.1 +++ b/deps/npm/man/man1/npx.1 @@ -1,4 +1,4 @@ -.TH "NPX" "1" "June 2023" "" "" +.TH "NPX" "1" "July 2023" "" "" .SH "NAME" \fBnpx\fR - Run a command from a local or remote npm package .SS "Synopsis" diff --git a/deps/npm/man/man5/folders.5 b/deps/npm/man/man5/folders.5 index c4ddf51f87cade..3661e0bbbab59d 100644 --- a/deps/npm/man/man5/folders.5 +++ b/deps/npm/man/man5/folders.5 @@ -1,4 +1,4 @@ -.TH "FOLDERS" "5" "June 2023" "" "" +.TH "FOLDERS" "5" "July 2023" "" "" .SH "NAME" \fBfolders\fR - Folder Structures Used by npm .SS "Description" diff --git a/deps/npm/man/man5/install.5 b/deps/npm/man/man5/install.5 index 096c705950c113..efbbdccbba07d8 100644 --- a/deps/npm/man/man5/install.5 +++ b/deps/npm/man/man5/install.5 @@ -1,4 +1,4 @@ -.TH "INSTALL" "5" "June 2023" "" "" +.TH "INSTALL" "5" "July 2023" "" "" .SH "NAME" \fBinstall\fR - Download and install node and npm .SS "Description" diff --git a/deps/npm/man/man5/npm-global.5 b/deps/npm/man/man5/npm-global.5 index c4ddf51f87cade..3661e0bbbab59d 100644 --- a/deps/npm/man/man5/npm-global.5 +++ b/deps/npm/man/man5/npm-global.5 @@ -1,4 +1,4 @@ -.TH "FOLDERS" "5" "June 2023" "" "" +.TH "FOLDERS" "5" "July 2023" "" "" .SH "NAME" \fBfolders\fR - Folder Structures Used by npm .SS "Description" diff --git a/deps/npm/man/man5/npm-json.5 b/deps/npm/man/man5/npm-json.5 index 9900b815460963..f1e5784ada7682 100644 --- a/deps/npm/man/man5/npm-json.5 +++ b/deps/npm/man/man5/npm-json.5 @@ -1,4 +1,4 @@ -.TH "PACKAGE.JSON" "5" "June 2023" "" "" +.TH "PACKAGE.JSON" "5" "July 2023" "" "" .SH "NAME" \fBpackage.json\fR - Specifics of npm's package.json handling .SS "Description" diff --git a/deps/npm/man/man5/npm-shrinkwrap-json.5 b/deps/npm/man/man5/npm-shrinkwrap-json.5 index 3ac345a3452cc2..cf3e37e92253d2 100644 --- a/deps/npm/man/man5/npm-shrinkwrap-json.5 +++ b/deps/npm/man/man5/npm-shrinkwrap-json.5 @@ -1,4 +1,4 @@ -.TH "NPM-SHRINKWRAP.JSON" "5" "June 2023" "" "" +.TH "NPM-SHRINKWRAP.JSON" "5" "July 2023" "" "" .SH "NAME" \fBnpm-shrinkwrap.json\fR - A publishable lockfile .SS "Description" diff --git a/deps/npm/man/man5/npmrc.5 b/deps/npm/man/man5/npmrc.5 index 8aaab33cd74448..7b222d3736b02d 100644 --- a/deps/npm/man/man5/npmrc.5 +++ b/deps/npm/man/man5/npmrc.5 @@ -1,4 +1,4 @@ -.TH "NPMRC" "5" "June 2023" "" "" +.TH "NPMRC" "5" "July 2023" "" "" .SH "NAME" \fBnpmrc\fR - The npm config files .SS "Description" diff --git a/deps/npm/man/man5/package-json.5 b/deps/npm/man/man5/package-json.5 index 9900b815460963..f1e5784ada7682 100644 --- a/deps/npm/man/man5/package-json.5 +++ b/deps/npm/man/man5/package-json.5 @@ -1,4 +1,4 @@ -.TH "PACKAGE.JSON" "5" "June 2023" "" "" +.TH "PACKAGE.JSON" "5" "July 2023" "" "" .SH "NAME" \fBpackage.json\fR - Specifics of npm's package.json handling .SS "Description" diff --git a/deps/npm/man/man5/package-lock-json.5 b/deps/npm/man/man5/package-lock-json.5 index ceac876f546a5b..82435a461b88a6 100644 --- a/deps/npm/man/man5/package-lock-json.5 +++ b/deps/npm/man/man5/package-lock-json.5 @@ -1,4 +1,4 @@ -.TH "PACKAGE-LOCK.JSON" "5" "June 2023" "" "" +.TH "PACKAGE-LOCK.JSON" "5" "July 2023" "" "" .SH "NAME" \fBpackage-lock.json\fR - A manifestation of the manifest .SS "Description" diff --git a/deps/npm/man/man7/config.7 b/deps/npm/man/man7/config.7 index cec41d8d3f4b87..3bcd6075cc2235 100644 --- a/deps/npm/man/man7/config.7 +++ b/deps/npm/man/man7/config.7 @@ -1,4 +1,4 @@ -.TH "CONFIG" "7" "June 2023" "" "" +.TH "CONFIG" "7" "July 2023" "" "" .SH "NAME" \fBconfig\fR - More than you probably want to know about npm configuration .SS "Description" diff --git a/deps/npm/man/man7/dependency-selectors.7 b/deps/npm/man/man7/dependency-selectors.7 index 74767ecff53496..8e557efe93853a 100644 --- a/deps/npm/man/man7/dependency-selectors.7 +++ b/deps/npm/man/man7/dependency-selectors.7 @@ -1,4 +1,4 @@ -.TH "QUERYING" "7" "June 2023" "" "" +.TH "QUERYING" "7" "July 2023" "" "" .SH "NAME" \fBQuerying\fR - Dependency Selector Syntax & Querying .SS "Description" diff --git a/deps/npm/man/man7/developers.7 b/deps/npm/man/man7/developers.7 index 30c2c60da44c93..788ed4b9d8d457 100644 --- a/deps/npm/man/man7/developers.7 +++ b/deps/npm/man/man7/developers.7 @@ -1,4 +1,4 @@ -.TH "DEVELOPERS" "7" "June 2023" "" "" +.TH "DEVELOPERS" "7" "July 2023" "" "" .SH "NAME" \fBdevelopers\fR - Developer Guide .SS "Description" diff --git a/deps/npm/man/man7/logging.7 b/deps/npm/man/man7/logging.7 index 62ae6b1a5b1076..0c96f75c479453 100644 --- a/deps/npm/man/man7/logging.7 +++ b/deps/npm/man/man7/logging.7 @@ -1,4 +1,4 @@ -.TH "LOGGING" "7" "June 2023" "" "" +.TH "LOGGING" "7" "July 2023" "" "" .SH "NAME" \fBLogging\fR - Why, What & How We Log .SS "Description" diff --git a/deps/npm/man/man7/orgs.7 b/deps/npm/man/man7/orgs.7 index 6ebfc55f1526f0..2d0ec91b96774d 100644 --- a/deps/npm/man/man7/orgs.7 +++ b/deps/npm/man/man7/orgs.7 @@ -1,4 +1,4 @@ -.TH "ORGS" "7" "June 2023" "" "" +.TH "ORGS" "7" "July 2023" "" "" .SH "NAME" \fBorgs\fR - Working with Teams & Orgs .SS "Description" diff --git a/deps/npm/man/man7/package-spec.7 b/deps/npm/man/man7/package-spec.7 index 0e3ff55c217d5f..2d02001f93791b 100644 --- a/deps/npm/man/man7/package-spec.7 +++ b/deps/npm/man/man7/package-spec.7 @@ -1,4 +1,4 @@ -.TH "PACKAGE-SPEC" "7" "June 2023" "" "" +.TH "PACKAGE-SPEC" "7" "July 2023" "" "" .SH "NAME" \fBpackage-spec\fR - Package name specifier .SS "Description" diff --git a/deps/npm/man/man7/registry.7 b/deps/npm/man/man7/registry.7 index db66480d4465d8..9b68a2a761543b 100644 --- a/deps/npm/man/man7/registry.7 +++ b/deps/npm/man/man7/registry.7 @@ -1,4 +1,4 @@ -.TH "REGISTRY" "7" "June 2023" "" "" +.TH "REGISTRY" "7" "July 2023" "" "" .SH "NAME" \fBregistry\fR - The JavaScript Package Registry .SS "Description" diff --git a/deps/npm/man/man7/removal.7 b/deps/npm/man/man7/removal.7 index dfd9542fb278c8..1ae685b6f126e3 100644 --- a/deps/npm/man/man7/removal.7 +++ b/deps/npm/man/man7/removal.7 @@ -1,4 +1,4 @@ -.TH "REMOVAL" "7" "June 2023" "" "" +.TH "REMOVAL" "7" "July 2023" "" "" .SH "NAME" \fBremoval\fR - Cleaning the Slate .SS "Synopsis" diff --git a/deps/npm/man/man7/scope.7 b/deps/npm/man/man7/scope.7 index ac9cd5f29ee605..04dc80fd662669 100644 --- a/deps/npm/man/man7/scope.7 +++ b/deps/npm/man/man7/scope.7 @@ -1,4 +1,4 @@ -.TH "SCOPE" "7" "June 2023" "" "" +.TH "SCOPE" "7" "July 2023" "" "" .SH "NAME" \fBscope\fR - Scoped packages .SS "Description" diff --git a/deps/npm/man/man7/scripts.7 b/deps/npm/man/man7/scripts.7 index 72012d4dcd48d2..043b296f90baa5 100644 --- a/deps/npm/man/man7/scripts.7 +++ b/deps/npm/man/man7/scripts.7 @@ -1,4 +1,4 @@ -.TH "SCRIPTS" "7" "June 2023" "" "" +.TH "SCRIPTS" "7" "July 2023" "" "" .SH "NAME" \fBscripts\fR - How npm handles the "scripts" field .SS "Description" diff --git a/deps/npm/man/man7/workspaces.7 b/deps/npm/man/man7/workspaces.7 index 68dca1c75aa14b..8f11ac9a9f67f5 100644 --- a/deps/npm/man/man7/workspaces.7 +++ b/deps/npm/man/man7/workspaces.7 @@ -1,4 +1,4 @@ -.TH "WORKSPACES" "7" "June 2023" "" "" +.TH "WORKSPACES" "7" "July 2023" "" "" .SH "NAME" \fBworkspaces\fR - Working with workspaces .SS "Description" diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js index 22ea432ee48d62..020038b409bb17 100644 --- a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js +++ b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js @@ -1423,8 +1423,7 @@ module.exports = cls => class Reifier extends cls { for (const tree of updatedTrees) { // refresh the edges so they have the correct specs tree.package = tree.package - const pkgJson = await PackageJson.load(tree.path) - .catch(() => new PackageJson(tree.path)) + const pkgJson = await PackageJson.load(tree.path, { create: true }) const { dependencies = {}, devDependencies = {}, diff --git a/deps/npm/node_modules/@npmcli/arborist/package.json b/deps/npm/node_modules/@npmcli/arborist/package.json index 15c0640fb90b1d..712d01b47b3345 100644 --- a/deps/npm/node_modules/@npmcli/arborist/package.json +++ b/deps/npm/node_modules/@npmcli/arborist/package.json @@ -1,6 +1,6 @@ { "name": "@npmcli/arborist", - "version": "6.2.10", + "version": "6.3.0", "description": "Manage node_modules trees", "dependencies": { "@isaacs/string-locale-compare": "^1.1.0", @@ -10,7 +10,7 @@ "@npmcli/metavuln-calculator": "^5.0.0", "@npmcli/name-from-folder": "^2.0.0", "@npmcli/node-gyp": "^3.0.0", - "@npmcli/package-json": "^3.0.0", + "@npmcli/package-json": "^4.0.0", "@npmcli/query": "^3.0.0", "@npmcli/run-script": "^6.0.0", "bin-links": "^4.0.1", diff --git a/deps/npm/node_modules/@npmcli/package-json/lib/index.js b/deps/npm/node_modules/@npmcli/package-json/lib/index.js index 756837cdde58a0..53558a3977e4d1 100644 --- a/deps/npm/node_modules/@npmcli/package-json/lib/index.js +++ b/deps/npm/node_modules/@npmcli/package-json/lib/index.js @@ -34,7 +34,23 @@ class PackageJson { 'bin', ]) + // npm pkg fix + static fixSteps = Object.freeze([ + 'binRefs', + 'bundleDependencies', + 'bundleDependenciesFalse', + 'fixNameField', + 'fixVersionField', + 'fixRepositoryField', + 'fixBinField', + 'fixDependencies', + 'fixScriptsField', + 'devDependencies', + 'scriptpath', + ]) + static prepareSteps = Object.freeze([ + '_id', '_attributes', 'bundledDependencies', 'bundleDependencies', @@ -52,37 +68,67 @@ class PackageJson { 'binRefs', ]) - // default behavior, just loads and parses - static async load (path) { - return await new PackageJson(path).load() + // create a new empty package.json, so we can save at the given path even + // though we didn't start from a parsed file + static async create (path, opts = {}) { + const p = new PackageJson() + await p.create(path) + if (opts.data) { + return p.update(opts.data) + } + return p + } + + // Loads a package.json at given path and JSON parses + static async load (path, opts = {}) { + const p = new PackageJson() + // Avoid try/catch if we aren't going to create + if (!opts.create) { + return p.load(path) + } + + try { + return await p.load(path) + } catch (err) { + if (!err.message.startsWith('Could not read package.json')) { + throw err + } + return await p.create(path) + } + } + + // npm pkg fix + static async fix (path, opts) { + const p = new PackageJson() + await p.load(path, true) + return p.fix(opts) } // read-package-json compatible behavior static async prepare (path, opts) { - return await new PackageJson(path).prepare(opts) + const p = new PackageJson() + await p.load(path, true) + return p.prepare(opts) } // read-package-json-fast compatible behavior static async normalize (path, opts) { - return await new PackageJson(path).normalize(opts) + const p = new PackageJson() + await p.load(path) + return p.normalize(opts) } - #filename #path - #manifest = {} + #manifest #readFileContent = '' - #fromIndex = false + #canSave = true - constructor (path) { + // Load content from given path + async load (path, parseIndex) { this.#path = path - this.#filename = resolve(path, 'package.json') - } - - async load (parseIndex) { let parseErr try { - this.#readFileContent = - await readFile(this.#filename, 'utf8') + this.#readFileContent = await readFile(this.filename, 'utf8') } catch (err) { err.message = `Could not read package.json: ${err}` if (!parseIndex) { @@ -92,7 +138,7 @@ class PackageJson { } if (parseErr) { - const indexFile = resolve(this.#path, 'index.js') + const indexFile = resolve(this.path, 'index.js') let indexFileContent try { indexFileContent = await readFile(indexFile, 'utf8') @@ -100,16 +146,22 @@ class PackageJson { throw parseErr } try { - this.#manifest = fromComment(indexFileContent) + this.fromComment(indexFileContent) } catch (err) { throw parseErr } - this.#fromIndex = true + // This wasn't a package.json so prevent saving + this.#canSave = false return this } + return this.fromJSON(this.#readFileContent) + } + + // Load data from a JSON string/buffer + fromJSON (data) { try { - this.#manifest = parseJSON(this.#readFileContent) + this.#manifest = parseJSON(data) } catch (err) { err.message = `Invalid package.json: ${err}` throw err @@ -117,6 +169,27 @@ class PackageJson { return this } + // Load data from a comment + // /**package { "name": "foo", "version": "1.2.3", ... } **/ + fromComment (data) { + data = data.split(/^\/\*\*package(?:\s|$)/m) + + if (data.length < 2) { + throw new Error('File has no package in comments') + } + data = data[1] + data = data.split(/\*\*\/$/m) + + if (data.length < 2) { + throw new Error('File has no package in comments') + } + data = data[0] + data = data.replace(/^\s*\*/mg, '') + + this.#manifest = parseJSON(data) + return this + } + get content () { return this.#manifest } @@ -125,26 +198,33 @@ class PackageJson { return this.#path } + get filename () { + if (this.path) { + return resolve(this.path, 'package.json') + } + return undefined + } + + create (path) { + this.#path = path + this.#manifest = {} + return this + } + + // This should be the ONLY way to set content in the manifest update (content) { - // validates both current manifest and content param - const invalidContent = - typeof this.#manifest !== 'object' - || typeof content !== 'object' - if (invalidContent) { - throw Object.assign( - new Error(`Can't update invalid package.json data`), - { code: 'EPACKAGEJSONUPDATE' } - ) + if (!this.content) { + throw new Error('Can not update without content. Please `load` or `create`') } for (const step of knownSteps) { - this.#manifest = step({ content, originalContent: this.#manifest }) + this.#manifest = step({ content, originalContent: this.content }) } // unknown properties will just be overwitten for (const [key, value] of Object.entries(content)) { if (!knownKeys.has(key)) { - this.#manifest[key] = value + this.content[key] = value } } @@ -152,23 +232,23 @@ class PackageJson { } async save () { - if (this.#fromIndex) { + if (!this.#canSave) { throw new Error('No package.json to save to') } const { [Symbol.for('indent')]: indent, [Symbol.for('newline')]: newline, - } = this.#manifest + } = this.content const format = indent === undefined ? ' ' : indent const eol = newline === undefined ? '\n' : newline const fileContent = `${ - JSON.stringify(this.#manifest, null, format) + JSON.stringify(this.content, null, format) }\n` .replace(/\n/g, eol) if (fileContent.trim() !== this.#readFileContent.trim()) { - return await writeFile(this.#filename, fileContent) + return await writeFile(this.filename, fileContent) } } @@ -176,7 +256,6 @@ class PackageJson { if (!opts.steps) { opts.steps = this.constructor.normalizeSteps } - await this.load() await normalize(this, opts) return this } @@ -185,29 +264,16 @@ class PackageJson { if (!opts.steps) { opts.steps = this.constructor.prepareSteps } - await this.load(true) await normalize(this, opts) return this } -} - -// /**package { "name": "foo", "version": "1.2.3", ... } **/ -function fromComment (data) { - data = data.split(/^\/\*\*package(?:\s|$)/m) - if (data.length < 2) { - throw new Error('File has no package in comments') - } - data = data[1] - data = data.split(/\*\*\/$/m) - - if (data.length < 2) { - throw new Error('File has no package in comments') + async fix (opts = {}) { + // This one is not overridable + opts.steps = this.constructor.fixSteps + await normalize(this, opts) + return this } - data = data[0] - data = data.replace(/^\s*\*/mg, '') - - return parseJSON(data) } module.exports = PackageJson diff --git a/deps/npm/node_modules/@npmcli/package-json/lib/normalize.js b/deps/npm/node_modules/@npmcli/package-json/lib/normalize.js index 9594ef3d7ff4ff..726b3f031115b9 100644 --- a/deps/npm/node_modules/@npmcli/package-json/lib/normalize.js +++ b/deps/npm/node_modules/@npmcli/package-json/lib/normalize.js @@ -1,20 +1,40 @@ const fs = require('fs/promises') const { glob } = require('glob') const normalizePackageBin = require('npm-normalize-package-bin') -const normalizePackageData = require('normalize-package-data') +const legacyFixer = require('normalize-package-data/lib/fixer.js') +const legacyMakeWarning = require('normalize-package-data/lib/make_warning.js') const path = require('path') const log = require('proc-log') const git = require('@npmcli/git') -const normalize = async (pkg, { strict, steps, root }) => { +// We don't want the `changes` array in here by default because this is a hot +// path for parsing packuments during install. So the calling method passes it +// in if it wants to track changes. +const normalize = async (pkg, { strict, steps, root, changes, allowLegacyCase }) => { + if (!pkg.content) { + throw new Error('Can not normalize without content') + } const data = pkg.content const scripts = data.scripts || {} const pkgId = `${data.name ?? ''}@${data.version ?? ''}` + legacyFixer.warn = function () { + changes?.push(legacyMakeWarning.apply(null, arguments)) + } + + // name and version are load bearing so we have to clean them up first + if (steps.includes('fixNameField') || steps.includes('normalizeData')) { + legacyFixer.fixNameField(data, { strict, allowLegacyCase }) + } + + if (steps.includes('fixVersionField') || steps.includes('normalizeData')) { + legacyFixer.fixVersionField(data, strict) + } // remove attributes that start with "_" if (steps.includes('_attributes')) { for (const key in data) { if (key.startsWith('_')) { + changes?.push(`"${key}" was removed`) delete pkg.content[key] } } @@ -23,6 +43,7 @@ const normalize = async (pkg, { strict, steps, root }) => { // build the "_id" attribute if (steps.includes('_id')) { if (data.name && data.version) { + changes?.push(`"_id" was set to ${pkgId}`) data._id = pkgId } } @@ -32,20 +53,25 @@ const normalize = async (pkg, { strict, steps, root }) => { if (data.bundleDependencies === undefined && data.bundledDependencies !== undefined) { data.bundleDependencies = data.bundledDependencies } + changes?.push(`Deleted incorrect "bundledDependencies"`) delete data.bundledDependencies } // expand "bundleDependencies: true or translate from object" if (steps.includes('bundleDependencies')) { const bd = data.bundleDependencies if (bd === false && !steps.includes('bundleDependenciesDeleteFalse')) { + changes?.push(`"bundleDependencies" was changed from "false" to "[]"`) data.bundleDependencies = [] } else if (bd === true) { + changes?.push(`"bundleDependencies" was auto-populated from "dependencies"`) data.bundleDependencies = Object.keys(data.dependencies || {}) } else if (bd && typeof bd === 'object') { if (!Array.isArray(bd)) { + changes?.push(`"bundleDependencies" was changed from an object to an array`) data.bundleDependencies = Object.keys(bd) } } else { + changes?.push(`"bundleDependencies" was removed`) delete data.bundleDependencies } } @@ -58,9 +84,11 @@ const normalize = async (pkg, { strict, steps, root }) => { if (data.dependencies && data.optionalDependencies && typeof data.optionalDependencies === 'object') { for (const name in data.optionalDependencies) { + changes?.push(`optionalDependencies entry "${name}" was removed`) delete data.dependencies[name] } if (!Object.keys(data.dependencies).length) { + changes?.push(`empty "optionalDependencies" was removed`) delete data.dependencies } } @@ -74,6 +102,8 @@ const normalize = async (pkg, { strict, steps, root }) => { scripts.install = 'node-gyp rebuild' data.scripts = scripts data.gypfile = true + changes?.push(`"scripts.install" was set to "node-gyp rebuild"`) + changes?.push(`"gypfile" was set to "true"`) } } } @@ -84,6 +114,7 @@ const normalize = async (pkg, { strict, steps, root }) => { await fs.access(path.join(pkg.path, 'server.js')) scripts.start = 'node server.js' data.scripts = scripts + changes?.push('"scripts.start" was set to "node server.js"') } catch { // do nothing } @@ -96,11 +127,14 @@ const normalize = async (pkg, { strict, steps, root }) => { for (const name in data.scripts) { if (typeof data.scripts[name] !== 'string') { delete data.scripts[name] + changes?.push(`invalid scripts entry "${name}" was removed`) } else if (steps.includes('scriptpath')) { data.scripts[name] = data.scripts[name].replace(spre, '') + changes?.push(`scripts entry "${name}" was fixed to remove node_modules/.bin reference`) } } } else { + changes?.push(`removed invalid "scripts"`) delete data.scripts } } @@ -108,6 +142,7 @@ const normalize = async (pkg, { strict, steps, root }) => { if (steps.includes('funding')) { if (data.funding && typeof data.funding === 'string') { data.funding = { url: data.funding } + changes?.push(`"funding" was changed to an object with a url attribute`) } } @@ -119,6 +154,7 @@ const normalize = async (pkg, { strict, steps, root }) => { .map(line => line.replace(/^\s*#.*$/, '').trim()) .filter(line => line) data.contributors = authors + changes.push('"contributors" was auto-populated with the contents of the "AUTHORS" file') } catch { // do nothing } @@ -145,6 +181,12 @@ const normalize = async (pkg, { strict, steps, root }) => { const readmeData = await fs.readFile(path.join(pkg.path, readmeFile), 'utf8') data.readme = readmeData data.readmeFilename = readmeFile + changes?.push(`"readme" was set to the contents of ${readmeFile}`) + changes?.push(`"readmeFilename" was set to ${readmeFile}`) + } + if (!data.readme) { + // this.warn('missingReadme') + data.readme = 'ERROR: No README data found!' } } @@ -270,9 +312,47 @@ const normalize = async (pkg, { strict, steps, root }) => { } } - // "normalizeData" from read-package-json + // "normalizeData" from "read-package-json", which was just a call through to + // "normalize-package-data". We only call the "fixer" functions because + // outside of that it was also clobbering _id (which we already conditionally + // do) and also adding the gypfile script (which we also already + // conditionally do) + + // Some steps are isolated so we can do a limited subset of these in `fix` + if (steps.includes('fixRepositoryField') || steps.includes('normalizeData')) { + legacyFixer.fixRepositoryField(data) + } + + if (steps.includes('fixBinField') || steps.includes('normalizeData')) { + legacyFixer.fixBinField(data) + } + + if (steps.includes('fixDependencies') || steps.includes('normalizeData')) { + legacyFixer.fixDependencies(data, strict) + } + + if (steps.includes('fixScriptsField') || steps.includes('normalizeData')) { + legacyFixer.fixScriptsField(data) + } + if (steps.includes('normalizeData')) { - normalizePackageData(data, strict) + const legacySteps = [ + 'fixDescriptionField', + 'fixModulesField', + 'fixFilesField', + 'fixManField', + 'fixBugsField', + 'fixKeywordsField', + 'fixBundleDependenciesField', + 'fixHomepageField', + 'fixReadmeField', + 'fixLicenseField', + 'fixPeople', + 'fixTypos', + ] + for (const legacyStep of legacySteps) { + legacyFixer[legacyStep](data) + } } // Warn if the bin references don't point to anything. This might be better diff --git a/deps/npm/node_modules/@npmcli/package-json/package.json b/deps/npm/node_modules/@npmcli/package-json/package.json index a4e2cbab4c0bdd..4b9584dcad3707 100644 --- a/deps/npm/node_modules/@npmcli/package-json/package.json +++ b/deps/npm/node_modules/@npmcli/package-json/package.json @@ -1,6 +1,6 @@ { "name": "@npmcli/package-json", - "version": "3.1.1", + "version": "4.0.0", "description": "Programmatic API to update package.json", "main": "lib/index.js", "files": [ diff --git a/deps/npm/node_modules/@sigstore/tuf/package.json b/deps/npm/node_modules/@sigstore/tuf/package.json index 241dc32b3c8a9e..286d481a4d39fc 100644 --- a/deps/npm/node_modules/@sigstore/tuf/package.json +++ b/deps/npm/node_modules/@sigstore/tuf/package.json @@ -1,6 +1,6 @@ { "name": "@sigstore/tuf", - "version": "1.0.0", + "version": "1.0.2", "description": "Client for the Sigstore TUF repository", "main": "dist/index.js", "types": "dist/index.d.ts", @@ -27,17 +27,13 @@ "provenance": true }, "devDependencies": { - "@total-typescript/shoehorn": "^0.1.0", + "@sigstore/jest": "^0.0.0", "@tufjs/repo-mock": "^1.1.0", - "@types/node": "^20.2.5", - "nock": "^13.2.4", - "shx": "^0.3.3", - "typescript": "^5.1.3" + "@types/make-fetch-happen": "^10.0.0" }, "dependencies": { "@sigstore/protobuf-specs": "^0.1.0", - "tuf-js": "^1.1.3", - "make-fetch-happen": "^11.0.1" + "tuf-js": "^1.1.7" }, "engines": { "node": "^14.17.0 || ^16.13.0 || >=18.0.0" diff --git a/deps/npm/node_modules/libnpmdiff/package.json b/deps/npm/node_modules/libnpmdiff/package.json index d785ba9131f8a3..2ef51fb8e03b70 100644 --- a/deps/npm/node_modules/libnpmdiff/package.json +++ b/deps/npm/node_modules/libnpmdiff/package.json @@ -1,6 +1,6 @@ { "name": "libnpmdiff", - "version": "5.0.18", + "version": "5.0.19", "description": "The registry diff", "repository": { "type": "git", @@ -46,7 +46,7 @@ "tap": "^16.3.4" }, "dependencies": { - "@npmcli/arborist": "^6.2.10", + "@npmcli/arborist": "^6.3.0", "@npmcli/disparity-colors": "^3.0.0", "@npmcli/installed-package-contents": "^2.0.2", "binary-extensions": "^2.2.0", diff --git a/deps/npm/node_modules/libnpmexec/package.json b/deps/npm/node_modules/libnpmexec/package.json index 8a908625c887cd..290d895f5ee60e 100644 --- a/deps/npm/node_modules/libnpmexec/package.json +++ b/deps/npm/node_modules/libnpmexec/package.json @@ -1,6 +1,6 @@ { "name": "libnpmexec", - "version": "6.0.1", + "version": "6.0.2", "files": [ "bin/", "lib/" @@ -59,7 +59,7 @@ "tap": "^16.3.4" }, "dependencies": { - "@npmcli/arborist": "^6.2.10", + "@npmcli/arborist": "^6.3.0", "@npmcli/run-script": "^6.0.0", "ci-info": "^3.7.1", "npm-package-arg": "^10.1.0", diff --git a/deps/npm/node_modules/libnpmfund/package.json b/deps/npm/node_modules/libnpmfund/package.json index 447653152811e3..8e0b6d083715e3 100644 --- a/deps/npm/node_modules/libnpmfund/package.json +++ b/deps/npm/node_modules/libnpmfund/package.json @@ -1,6 +1,6 @@ { "name": "libnpmfund", - "version": "4.0.18", + "version": "4.0.19", "main": "lib/index.js", "files": [ "bin/", @@ -45,7 +45,7 @@ "tap": "^16.3.4" }, "dependencies": { - "@npmcli/arborist": "^6.2.10" + "@npmcli/arborist": "^6.3.0" }, "engines": { "node": "^14.17.0 || ^16.13.0 || >=18.0.0" diff --git a/deps/npm/node_modules/libnpmpack/package.json b/deps/npm/node_modules/libnpmpack/package.json index 294bb7a82ed5b3..12cf7aa8ee3b10 100644 --- a/deps/npm/node_modules/libnpmpack/package.json +++ b/deps/npm/node_modules/libnpmpack/package.json @@ -1,6 +1,6 @@ { "name": "libnpmpack", - "version": "5.0.18", + "version": "5.0.19", "description": "Programmatic API for the bits behind npm pack", "author": "GitHub Inc.", "main": "lib/index.js", @@ -36,7 +36,7 @@ "bugs": "https://github.com/npm/libnpmpack/issues", "homepage": "https://npmjs.com/package/libnpmpack", "dependencies": { - "@npmcli/arborist": "^6.2.10", + "@npmcli/arborist": "^6.3.0", "@npmcli/run-script": "^6.0.0", "npm-package-arg": "^10.1.0", "pacote": "^15.0.8" diff --git a/deps/npm/node_modules/libnpmpublish/lib/provenance.js b/deps/npm/node_modules/libnpmpublish/lib/provenance.js index 19859e9dd6f614..398db1b4cd4671 100644 --- a/deps/npm/node_modules/libnpmpublish/lib/provenance.js +++ b/deps/npm/node_modules/libnpmpublish/lib/provenance.js @@ -4,12 +4,13 @@ const ci = require('ci-info') const { env } = process const INTOTO_PAYLOAD_TYPE = 'application/vnd.in-toto+json' -const INTOTO_STATEMENT_TYPE = 'https://in-toto.io/Statement/v0.1' -const SLSA_PREDICATE_TYPE = 'https://slsa.dev/provenance/v0.2' +const INTOTO_STATEMENT_V01_TYPE = 'https://in-toto.io/Statement/v0.1' +const INTOTO_STATEMENT_V1_TYPE = 'https://in-toto.io/Statement/v1' +const SLSA_PREDICATE_V02_TYPE = 'https://slsa.dev/provenance/v0.2' +const SLSA_PREDICATE_V1_TYPE = 'https://slsa.dev/provenance/v1' -const GITHUB_BUILDER_ID = 'https://github.com/actions/runner' -const GITHUB_BUILD_TYPE_PREFIX = 'https://github.com/npm/cli/gha' -const GITHUB_BUILD_TYPE_VERSION = 'v2' +const GITHUB_BUILDER_ID_PREFIX = 'https://github.com/actions/runner' +const GITHUB_BUILD_TYPE = 'https://slsa-framework.github.io/github-actions-buildtypes/workflow/v1' const GITLAB_BUILD_TYPE_PREFIX = 'https://github.com/npm/cli/gitlab' const GITLAB_BUILD_TYPE_VERSION = 'v0alpha1' @@ -18,63 +19,54 @@ const generateProvenance = async (subject, opts) => { let payload if (ci.GITHUB_ACTIONS) { /* istanbul ignore next - not covering missing env var case */ - const [workflowPath] = (env.GITHUB_WORKFLOW_REF || '') + const [workflowPath, workflowRef] = (env.GITHUB_WORKFLOW_REF || '') .replace(env.GITHUB_REPOSITORY + '/', '') .split('@') payload = { - _type: INTOTO_STATEMENT_TYPE, + _type: INTOTO_STATEMENT_V1_TYPE, subject, - predicateType: SLSA_PREDICATE_TYPE, + predicateType: SLSA_PREDICATE_V1_TYPE, predicate: { - buildType: `${GITHUB_BUILD_TYPE_PREFIX}/${GITHUB_BUILD_TYPE_VERSION}`, - builder: { id: GITHUB_BUILDER_ID }, - invocation: { - configSource: { - uri: `git+${env.GITHUB_SERVER_URL}/${env.GITHUB_REPOSITORY}@${env.GITHUB_REF}`, - digest: { - sha1: env.GITHUB_SHA, + buildDefinition: { + buildType: GITHUB_BUILD_TYPE, + externalParameters: { + workflow: { + ref: workflowRef, + repository: `${env.GITHUB_SERVER_URL}/${env.GITHUB_REPOSITORY}`, + path: workflowPath, }, - entryPoint: workflowPath, }, - parameters: {}, - environment: { - GITHUB_EVENT_NAME: env.GITHUB_EVENT_NAME, - GITHUB_REF: env.GITHUB_REF, - GITHUB_REPOSITORY: env.GITHUB_REPOSITORY, - GITHUB_REPOSITORY_ID: env.GITHUB_REPOSITORY_ID, - GITHUB_REPOSITORY_OWNER_ID: env.GITHUB_REPOSITORY_OWNER_ID, - GITHUB_RUN_ATTEMPT: env.GITHUB_RUN_ATTEMPT, - GITHUB_RUN_ID: env.GITHUB_RUN_ID, - GITHUB_SHA: env.GITHUB_SHA, - GITHUB_WORKFLOW_REF: env.GITHUB_WORKFLOW_REF, - GITHUB_WORKFLOW_SHA: env.GITHUB_WORKFLOW_SHA, + internalParameters: { + github: { + event_name: env.GITHUB_EVENT_NAME, + repository_id: env.GITHUB_REPOSITORY_ID, + repository_owner_id: env.GITHUB_REPOSITORY_OWNER_ID, + }, }, + resolvedDependencies: [ + { + uri: `git+${env.GITHUB_SERVER_URL}/${env.GITHUB_REPOSITORY}@${env.GITHUB_REF}`, + digest: { + gitCommit: env.GITHUB_SHA, + }, + }, + ], }, - metadata: { - buildInvocationId: `${env.GITHUB_RUN_ID}-${env.GITHUB_RUN_ATTEMPT}`, - completeness: { - parameters: false, - environment: false, - materials: false, + runDetails: { + builder: { id: `${GITHUB_BUILDER_ID_PREFIX}/${env.RUNNER_ENVIRONMENT}` }, + metadata: { + /* eslint-disable-next-line max-len */ + invocationId: `${env.GITHUB_SERVER_URL}/${env.GITHUB_REPOSITORY}/actions/runs/${env.GITHUB_RUN_ID}/attempts/${env.GITHUB_RUN_ATTEMPT}`, }, - reproducible: false, }, - materials: [ - { - uri: `git+${env.GITHUB_SERVER_URL}/${env.GITHUB_REPOSITORY}@${env.GITHUB_REF}`, - digest: { - sha1: env.GITHUB_SHA, - }, - }, - ], }, } } if (ci.GITLAB) { payload = { - _type: INTOTO_STATEMENT_TYPE, + _type: INTOTO_STATEMENT_V01_TYPE, subject, - predicateType: SLSA_PREDICATE_TYPE, + predicateType: SLSA_PREDICATE_V02_TYPE, predicate: { buildType: `${GITLAB_BUILD_TYPE_PREFIX}/${GITLAB_BUILD_TYPE_VERSION}`, builder: { id: `${env.CI_PROJECT_URL}/-/runners/${env.CI_RUNNER_ID}` }, diff --git a/deps/npm/node_modules/libnpmpublish/package.json b/deps/npm/node_modules/libnpmpublish/package.json index 151f455afb6e82..6ea6a7181b0b71 100644 --- a/deps/npm/node_modules/libnpmpublish/package.json +++ b/deps/npm/node_modules/libnpmpublish/package.json @@ -1,6 +1,6 @@ { "name": "libnpmpublish", - "version": "7.4.0", + "version": "7.5.0", "description": "Programmatic API for the bits behind npm publish and unpublish", "author": "GitHub Inc.", "main": "lib/index.js", diff --git a/deps/npm/node_modules/sigstore/dist/config.d.ts b/deps/npm/node_modules/sigstore/dist/config.d.ts index 4adf79d33052c6..89f42038099530 100644 --- a/deps/npm/node_modules/sigstore/dist/config.d.ts +++ b/deps/npm/node_modules/sigstore/dist/config.d.ts @@ -39,6 +39,9 @@ export type VerifyOptions = { certificateOIDs?: Record; keySelector?: KeySelector; } & TLogOptions & TUFOptions; +export type CreateVerifierOptions = { + keySelector?: KeySelector; +} & TUFOptions; export declare const DEFAULT_FULCIO_URL = "https://fulcio.sigstore.dev"; export declare const DEFAULT_REKOR_URL = "https://rekor.sigstore.dev"; export declare const DEFAULT_RETRY: Retry; diff --git a/deps/npm/node_modules/sigstore/dist/external/rekor.d.ts b/deps/npm/node_modules/sigstore/dist/external/rekor.d.ts index d8cb23b1e33fbc..6729ad3e2aacf6 100644 --- a/deps/npm/node_modules/sigstore/dist/external/rekor.d.ts +++ b/deps/npm/node_modules/sigstore/dist/external/rekor.d.ts @@ -1,6 +1,6 @@ -import type { LogEntry, ProposedEntry, ProposedDSSEEntry, ProposedHashedRekordEntry, ProposedIntotoEntry, SearchIndex, SearchLogQuery } from '@sigstore/rekor-types'; +import type { LogEntry, ProposedDSSEEntry, ProposedEntry, ProposedHashedRekordEntry, ProposedIntotoEntry, InclusionProof as RekorInclusionProof, SearchIndex, SearchLogQuery } from '@sigstore/rekor-types'; import type { FetchOptions } from '../types/fetch'; -export type { ProposedEntry, SearchIndex, SearchLogQuery, ProposedDSSEEntry, ProposedHashedRekordEntry, ProposedIntotoEntry, }; +export type { ProposedDSSEEntry, ProposedEntry, ProposedHashedRekordEntry, ProposedIntotoEntry, RekorInclusionProof, SearchIndex, SearchLogQuery, }; export type Entry = { uuid: string; } & LogEntry['x']; diff --git a/deps/npm/node_modules/sigstore/dist/merkle/digest.d.ts b/deps/npm/node_modules/sigstore/dist/merkle/digest.d.ts deleted file mode 100644 index 5c692214f91a01..00000000000000 --- a/deps/npm/node_modules/sigstore/dist/merkle/digest.d.ts +++ /dev/null @@ -1,8 +0,0 @@ -/// -export declare class Hasher { - private algorithm; - constructor(algorithm?: string); - size(): number; - hashLeaf(leaf: Buffer): Buffer; - hashChildren(l: Buffer, r: Buffer): Buffer; -} diff --git a/deps/npm/node_modules/sigstore/dist/merkle/digest.js b/deps/npm/node_modules/sigstore/dist/merkle/digest.js deleted file mode 100644 index 5b7ff04a506aef..00000000000000 --- a/deps/npm/node_modules/sigstore/dist/merkle/digest.js +++ /dev/null @@ -1,48 +0,0 @@ -"use strict"; -/* -Copyright 2022 GitHub, Inc - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ -var __importDefault = (this && this.__importDefault) || function (mod) { - return (mod && mod.__esModule) ? mod : { "default": mod }; -}; -Object.defineProperty(exports, "__esModule", { value: true }); -exports.Hasher = void 0; -const crypto_1 = __importDefault(require("crypto")); -const RFC6962LeafHashPrefix = Buffer.from([0x00]); -const RFC6962NodeHashPrefix = Buffer.from([0x01]); -// Implements Merkle Tree Hash logic according to RFC6962. -// https://datatracker.ietf.org/doc/html/rfc6962#section-2 -class Hasher { - constructor(algorithm = 'sha256') { - this.algorithm = algorithm; - } - size() { - return crypto_1.default.createHash(this.algorithm).digest().length; - } - hashLeaf(leaf) { - const hasher = crypto_1.default.createHash(this.algorithm); - hasher.update(RFC6962LeafHashPrefix); - hasher.update(leaf); - return hasher.digest(); - } - hashChildren(l, r) { - const hasher = crypto_1.default.createHash(this.algorithm); - hasher.update(RFC6962NodeHashPrefix); - hasher.update(l); - hasher.update(r); - return hasher.digest(); - } -} -exports.Hasher = Hasher; diff --git a/deps/npm/node_modules/sigstore/dist/merkle/index.d.ts b/deps/npm/node_modules/sigstore/dist/merkle/index.d.ts deleted file mode 100644 index d8ffe7c03fb7d8..00000000000000 --- a/deps/npm/node_modules/sigstore/dist/merkle/index.d.ts +++ /dev/null @@ -1,2 +0,0 @@ -export { Hasher } from './digest'; -export { verifyInclusion } from './verify'; diff --git a/deps/npm/node_modules/sigstore/dist/merkle/index.js b/deps/npm/node_modules/sigstore/dist/merkle/index.js deleted file mode 100644 index 2dd39f10b646d4..00000000000000 --- a/deps/npm/node_modules/sigstore/dist/merkle/index.js +++ /dev/null @@ -1,22 +0,0 @@ -"use strict"; -/* -Copyright 2022 GitHub, Inc - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ -Object.defineProperty(exports, "__esModule", { value: true }); -exports.verifyInclusion = exports.Hasher = void 0; -var digest_1 = require("./digest"); -Object.defineProperty(exports, "Hasher", { enumerable: true, get: function () { return digest_1.Hasher; } }); -var verify_1 = require("./verify"); -Object.defineProperty(exports, "verifyInclusion", { enumerable: true, get: function () { return verify_1.verifyInclusion; } }); diff --git a/deps/npm/node_modules/sigstore/dist/merkle/verify.d.ts b/deps/npm/node_modules/sigstore/dist/merkle/verify.d.ts deleted file mode 100644 index b1b28b7bfc10c6..00000000000000 --- a/deps/npm/node_modules/sigstore/dist/merkle/verify.d.ts +++ /dev/null @@ -1,3 +0,0 @@ -/// -import { Hasher } from './digest'; -export declare function verifyInclusion(hasher: Hasher, index: bigint, size: bigint, leafHash: Buffer, proof: Buffer[], root: Buffer): boolean; diff --git a/deps/npm/node_modules/sigstore/dist/merkle/verify.js b/deps/npm/node_modules/sigstore/dist/merkle/verify.js deleted file mode 100644 index 345543425aa08b..00000000000000 --- a/deps/npm/node_modules/sigstore/dist/merkle/verify.js +++ /dev/null @@ -1,78 +0,0 @@ -"use strict"; -Object.defineProperty(exports, "__esModule", { value: true }); -exports.verifyInclusion = void 0; -/* -Copyright 2022 GitHub, Inc - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ -// Implementation largely copied from -// https://github.com/transparency-dev/merkle/blob/main/proof/verify.go#L46 -// Verifies the correctness of the inclusion proof for the given leaf hash -// and index relative to the tree of the given size and root hash. -function verifyInclusion(hasher, index, size, leafHash, proof, root) { - const calcroot = rootFromInclusionProof(hasher, index, size, leafHash, proof); - return calcroot.equals(root); -} -exports.verifyInclusion = verifyInclusion; -// Calculates the expected root hash for a tree of the given size, provided a -// leaf index and hash with corresponding inclusion proof. -function rootFromInclusionProof(hasher, index, size, leafHash, proof) { - if (index >= size) { - throw new Error('index exceeds size of tree'); - } - if (leafHash.length !== hasher.size()) { - throw new Error('leafHash has unexpected size'); - } - const { inner, border } = decompInclProof(index, size); - if (proof.length != inner + border) { - throw new Error('invalid proof length'); - } - let hash = chainInner(hasher, leafHash, proof.slice(0, inner), index); - hash = chainBorderRight(hasher, hash, proof.slice(inner)); - return hash; -} -// Breaks down inclusion proof for a leaf at the specified index in a tree of -// the specified size. The split point is where paths to the index leaf and -// the (size - 1) leaf diverge. Returns lengths of the bottom and upper proof -// parts. -function decompInclProof(index, size) { - const inner = innerProofSize(index, size); - const border = onesCount(index >> BigInt(inner)); - return { inner, border }; -} -// Computes a subtree hash for an node on or below the tree's right border. -// Assumes the provided proof hashes are ordered from lower to higher levels -// and seed is the initial hash of the node specified by the index. -function chainInner(hasher, seed, proof, index) { - return proof.reduce((acc, h, i) => { - if ((index >> BigInt(i)) & BigInt(1)) { - return hasher.hashChildren(h, acc); - } - else { - return hasher.hashChildren(acc, h); - } - }, seed); -} -// Computes a subtree hash for nodes along the tree's right border. -function chainBorderRight(hasher, seed, proof) { - return proof.reduce((acc, h) => hasher.hashChildren(h, acc), seed); -} -function innerProofSize(index, size) { - return (index ^ (size - BigInt(1))).toString(2).length; -} -// Counts the number of ones in the binary representation of the given number. -// https://en.wikipedia.org/wiki/Hamming_weight -function onesCount(x) { - return x.toString(2).split('1').length - 1; -} diff --git a/deps/npm/node_modules/sigstore/dist/sigstore-utils.js b/deps/npm/node_modules/sigstore/dist/sigstore-utils.js index 13410520472294..dc75692f40bf02 100644 --- a/deps/npm/node_modules/sigstore/dist/sigstore-utils.js +++ b/deps/npm/node_modules/sigstore/dist/sigstore-utils.js @@ -75,6 +75,6 @@ async function createRekorEntry(dsseEnvelope, publicKey, options = {}) { signature: sigMaterial, tlogEntry: entry, }); - return sigstore.Bundle.toJSON(bundle); + return sigstore.bundleToJSON(bundle); } exports.createRekorEntry = createRekorEntry; diff --git a/deps/npm/node_modules/sigstore/dist/sigstore.d.ts b/deps/npm/node_modules/sigstore/dist/sigstore.d.ts index dc7e7070f7141b..1da5e8ecc5fe5b 100644 --- a/deps/npm/node_modules/sigstore/dist/sigstore.d.ts +++ b/deps/npm/node_modules/sigstore/dist/sigstore.d.ts @@ -5,6 +5,10 @@ import * as sigstore from './types/sigstore'; export declare function sign(payload: Buffer, options?: config.SignOptions): Promise; export declare function attest(payload: Buffer, payloadType: string, options?: config.SignOptions): Promise; export declare function verify(bundle: sigstore.SerializedBundle, payload?: Buffer, options?: config.VerifyOptions): Promise; +export interface BundleVerifier { + verify(bundle: sigstore.SerializedBundle): void; +} +export declare function createVerifier(options: config.CreateVerifierOptions): Promise; declare const tufUtils: { client: (options?: config.TUFOptions) => Promise; getTarget: (path: string, options?: config.TUFOptions) => Promise; diff --git a/deps/npm/node_modules/sigstore/dist/sigstore.js b/deps/npm/node_modules/sigstore/dist/sigstore.js index a14c5957954d80..dca476dd292030 100644 --- a/deps/npm/node_modules/sigstore/dist/sigstore.js +++ b/deps/npm/node_modules/sigstore/dist/sigstore.js @@ -23,7 +23,7 @@ var __importStar = (this && this.__importStar) || function (mod) { return result; }; Object.defineProperty(exports, "__esModule", { value: true }); -exports.DEFAULT_REKOR_URL = exports.DEFAULT_FULCIO_URL = exports.tuf = exports.utils = exports.VerificationError = exports.ValidationError = exports.PolicyError = exports.InternalError = exports.verify = exports.attest = exports.sign = void 0; +exports.DEFAULT_REKOR_URL = exports.DEFAULT_FULCIO_URL = exports.tuf = exports.utils = exports.VerificationError = exports.ValidationError = exports.PolicyError = exports.InternalError = exports.createVerifier = exports.verify = exports.attest = exports.sign = void 0; /* Copyright 2023 The Sigstore Authors. @@ -57,7 +57,7 @@ async function sign(payload, options = {}) { tlogUpload: options.tlogUpload, }); const bundle = await signer.signBlob(payload); - return sigstore.Bundle.toJSON(bundle); + return sigstore.bundleToJSON(bundle); } exports.sign = sign; async function attest(payload, payloadType, options = {}) { @@ -75,7 +75,7 @@ async function attest(payload, payloadType, options = {}) { tlogUpload: options.tlogUpload, }); const bundle = await signer.signAttestation(payload, payloadType); - return sigstore.Bundle.toJSON(bundle); + return sigstore.bundleToJSON(bundle); } exports.attest = attest; async function verify(bundle, payload, options = {}) { @@ -92,6 +92,24 @@ async function verify(bundle, payload, options = {}) { return verifier.verify(deserializedBundle, opts, payload); } exports.verify = verify; +async function createVerifier(options) { + const trustedRoot = await tuf.getTrustedRoot({ + mirrorURL: options.tufMirrorURL, + rootPath: options.tufRootPath, + cachePath: options.tufCachePath, + retry: options.retry ?? config.DEFAULT_RETRY, + timeout: options.timeout ?? config.DEFAULT_TIMEOUT, + }); + const verifier = new verify_1.Verifier(trustedRoot, options.keySelector); + const verifyOpts = config.artifactVerificationOptions(options); + return { + verify: (bundle) => { + const deserializedBundle = sigstore.bundleFromJSON(bundle); + return verifier.verify(deserializedBundle, verifyOpts); + }, + }; +} +exports.createVerifier = createVerifier; const tufUtils = { client: (options = {}) => { return tuf.initTUF({ diff --git a/deps/npm/node_modules/sigstore/dist/tlog/verify/index.d.ts b/deps/npm/node_modules/sigstore/dist/tlog/verify/index.d.ts index 8ab42760389ad5..4f96f820731f03 100644 --- a/deps/npm/node_modules/sigstore/dist/tlog/verify/index.d.ts +++ b/deps/npm/node_modules/sigstore/dist/tlog/verify/index.d.ts @@ -1,2 +1,2 @@ import * as sigstore from '../../types/sigstore'; -export declare function verifyTLogEntries(bundle: sigstore.BundleWithVerificationMaterial, trustedRoot: sigstore.TrustedRoot, options: sigstore.ArtifactVerificationOptions_TlogOptions): void; +export declare function verifyTLogEntries(bundle: sigstore.Bundle, trustedRoot: sigstore.TrustedRoot, options: sigstore.ArtifactVerificationOptions_TlogOptions): void; diff --git a/deps/npm/node_modules/sigstore/dist/tlog/verify/index.js b/deps/npm/node_modules/sigstore/dist/tlog/verify/index.js index ad655b643e1091..cbb93133c2685f 100644 --- a/deps/npm/node_modules/sigstore/dist/tlog/verify/index.js +++ b/deps/npm/node_modules/sigstore/dist/tlog/verify/index.js @@ -41,6 +41,7 @@ limitations under the License. */ const error_1 = require("../../error"); const sigstore = __importStar(require("../../types/sigstore")); +const cert_1 = require("../../x509/cert"); const body_1 = require("./body"); const set_1 = require("./set"); // Verifies that the number of tlog entries that pass offline verification @@ -50,7 +51,7 @@ function verifyTLogEntries(bundle, trustedRoot, options) { throw new error_1.VerificationError('Online verification not implemented'); } // Extract the signing cert, if available - const signingCert = sigstore.signingCertificate(bundle); + const signingCert = signingCertificate(bundle); // Iterate over the tlog entries and verify each one const verifiedEntries = bundle.verificationMaterial.tlogEntries.filter((entry) => verifyTLogEntryOffline(entry, bundle.content, trustedRoot.tlogs, signingCert)); if (verifiedEntries.length < options.threshold) { @@ -73,3 +74,10 @@ function verifyTLogEntryOffline(entry, bundleContent, tlogs, signingCert) { (0, set_1.verifyTLogSET)(entry, tlogs) && verifyTLogIntegrationTime()); } +function signingCertificate(bundle) { + if (!sigstore.isBundleWithCertificateChain(bundle)) { + return undefined; + } + const signingCert = bundle.verificationMaterial.content.x509CertificateChain.certificates[0]; + return cert_1.x509Certificate.parse(signingCert.rawBytes); +} diff --git a/deps/npm/node_modules/sigstore/dist/tlog/verify/merkle.d.ts b/deps/npm/node_modules/sigstore/dist/tlog/verify/merkle.d.ts new file mode 100644 index 00000000000000..a2c47626d01f84 --- /dev/null +++ b/deps/npm/node_modules/sigstore/dist/tlog/verify/merkle.d.ts @@ -0,0 +1,2 @@ +import * as sigstore from '../../types/sigstore'; +export declare function verifyMerkleInclusion(entry: sigstore.TransparencyLogEntry): boolean; diff --git a/deps/npm/node_modules/sigstore/dist/tlog/verify/merkle.js b/deps/npm/node_modules/sigstore/dist/tlog/verify/merkle.js new file mode 100644 index 00000000000000..90609cb73576fe --- /dev/null +++ b/deps/npm/node_modules/sigstore/dist/tlog/verify/merkle.js @@ -0,0 +1,109 @@ +"use strict"; +var __importDefault = (this && this.__importDefault) || function (mod) { + return (mod && mod.__esModule) ? mod : { "default": mod }; +}; +Object.defineProperty(exports, "__esModule", { value: true }); +exports.verifyMerkleInclusion = void 0; +/* +Copyright 2023 The Sigstore Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +const crypto_1 = __importDefault(require("crypto")); +const error_1 = require("../../error"); +const RFC6962_LEAF_HASH_PREFIX = Buffer.from([0x00]); +const RFC6962_NODE_HASH_PREFIX = Buffer.from([0x01]); +function verifyMerkleInclusion(entry) { + const inclusionProof = entry.inclusionProof; + if (!inclusionProof) { + throw new error_1.VerificationError('tlog entry has no inclusion proof'); + } + const logIndex = BigInt(inclusionProof.logIndex); + const treeSize = BigInt(inclusionProof.treeSize); + if (logIndex < 0n || logIndex >= treeSize) { + throw new error_1.VerificationError('invalid inclusion proof index'); + } + // Figure out which subset of hashes corresponds to the inner and border + // nodes + const { inner, border } = decompInclProof(logIndex, treeSize); + if (inclusionProof.hashes.length !== inner + border) { + throw new error_1.VerificationError('invalid inclusion proof length'); + } + const innerHashes = inclusionProof.hashes.slice(0, inner); + const borderHashes = inclusionProof.hashes.slice(inner); + // The entry's hash is the leaf hash + const leafHash = hashLeaf(entry.canonicalizedBody); + // Chain the hashes belonging to the inner and border portions + const calculatedHash = chainBorderRight(chainInner(leafHash, innerHashes, logIndex), borderHashes); + // Calculated hash should match the root hash in the inclusion proof + return bufferEqual(calculatedHash, inclusionProof.rootHash); +} +exports.verifyMerkleInclusion = verifyMerkleInclusion; +// Breaks down inclusion proof for a leaf at the specified index in a tree of +// the specified size. The split point is where paths to the index leaf and +// the (size - 1) leaf diverge. Returns lengths of the bottom and upper proof +// parts. +function decompInclProof(index, size) { + const inner = innerProofSize(index, size); + const border = onesCount(index >> BigInt(inner)); + return { inner, border }; +} +// Computes a subtree hash for a node on or below the tree's right border. +// Assumes the provided proof hashes are ordered from lower to higher levels +// and seed is the initial hash of the node specified by the index. +function chainInner(seed, hashes, index) { + return hashes.reduce((acc, h, i) => { + if ((index >> BigInt(i)) & BigInt(1)) { + return hashChildren(h, acc); + } + else { + return hashChildren(acc, h); + } + }, seed); +} +// Computes a subtree hash for nodes along the tree's right border. +function chainBorderRight(seed, hashes) { + return hashes.reduce((acc, h) => hashChildren(h, acc), seed); +} +function innerProofSize(index, size) { + return (index ^ (size - BigInt(1))).toString(2).length; +} +// Counts the number of ones in the binary representation of the given number. +// https://en.wikipedia.org/wiki/Hamming_weight +function onesCount(x) { + return x.toString(2).split('1').length - 1; +} +// Hashing logic according to RFC6962. +// https://datatracker.ietf.org/doc/html/rfc6962#section-2 +function hashChildren(left, right) { + const hasher = crypto_1.default.createHash('sha256'); + hasher.update(RFC6962_NODE_HASH_PREFIX); + hasher.update(left); + hasher.update(right); + return hasher.digest(); +} +function hashLeaf(leaf) { + const hasher = crypto_1.default.createHash('sha256'); + hasher.update(RFC6962_LEAF_HASH_PREFIX); + hasher.update(leaf); + return hasher.digest(); +} +function bufferEqual(a, b) { + try { + return crypto_1.default.timingSafeEqual(a, b); + } + catch { + /* istanbul ignore next */ + return false; + } +} diff --git a/deps/npm/node_modules/sigstore/dist/types/sigstore/index.d.ts b/deps/npm/node_modules/sigstore/dist/types/sigstore/index.d.ts index e636d6abd9d6c3..2be598d923048f 100644 --- a/deps/npm/node_modules/sigstore/dist/types/sigstore/index.d.ts +++ b/deps/npm/node_modules/sigstore/dist/types/sigstore/index.d.ts @@ -1,24 +1,24 @@ /// -import { ArtifactVerificationOptions, Bundle, Envelope, TransparencyLogEntry, VerificationMaterial } from '@sigstore/protobuf-specs'; -import { x509Certificate } from '../../x509/cert'; -import { WithRequired } from '../utility'; +import { SignatureMaterial } from '../signature'; import { ValidBundle } from './validate'; +import type { ArtifactVerificationOptions, Envelope, TransparencyLogEntry, VerificationMaterial } from '@sigstore/protobuf-specs'; import type { Entry } from '../../external/rekor'; -import type { SignatureMaterial } from '../signature'; -export * from '@sigstore/protobuf-specs'; -export * from './serialized'; -export * from './validate'; +import type { WithRequired } from '../utility'; +import type { SerializedBundle } from './serialized'; +export { Envelope, HashAlgorithm, PublicKeyDetails, SubjectAlternativeNameType, } from '@sigstore/protobuf-specs'; +export type { ArtifactVerificationOptions, ArtifactVerificationOptions_CtlogOptions, ArtifactVerificationOptions_TlogOptions, CertificateAuthority, CertificateIdentities, CertificateIdentity, MessageSignature, ObjectIdentifierValuePair, PublicKey, PublicKeyIdentifier, RFC3161SignedTimestamp, Signature, SubjectAlternativeName, TimestampVerificationData, TransparencyLogEntry, TransparencyLogInstance, TrustedRoot, X509Certificate, X509CertificateChain, } from '@sigstore/protobuf-specs'; +export type { SerializedBundle, SerializedEnvelope } from './serialized'; +export type { ValidBundle as Bundle }; export declare const bundleFromJSON: (obj: any) => ValidBundle; -export type BundleWithVerificationMaterial = WithRequired; -export declare function isBundleWithVerificationMaterial(bundle: Bundle): bundle is BundleWithVerificationMaterial; -export type BundleWithCertificateChain = Bundle & { +export declare const bundleToJSON: (bundle: ValidBundle) => SerializedBundle; +export type BundleWithCertificateChain = ValidBundle & { verificationMaterial: VerificationMaterial & { content: Extract; }; }; -export declare function isBundleWithCertificateChain(bundle: Bundle): bundle is BundleWithCertificateChain; +export declare function isBundleWithCertificateChain(bundle: ValidBundle): bundle is BundleWithCertificateChain; export type RequiredArtifactVerificationOptions = WithRequired; export type CAArtifactVerificationOptions = WithRequired & { signers?: Extract { const bundle = protobuf_specs_1.Bundle.fromJSON(obj); @@ -44,16 +33,15 @@ const bundleFromJSON = (obj) => { return bundle; }; exports.bundleFromJSON = bundleFromJSON; +// eslint-disable-next-line @typescript-eslint/no-explicit-any +const bundleToJSON = (bundle) => { + return protobuf_specs_1.Bundle.toJSON(bundle); +}; +exports.bundleToJSON = bundleToJSON; const BUNDLE_MEDIA_TYPE = 'application/vnd.dev.sigstore.bundle+json;version=0.1'; -// Type guard for narrowing a Bundle to a BundleWithVerificationMaterial -function isBundleWithVerificationMaterial(bundle) { - return bundle.verificationMaterial !== undefined; -} -exports.isBundleWithVerificationMaterial = isBundleWithVerificationMaterial; // Type guard for narrowing a Bundle to a BundleWithCertificateChain function isBundleWithCertificateChain(bundle) { - return (isBundleWithVerificationMaterial(bundle) && - bundle.verificationMaterial.content !== undefined && + return (bundle.verificationMaterial.content !== undefined && bundle.verificationMaterial.content.$case === 'x509CertificateChain'); } exports.isBundleWithCertificateChain = isBundleWithCertificateChain; @@ -69,6 +57,9 @@ function isVerifiableTransparencyLogEntry(entry) { entry.kindVersion !== undefined); } exports.isVerifiableTransparencyLogEntry = isVerifiableTransparencyLogEntry; +// All of the following functions are used to construct a ValidBundle +// from various types of input. When this code moves into the +// @sigstore/sign package, these functions will be exported from there. function toDSSEBundle({ envelope, signature, tlogEntry, timestamp, }) { return { mediaType: BUNDLE_MEDIA_TYPE, @@ -106,6 +97,9 @@ function toTransparencyLogEntry(entry) { const b64SET = entry.verification?.signedEntryTimestamp || ''; const set = Buffer.from(b64SET, 'base64'); const logID = Buffer.from(entry.logID, 'hex'); + const proof = entry.verification?.inclusionProof + ? toInclusionProof(entry.verification.inclusionProof) + : undefined; // Parse entry body so we can extract the kind and version. const bodyJSON = util_1.encoding.base64Decode(entry.body); const entryBody = JSON.parse(bodyJSON); @@ -122,10 +116,21 @@ function toTransparencyLogEntry(entry) { kind: entryBody.kind, version: entryBody.apiVersion, }, - inclusionProof: undefined, + inclusionProof: proof, canonicalizedBody: Buffer.from(entry.body, 'base64'), }; } +function toInclusionProof(proof) { + return { + logIndex: proof.logIndex.toString(), + rootHash: Buffer.from(proof.rootHash, 'hex'), + treeSize: proof.treeSize.toString(), + checkpoint: { + envelope: proof.checkpoint, + }, + hashes: proof.hashes.map((h) => Buffer.from(h, 'hex')), + }; +} function toVerificationMaterial({ signature, tlogEntry, timestamp, }) { return { content: signature.certificates @@ -155,11 +160,3 @@ function toTimestampVerificationData(timestamp) { rfc3161Timestamps: [{ signedTimestamp: timestamp }], }; } -function signingCertificate(bundle) { - if (!isBundleWithCertificateChain(bundle)) { - return undefined; - } - const signingCert = bundle.verificationMaterial.content.x509CertificateChain.certificates[0]; - return cert_1.x509Certificate.parse(signingCert.rawBytes); -} -exports.signingCertificate = signingCertificate; diff --git a/deps/npm/node_modules/sigstore/dist/types/sigstore/serialized.d.ts b/deps/npm/node_modules/sigstore/dist/types/sigstore/serialized.d.ts index 31cb2ce03fd306..8ea3b5cff35ee9 100644 --- a/deps/npm/node_modules/sigstore/dist/types/sigstore/serialized.d.ts +++ b/deps/npm/node_modules/sigstore/dist/types/sigstore/serialized.d.ts @@ -43,6 +43,7 @@ type SerializedDSSEEnvelope = { keyid: string; }[]; }; +export type { SerializedDSSEEnvelope as SerializedEnvelope }; export type SerializedBundle = { mediaType: string; verificationMaterial: (OneOf<{ @@ -62,13 +63,3 @@ export type SerializedBundle = { dsseEnvelope: SerializedDSSEEnvelope; messageSignature: SerializedMessageSignature; }>; -interface SerializedSignature { - sig: string; - keyid: string; -} -export type SerializedEnvelope = { - payload: string; - payloadType: string; - signatures: SerializedSignature[]; -}; -export {}; diff --git a/deps/npm/node_modules/sigstore/dist/types/sigstore/validate.d.ts b/deps/npm/node_modules/sigstore/dist/types/sigstore/validate.d.ts index 7d8316fd2e6a2b..a6c33b3c7c0f28 100644 --- a/deps/npm/node_modules/sigstore/dist/types/sigstore/validate.d.ts +++ b/deps/npm/node_modules/sigstore/dist/types/sigstore/validate.d.ts @@ -1,5 +1,5 @@ -import { Bundle, MessageSignature, VerificationMaterial } from '@sigstore/protobuf-specs'; import { WithRequired } from '../utility'; +import type { Bundle, MessageSignature, VerificationMaterial } from '@sigstore/protobuf-specs'; export type ValidBundle = Bundle & { verificationMaterial: VerificationMaterial & { content: NonNullable; diff --git a/deps/npm/node_modules/sigstore/dist/types/sigstore/validate.js b/deps/npm/node_modules/sigstore/dist/types/sigstore/validate.js index efd873ab657018..a19d8ad3ec7021 100644 --- a/deps/npm/node_modules/sigstore/dist/types/sigstore/validate.js +++ b/deps/npm/node_modules/sigstore/dist/types/sigstore/validate.js @@ -1,6 +1,21 @@ "use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.assertValidBundle = void 0; +/* +Copyright 2023 The Sigstore Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ const error_1 = require("../../error"); // Performs basic validation of a Sigstore bundle to ensure that all required // fields are populated. This is not a complete validation of the bundle, but diff --git a/deps/npm/node_modules/sigstore/dist/verify.d.ts b/deps/npm/node_modules/sigstore/dist/verify.d.ts index 819d0dadf1be53..850d0f37f09817 100644 --- a/deps/npm/node_modules/sigstore/dist/verify.d.ts +++ b/deps/npm/node_modules/sigstore/dist/verify.d.ts @@ -5,7 +5,7 @@ export declare class Verifier { private trustedRoot; private keySelector; constructor(trustedRoot: sigstore.TrustedRoot, keySelector?: KeySelector); - verify(bundle: sigstore.ValidBundle, options: sigstore.RequiredArtifactVerificationOptions, data?: Buffer): void; + verify(bundle: sigstore.Bundle, options: sigstore.RequiredArtifactVerificationOptions, data?: Buffer): void; private verifyArtifactSignature; private verifySigningCertificate; private verifyTLogEntries; diff --git a/deps/npm/node_modules/sigstore/package.json b/deps/npm/node_modules/sigstore/package.json index b7dc6e30f0dcd3..02655a6c79bc81 100644 --- a/deps/npm/node_modules/sigstore/package.json +++ b/deps/npm/node_modules/sigstore/package.json @@ -1,6 +1,6 @@ { "name": "sigstore", - "version": "1.6.0", + "version": "1.7.0", "description": "code-signing for npm packages", "main": "dist/index.js", "types": "dist/index.d.ts", @@ -31,21 +31,14 @@ }, "devDependencies": { "@sigstore/rekor-types": "^1.0.0", - "@total-typescript/shoehorn": "^0.1.0", + "@sigstore/jest": "^0.0.0", "@tufjs/repo-mock": "^1.1.0", - "@types/make-fetch-happen": "^10.0.0", - "@types/sigstore-jest-extended": "^0.0.0", - "@types/node": "^20.2.5", - "json-schema-to-typescript": "^13.0.0", - "nock": "^13.2.4", - "shx": "^0.3.3", - "typescript": "^5.1.3" + "@types/make-fetch-happen": "^10.0.0" }, "dependencies": { "@sigstore/protobuf-specs": "^0.1.0", - "@sigstore/tuf": "^1.0.0", - "make-fetch-happen": "^11.0.1", - "tuf-js": "^1.1.3" + "@sigstore/tuf": "^1.0.1", + "make-fetch-happen": "^11.0.1" }, "engines": { "node": "^14.17.0 || ^16.13.0 || >=18.0.0" diff --git a/deps/npm/node_modules/sigstore/store/public-good-instance-root.json b/deps/npm/node_modules/sigstore/store/public-good-instance-root.json deleted file mode 100644 index e95c7e88cdf092..00000000000000 --- a/deps/npm/node_modules/sigstore/store/public-good-instance-root.json +++ /dev/null @@ -1 +0,0 @@ -{"signed":{"_type":"root","spec_version":"1.0","version":7,"expires":"2023-10-04T13:08:11Z","keys":{"25a0eb450fd3ee2bd79218c963dce3f1cc6118badf251bf149f0bd07d5cabe99":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEEXsz3SZXFb8jMV42j6pJlyjbjR8K\nN3Bwocexq6LMIb5qsWKOQvLN16NUefLc4HswOoumRsVVaajSpQS6fobkRw==\n-----END PUBLIC KEY-----\n"}},"2e61cd0cbf4a8f45809bda9f7f78c0d33ad11842ff94ae340873e2664dc843de":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0ghrh92Lw1Yr3idGV5WqCtMDB8Cx\n+D8hdC4w2ZLNIplVRoVGLskYa3gheMyOjiJ8kPi15aQ2//7P+oj7UvJPGw==\n-----END PUBLIC KEY-----\n"}},"45b283825eb184cabd582eb17b74fc8ed404f68cf452acabdad2ed6f90ce216b":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELrWvNt94v4R085ELeeCMxHp7PldF\n0/T1GxukUh2ODuggLGJE0pc1e8CSBf6CS91Fwo9FUOuRsjBUld+VqSyCdQ==\n-----END PUBLIC KEY-----\n"}},"7f7513b25429a64473e10ce3ad2f3da372bbdd14b65d07bbaf547e7c8bbbe62b":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEinikSsAQmYkNeH5eYq/CnIzLaacO\nxlSaawQDOwqKy/tCqxq5xxPSJc21K4WIhs9GyOkKfzueY3GILzcMJZ4cWw==\n-----END PUBLIC KEY-----\n"}},"e1863ba02070322ebc626dcecf9d881a3a38c35c3b41a83765b6ad6c37eaec2a":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEWRiGr5+j+3J5SsH+Ztr5nE2H2wO7\nBV+nO3s93gLca18qTOzHY1oWyAGDykMSsGTUBSt9D+An0KfKsD2mfSM42Q==\n-----END PUBLIC KEY-----\n"}},"f5312f542c21273d9485a49394386c4575804770667f2ddb59b3bf0669fddd2f":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEzBzVOmHCPojMVLSI364WiiV8NPrD\n6IgRxVliskz/v+y3JER5mcVGcONliDcWMC5J2lfHmjPNPhb4H7xm8LzfSA==\n-----END PUBLIC KEY-----\n"}},"ff51e17fcf253119b7033f6f57512631da4a0969442afcf9fc8b141c7f2be99c":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEy8XKsmhBYDI8Jc0GwzBxeKax0cm5\nSTKEU65HPFunUn41sT8pi0FjM4IkHz/YUmwmLUO0Wt7lxhj6BkLIK4qYAw==\n-----END PUBLIC KEY-----\n"}}},"roles":{"root":{"keyids":["ff51e17fcf253119b7033f6f57512631da4a0969442afcf9fc8b141c7f2be99c","25a0eb450fd3ee2bd79218c963dce3f1cc6118badf251bf149f0bd07d5cabe99","f5312f542c21273d9485a49394386c4575804770667f2ddb59b3bf0669fddd2f","7f7513b25429a64473e10ce3ad2f3da372bbdd14b65d07bbaf547e7c8bbbe62b","2e61cd0cbf4a8f45809bda9f7f78c0d33ad11842ff94ae340873e2664dc843de"],"threshold":3},"snapshot":{"keyids":["45b283825eb184cabd582eb17b74fc8ed404f68cf452acabdad2ed6f90ce216b"],"threshold":1},"targets":{"keyids":["ff51e17fcf253119b7033f6f57512631da4a0969442afcf9fc8b141c7f2be99c","25a0eb450fd3ee2bd79218c963dce3f1cc6118badf251bf149f0bd07d5cabe99","f5312f542c21273d9485a49394386c4575804770667f2ddb59b3bf0669fddd2f","7f7513b25429a64473e10ce3ad2f3da372bbdd14b65d07bbaf547e7c8bbbe62b","2e61cd0cbf4a8f45809bda9f7f78c0d33ad11842ff94ae340873e2664dc843de"],"threshold":3},"timestamp":{"keyids":["e1863ba02070322ebc626dcecf9d881a3a38c35c3b41a83765b6ad6c37eaec2a"],"threshold":1}},"consistent_snapshot":true},"signatures":[{"keyid":"25a0eb450fd3ee2bd79218c963dce3f1cc6118badf251bf149f0bd07d5cabe99","sig":"3046022100c0610c0055ce5c4a52d054d7322e7b514d55baf44423d63aa4daa077cc60fd1f022100a097f2803f090fb66c42ead915a2c46ebe7db53a32bf18f2188275cc936f8bdd"},{"keyid":"f5312f542c21273d9485a49394386c4575804770667f2ddb59b3bf0669fddd2f","sig":"304502203134f0468810299d5493a867c40630b341296b92e59c29821311d353343bb3a4022100e667ae3d304e7e3da0894c7425f6b9ecd917106841280e5cf6f3496ad5f8f68e"},{"keyid":"7f7513b25429a64473e10ce3ad2f3da372bbdd14b65d07bbaf547e7c8bbbe62b","sig":"3045022037fe5f45426f21eaaf4730d2136f2b1611d6379688f79b9d1e3f61719997135c022100b63b022d7b79d4694b96f416d88aa4d7b1a3bff8a01f4fb51e0f42137c7d2d06"},{"keyid":"2e61cd0cbf4a8f45809bda9f7f78c0d33ad11842ff94ae340873e2664dc843de","sig":"3044022007cc8fcc4940809f2751ad5b535f4c5f53f5b4952f5b5696b09668e743306ac1022006dfcdf94e94c92163eeb1b47796db62cedaa730aa13aa61b573fe23714730f2"}]} diff --git a/deps/npm/package.json b/deps/npm/package.json index f345781248e43e..c6ab8029946fd1 100644 --- a/deps/npm/package.json +++ b/deps/npm/package.json @@ -1,5 +1,5 @@ { - "version": "9.7.2", + "version": "9.8.0", "name": "npm", "description": "a package manager for JavaScript", "workspaces": [ @@ -52,10 +52,10 @@ }, "dependencies": { "@isaacs/string-locale-compare": "^1.1.0", - "@npmcli/arborist": "^6.2.10", + "@npmcli/arborist": "^6.3.0", "@npmcli/config": "^6.2.1", "@npmcli/map-workspaces": "^3.0.4", - "@npmcli/package-json": "^3.1.1", + "@npmcli/package-json": "^4.0.0", "@npmcli/run-script": "^6.0.2", "abbrev": "^2.0.0", "archy": "~1.0.0", @@ -75,13 +75,13 @@ "is-cidr": "^4.0.2", "json-parse-even-better-errors": "^3.0.0", "libnpmaccess": "^7.0.2", - "libnpmdiff": "^5.0.18", - "libnpmexec": "^6.0.1", - "libnpmfund": "^4.0.18", + "libnpmdiff": "^5.0.19", + "libnpmexec": "^6.0.2", + "libnpmfund": "^4.0.19", "libnpmhook": "^9.0.3", "libnpmorg": "^5.0.4", - "libnpmpack": "^5.0.18", - "libnpmpublish": "^7.4.0", + "libnpmpack": "^5.0.19", + "libnpmpublish": "^7.5.0", "libnpmsearch": "^6.0.2", "libnpmteam": "^5.0.3", "libnpmversion": "^4.0.2", @@ -107,7 +107,7 @@ "qrcode-terminal": "^0.12.0", "read": "^2.1.0", "semver": "^7.5.2", - "sigstore": "^1.6.0", + "sigstore": "^1.7.0", "ssri": "^10.0.4", "supports-color": "^9.3.1", "tar": "^6.1.15", diff --git a/deps/npm/tap-snapshots/test/lib/docs.js.test.cjs b/deps/npm/tap-snapshots/test/lib/docs.js.test.cjs index 545f020993a975..4875ebae6952b2 100644 --- a/deps/npm/tap-snapshots/test/lib/docs.js.test.cjs +++ b/deps/npm/tap-snapshots/test/lib/docs.js.test.cjs @@ -3660,6 +3660,7 @@ npm pkg get [ [ ...]] npm pkg delete [ ...] npm pkg set [[].= ...] npm pkg set [[].= ...] +npm pkg fix Options: [-f|--force] [--json] @@ -3674,6 +3675,7 @@ npm pkg get [ [ ...]] npm pkg delete [ ...] npm pkg set [[].= ...] npm pkg set [[].= ...] +npm pkg fix \`\`\` #### \`force\` diff --git a/deps/npm/test/bin/windows-shims.js b/deps/npm/test/bin/windows-shims.js index 13005ccf642ee9..29c257fc7954d3 100644 --- a/deps/npm/test/bin/windows-shims.js +++ b/deps/npm/test/bin/windows-shims.js @@ -1,58 +1,78 @@ const t = require('tap') -const spawn = require('@npmcli/promise-spawn') const { spawnSync } = require('child_process') -const { resolve, join } = require('path') -const { readFileSync, chmodSync } = require('fs') +const { resolve, join, extname, basename, sep } = require('path') +const { readFileSync, chmodSync, readdirSync } = require('fs') const Diff = require('diff') +const { sync: which } = require('which') const { version } = require('../../package.json') -const root = resolve(__dirname, '../..') -const npmShim = join(root, 'bin/npm') -const npxShim = join(root, 'bin/npx') +const ROOT = resolve(__dirname, '../..') +const BIN = join(ROOT, 'bin') +const NODE = readFileSync(process.execPath) +const SHIMS = readdirSync(BIN).reduce((acc, shim) => { + if (extname(shim) !== '.js') { + acc[shim] = readFileSync(join(BIN, shim), 'utf-8') + } + return acc +}, {}) + +const SHIM_EXTS = [...new Set(Object.keys(SHIMS).map(p => extname(p)))] + +// windows requires each segment of a command path to be quoted when using shell: true +const quotePath = (cmd) => cmd + .split(sep) + .map(p => p.includes(' ') ? `"${p}"` : p) + .join(sep) -t.test('npm vs npx', t => { +t.test('shim contents', t => { // these scripts should be kept in sync so this tests the contents of each // and does a diff to ensure the only differences between them are necessary - const diffFiles = (ext = '') => Diff.diffChars( - readFileSync(`${npmShim}${ext}`, 'utf8'), - readFileSync(`${npxShim}${ext}`, 'utf8') - ).filter(v => v.added || v.removed).map((v, i) => i === 0 ? v.value : v.value.toUpperCase()) + const diffFiles = (npm, npx) => Diff.diffChars(npm, npx) + .filter(v => v.added || v.removed) + .reduce((acc, v) => { + if (v.value.length === 1) { + acc.letters.add(v.value.toUpperCase()) + } else { + acc.diff.push(v.value) + } + return acc + }, { diff: [], letters: new Set() }) + + t.plan(SHIM_EXTS.length) t.test('bash', t => { - const [npxCli, ...changes] = diffFiles() - const npxCliLine = npxCli.split('\n').reverse().join('') - t.match(npxCliLine, /^NPX_CLI_JS=/, 'has NPX_CLI') - t.equal(changes.length, 20) - t.strictSame([...new Set(changes)], ['M', 'X'], 'all other changes are m->x') + const { diff, letters } = diffFiles(SHIMS.npm, SHIMS.npx) + t.match(diff[0].split('\n').reverse().join(''), /^NPX_CLI_JS=/, 'has NPX_CLI') + t.equal(diff.length, 1) + t.strictSame([...letters], ['M', 'X'], 'all other changes are m->x') t.end() }) t.test('cmd', t => { - const [npxCli, ...changes] = diffFiles('.cmd') - t.match(npxCli, /^SET "NPX_CLI_JS=/, 'has NPX_CLI') - t.equal(changes.length, 12) - t.strictSame([...new Set(changes)], ['M', 'X'], 'all other changes are m->x') + const { diff, letters } = diffFiles(SHIMS['npm.cmd'], SHIMS['npx.cmd']) + t.match(diff[0], /^SET "NPX_CLI_JS=/, 'has NPX_CLI') + t.equal(diff.length, 1) + t.strictSame([...letters], ['M', 'X'], 'all other changes are m->x') t.end() }) - t.end() + t.test('pwsh', t => { + const { diff, letters } = diffFiles(SHIMS['npm.ps1'], SHIMS['npx.ps1']) + t.equal(diff.length, 0) + t.strictSame([...letters], ['M', 'X'], 'all other changes are m->x') + t.end() + }) }) -t.test('basic', async t => { - if (process.platform !== 'win32') { - t.comment('test only relevant on windows') - return - } - +t.test('run shims', t => { const path = t.testdir({ - 'node.exe': readFileSync(process.execPath), - npm: readFileSync(npmShim), - npx: readFileSync(npxShim), + ...SHIMS, + 'node.exe': NODE, // simulate the state where one version of npm is installed // with node, but we should load the globally installed one 'global-prefix': { node_modules: { - npm: t.fixture('symlink', root), + npm: t.fixture('symlink', ROOT), }, }, // put in a shim that ONLY prints the intended global prefix, @@ -60,15 +80,11 @@ t.test('basic', async t => { node_modules: { npm: { bin: { - 'npx-cli.js': ` - throw new Error('this should not be called') - `, + 'npx-cli.js': `throw new Error('this should not be called')`, 'npm-cli.js': ` const assert = require('assert') - const args = process.argv.slice(2) - assert.equal(args[0], 'prefix') - assert.equal(args[1], '-g') const { resolve } = require('path') + assert.equal(process.argv.slice(2).join(' '), 'prefix -g') console.log(resolve(__dirname, '../../../global-prefix')) `, }, @@ -76,70 +92,162 @@ t.test('basic', async t => { }, }) - chmodSync(join(path, 'npm'), 0o755) - chmodSync(join(path, 'npx'), 0o755) - - const { ProgramFiles, SystemRoot, NYC_CONFIG } = process.env - const gitBash = join(ProgramFiles, 'Git', 'bin', 'bash.exe') - const gitUsrBinBash = join(ProgramFiles, 'Git', 'usr', 'bin', 'bash.exe') - const wslBash = join(SystemRoot, 'System32', 'bash.exe') - const cygwinBash = join(SystemRoot, '/', 'cygwin64', 'bin', 'bash.exe') - - const bashes = Object.entries({ - 'wsl bash': wslBash, - 'git bash': gitBash, - 'git internal bash': gitUsrBinBash, - 'cygwin bash': cygwinBash, - }).map(([name, bash]) => { - let skip - if (bash === cygwinBash && NYC_CONFIG) { - skip = 'does not play nicely with NYC, run without coverage' - } else { - try { - // If WSL is installed, it *has* a bash.exe, but it fails if - // there is no distro installed, so we need to detect that. - if (spawnSync(bash, ['-l', '-c', 'exit 0']).status !== 0) { - throw new Error('not installed') + const spawnPath = (cmd, args, { log, stdioString = true, ...opts } = {}) => { + if (cmd.endsWith('bash.exe')) { + // only cygwin *requires* the -l, but the others are ok with it + args.unshift('-l') + } + const result = spawnSync(cmd, args, { + // don't hit the registry for the update check + env: { PATH: path, npm_config_update_notifier: 'false' }, + cwd: path, + windowsHide: true, + ...opts, + }) + if (stdioString) { + result.stdout = result.stdout?.toString()?.trim() + result.stderr = result.stderr?.toString()?.trim() + } + return { + status: result.status, + signal: result.signal, + stdout: result.stdout, + stderr: result.stderr, + } + } + + const getWslVersion = (cmd) => { + const defaultVersion = 1 + try { + const opts = { shell: cmd, env: process.env } + const wsl = spawnPath('wslpath', [`'${which('wsl')}'`], opts).stdout + const distrosRaw = spawnPath(wsl, ['-l', '-v'], { ...opts, stdioString: false }).stdout + const distros = spawnPath('iconv', ['-f', 'unicode'], { ...opts, input: distrosRaw }).stdout + const distroArgs = distros + .replace(/\r\n/g, '\n') + .split('\n') + .slice(1) + .find(d => d.startsWith('*')) + .replace(/\s+/g, ' ') + .split(' ') + return Number(distroArgs[distroArgs.length - 1]) || defaultVersion + } catch { + return defaultVersion + } + } + + for (const shim of Object.keys(SHIMS)) { + chmodSync(join(path, shim), 0o755) + } + + const { ProgramFiles = '/', SystemRoot = '/', NYC_CONFIG, WINDOWS_SHIMS_TEST } = process.env + const skipDefault = WINDOWS_SHIMS_TEST || process.platform === 'win32' + ? null : 'test not relevant on platform' + + const shells = Object.entries({ + cmd: 'cmd', + pwsh: 'pwsh', + git: join(ProgramFiles, 'Git', 'bin', 'bash.exe'), + 'user git': join(ProgramFiles, 'Git', 'usr', 'bin', 'bash.exe'), + wsl: join(SystemRoot, 'System32', 'bash.exe'), + cygwin: resolve(SystemRoot, '/', 'cygwin64', 'bin', 'bash.exe'), + }).map(([name, cmd]) => { + let match = {} + const skip = { reason: skipDefault, fail: WINDOWS_SHIMS_TEST } + const isBash = cmd.endsWith('bash.exe') + const testName = `${name} ${isBash ? 'bash' : ''}`.trim() + + if (!skip.reason) { + if (isBash) { + try { + // If WSL is installed, it *has* a bash.exe, but it fails if + // there is no distro installed, so we need to detect that. + if (spawnPath(cmd, ['-c', 'exit 0']).status !== 0) { + throw new Error('not installed') + } + if (name === 'cygwin' && NYC_CONFIG) { + throw new Error('does not play nicely with nyc') + } + // WSL version 1 does not work due to + // https://github.com/microsoft/WSL/issues/2370 + if (name === 'wsl' && getWslVersion(cmd) === 1) { + match = { + status: 1, + stderr: 'WSL 1 is not supported. Please upgrade to WSL 2 or above.', + stdout: String, + } + } + } catch (err) { + skip.reason = err.message + } + } else { + try { + cmd = which(cmd) + } catch { + skip.reason = 'not installed' } - } catch { - skip = 'not installed' } } - return { name, bash, skip } + + return { + match, + cmd, + name: testName, + skip: { + ...skip, + reason: skip.reason ? `${testName} - ${skip.reason}` : null, + }, + } }) - for (const { name, bash, skip } of bashes) { - if (skip) { - t.skip(name, { diagnostic: true, bin: bash, reason: skip }) - continue + const matchCmd = (t, cmd, bin, match) => { + const args = [] + const opts = {} + + switch (basename(cmd).toLowerCase()) { + case 'cmd.exe': + cmd = `${bin}.cmd` + break + case 'bash.exe': + args.push(bin) + break + case 'pwsh.exe': + cmd = quotePath(cmd) + args.push(`${bin}.ps1`) + opts.shell = true + break + default: + throw new Error('unknown shell') } - await t.test(name, async t => { - const bins = Object.entries({ - // should have loaded this instance of npm we symlinked in - npm: [['help'], `npm@${version} ${root}`], - npx: [['--version'], version], - }) - - for (const [binName, [cmdArgs, stdout]] of bins) { - await t.test(binName, async t => { - // only cygwin *requires* the -l, but the others are ok with it - const args = ['-l', binName, ...cmdArgs] - const result = await spawn(bash, args, { - // don't hit the registry for the update check - env: { PATH: path, npm_config_update_notifier: 'false' }, - cwd: path, - }) - t.match(result, { - cmd: bash, - args: args, - code: 0, - signal: null, - stderr: String, - stdout, - }) - }) + const isNpm = bin === 'npm' + const result = spawnPath(cmd, [...args, isNpm ? 'help' : '--version'], opts) + + t.match(result, { + status: 0, + signal: null, + stderr: '', + stdout: isNpm ? `npm@${version} ${ROOT}` : version, + ...match, + }, `${cmd} ${bin}`) + } + + // ensure that all tests are either run or skipped + t.plan(shells.length) + + for (const { cmd, skip, name, match } of shells) { + t.test(name, t => { + if (skip.reason) { + if (skip.fail) { + t.fail(skip.reason) + } else { + t.skip(skip.reason) + } + return t.end() } + t.plan(2) + matchCmd(t, cmd, 'npm', match) + matchCmd(t, cmd, 'npx', match) }) } }) diff --git a/deps/npm/test/lib/commands/pkg.js b/deps/npm/test/lib/commands/pkg.js index ef38d537308a53..e915ef942410f5 100644 --- a/deps/npm/test/lib/commands/pkg.js +++ b/deps/npm/test/lib/commands/pkg.js @@ -617,3 +617,21 @@ t.test('workspaces', async t => { 'should delete version field from workspace b' ) }) + +t.test('fix', async t => { + const { pkg, readPackageJson } = await mockNpm(t, { + prefixDir: { + 'package.json': JSON.stringify({ + name: 'foo ', + version: 'v1.1.1', + }), + }, + }) + + await pkg('fix') + t.strictSame( + readPackageJson(), + { name: 'foo', version: '1.1.1' }, + 'fixes package.json issues' + ) +}) diff --git a/deps/npm/test/lib/commands/publish.js b/deps/npm/test/lib/commands/publish.js index 820760bb5704da..c10b380ca95e8e 100644 --- a/deps/npm/test/lib/commands/publish.js +++ b/deps/npm/test/lib/commands/publish.js @@ -756,7 +756,6 @@ t.test('manifest', async t => { 'scripts', 'tap', 'readme', - 'gitHead', 'engines', 'workspaces', ] @@ -765,6 +764,7 @@ t.test('manifest', async t => { t.ok(manifest[k], k) delete manifest[k] } + delete manifest.gitHead manifest.man.sort()