Skip to content

Commit

Permalink
deps: upgrade npm to 8.1.4
Browse files Browse the repository at this point in the history
PR-URL: #40865
Reviewed-By: Michaël Zasso <[email protected]>
Reviewed-By: Rich Trott <[email protected]>
npm-robot authored and targos committed Nov 26, 2021
1 parent 1482c44 commit 90f35fc
Showing 353 changed files with 8,547 additions and 7,424 deletions.
15 changes: 9 additions & 6 deletions deps/npm/bin/npx-cli.js
Original file line number Diff line number Diff line change
@@ -26,7 +26,7 @@ const removed = new Set([

const { definitions, shorthands } = require('../lib/utils/config/index.js')
const npmSwitches = Object.entries(definitions)
.filter(([key, {type}]) => type === Boolean ||
.filter(([key, { type }]) => type === Boolean ||
(Array.isArray(type) && type.includes(Boolean)))
.map(([key]) => key)

@@ -65,9 +65,9 @@ let i
let sawRemovedFlags = false
for (i = 3; i < process.argv.length; i++) {
const arg = process.argv[i]
if (arg === '--')
if (arg === '--') {
break
else if (/^-/.test(arg)) {
} else if (/^-/.test(arg)) {
const [key, ...v] = arg.replace(/^-+/, '').split('=')

switch (key) {
@@ -87,8 +87,9 @@ for (i = 3; i < process.argv.length; i++) {
// resolve shorthands and run again
if (shorthands[key] && !removed.has(key)) {
const a = [...shorthands[key]]
if (v.length)
if (v.length) {
a.push(v.join('='))
}
process.argv.splice(i, 1, ...a)
i--
continue
@@ -109,8 +110,9 @@ for (i = 3; i < process.argv.length; i++) {
if (removed.has(key)) {
// also remove the value for the cut key.
process.argv.splice(i + 1, 1)
} else
} else {
i++
}
}
} else {
// found a positional arg, put -- in front of it, and we're done
@@ -119,7 +121,8 @@ for (i = 3; i < process.argv.length; i++) {
}
}

if (sawRemovedFlags)
if (sawRemovedFlags) {
console.error('See `npm help exec` for more information')
}

cli(process)
2 changes: 1 addition & 1 deletion deps/npm/docs/content/commands/npm-install.md
Original file line number Diff line number Diff line change
@@ -58,7 +58,7 @@ into a tarball (b).

* `npm install` (in a package directory, no arguments):

Install the dependencies in the local `node_modules` folder.
Install the dependencies to the local `node_modules` folder.

In global mode (ie, with `-g` or `--global` appended to the command),
it installs the current package context (ie, the current working
2 changes: 2 additions & 0 deletions deps/npm/docs/content/using-npm/developers.md
Original file line number Diff line number Diff line change
@@ -119,7 +119,9 @@ need to add them to `.npmignore` explicitly:
* `._*`
* `.DS_Store`
* `.git`
* `.gitignore`
* `.hg`
* `.npmignore`
* `.npmrc`
* `.lock-wscript`
* `.svn`
11 changes: 6 additions & 5 deletions deps/npm/docs/output/commands/npm-access.html
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
<html><head>
<!DOCTYPE html><html><head>
<meta charset="utf-8">
<title>npm-access</title>
<style>
body {
@@ -181,7 +182,7 @@ <h3 id="description">Description</h3>
<li>
<p>ls-packages:
Show all of the packages a user or a team is able to access, along with the
access level, except for read-only public packages (it wont print the whole
access level, except for read-only public packages (it won't print the whole
registry listing)</p>
</li>
<li>
@@ -209,7 +210,7 @@ <h3 id="details">Details</h3>
<li>You have been given read-write privileges for a package, either as a member
of a team or directly as an owner.</li>
</ul>
<p>If you have two-factor authentication enabled then youll be prompted to
<p>If you have two-factor authentication enabled then you'll be prompted to
provide an otp token, or may use the <code>--otp=...</code> option to specify it on
the command line.</p>
<p>If your account is not paid, then attempts to publish scoped packages will
@@ -222,7 +223,7 @@ <h3 id="configuration">Configuration</h3>
<!-- raw HTML omitted -->
<h4 id="registry"><code>registry</code></h4>
<ul>
<li>Default: <a href="https://registry.npmjs.org/">https://registry.npmjs.org/</a></li>
<li>Default: "<a href="https://registry.npmjs.org/">https://registry.npmjs.org/</a>"</li>
<li>Type: URL</li>
</ul>
<p>The base URL of the npm registry.</p>
@@ -233,7 +234,7 @@ <h4 id="otp"><code>otp</code></h4>
<li>Default: null</li>
<li>Type: null or String</li>
</ul>
<p>This is a one-time password from a two-factor authenticator. Its needed
<p>This is a one-time password from a two-factor authenticator. It's needed
when publishing or changing package permissions with <code>npm access</code>.</p>
<p>If not set, and a registry response fails with a challenge for a one-time
password, npm will prompt on the command line for one.</p>
7 changes: 4 additions & 3 deletions deps/npm/docs/output/commands/npm-adduser.html
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
<html><head>
<!DOCTYPE html><html><head>
<meta charset="utf-8">
<title>npm-adduser</title>
<style>
body {
@@ -168,15 +169,15 @@ <h3 id="configuration">Configuration</h3>
<!-- raw HTML omitted -->
<h4 id="registry"><code>registry</code></h4>
<ul>
<li>Default: <a href="https://registry.npmjs.org/">https://registry.npmjs.org/</a></li>
<li>Default: "<a href="https://registry.npmjs.org/">https://registry.npmjs.org/</a>"</li>
<li>Type: URL</li>
</ul>
<p>The base URL of the npm registry.</p>
<!-- raw HTML omitted -->
<!-- raw HTML omitted -->
<h4 id="scope"><code>scope</code></h4>
<ul>
<li>Default: the scope of the current project, if any, or “”</li>
<li>Default: the scope of the current project, if any, or ""</li>
<li>Type: String</li>
</ul>
<p>Associate an operation with a scope for a scoped registry.</p>
27 changes: 14 additions & 13 deletions deps/npm/docs/output/commands/npm-audit.html
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
<html><head>
<!DOCTYPE html><html><head>
<meta charset="utf-8">
<title>npm-audit</title>
<style>
body {
@@ -159,13 +160,13 @@ <h3 id="description">Description</h3>
<p>The command will exit with a 0 exit code if no vulnerabilities were found.</p>
<p>Note that some vulnerabilities cannot be fixed automatically and will
require manual intervention or review. Also note that since <code>npm audit fix</code> runs a full-fledged <code>npm install</code> under the hood, all configs that
apply to the installer will also apply to <code>npm install</code> so things like
apply to the installer will also apply to <code>npm install</code> -- so things like
<code>npm audit fix --package-lock-only</code> will work as expected.</p>
<p>By default, the audit command will exit with a non-zero code if any
vulnerability is found. It may be useful in CI environments to include the
<code>--audit-level</code> parameter to specify the minimum vulnerability level that
will cause the command to fail. This option does not filter the report
output, it simply changes the commands failure threshold.</p>
output, it simply changes the command's failure threshold.</p>
<h3 id="audit-endpoints">Audit Endpoints</h3>
<p>There are two audit endpoints that npm may use to fetch vulnerability
information: the <code>Bulk Advisory</code> endpoint and the <code>Quick Audit</code> endpoint.</p>
@@ -203,7 +204,7 @@ <h4 id="quick-audit-endpoint">Quick Audit Endpoint</h4>
<p>All packages in the tree are submitted to the Quick Audit endpoint.
Omitted dependency types are skipped when generating the report.</p>
<h4 id="scrubbing">Scrubbing</h4>
<p>Out of an abundance of caution, npm versions 5 and 6 would scrub any
<p>Out of an abundance of caution, npm versions 5 and 6 would "scrub" any
packages from the submitted report if their name contained a <code>/</code> character,
so as to avoid leaking the names of potentially private packages or git
URLs.</p>
@@ -215,12 +216,12 @@ <h4 id="scrubbing">Scrubbing</h4>
<h4 id="calculating-meta-vulnerabilities-and-remediations">Calculating Meta-Vulnerabilities and Remediations</h4>
<p>npm uses the
<a href="http://npm.im/@npmcli/metavuln-calculator"><code>@npmcli/metavuln-calculator</code></a>
module to turn a set of security advisories into a set of vulnerability
objects. A meta-vulnerability is a dependency that is vulnerable by
module to turn a set of security advisories into a set of "vulnerability"
objects. A "meta-vulnerability" is a dependency that is vulnerable by
virtue of dependence on vulnerable versions of a vulnerable package.</p>
<p>For example, if the package <code>foo</code> is vulnerable in the range <code>&gt;=1.0.2 &lt;2.0.0</code>, and the package <code>bar</code> depends on <code>foo@^1.1.0</code>, then that version
of <code>bar</code> can only be installed by installing a vulnerable version of <code>foo</code>.
In this case, <code>bar</code> is a metavulnerability.</p>
In this case, <code>bar</code> is a "metavulnerability".</p>
<p>Once metavulnerabilities for a given package are calculated, they are
cached in the <code>~/.npm</code> folder and only re-evaluated if the advisory range
changes, or a new version of the package is published (in which case, the
@@ -275,7 +276,7 @@ <h3 id="configuration">Configuration</h3>
<h4 id="audit-level"><code>audit-level</code></h4>
<ul>
<li>Default: null</li>
<li>Type: null, info”, “low”, “moderate”, “high”, “critical, or none</li>
<li>Type: null, "info", "low", "moderate", "high", "critical", or "none"</li>
</ul>
<p>The minimum level of vulnerability for <code>npm audit</code> to exit with a non-zero
exit code.</p>
@@ -286,7 +287,7 @@ <h4 id="dry-run"><code>dry-run</code></h4>
<li>Default: false</li>
<li>Type: Boolean</li>
</ul>
<p>Indicates that you dont want npm to make any changes and that it should
<p>Indicates that you don't want npm to make any changes and that it should
only report what it would have done. This can be passed into any of the
commands that modify your local installation, eg, <code>install</code>, <code>update</code>,
<code>dedupe</code>, <code>uninstall</code>, as well as <code>pack</code> and <code>publish</code>.</p>
@@ -316,7 +317,7 @@ <h4 id="force"><code>force</code></h4>
<li>Implicitly set <code>--yes</code> during <code>npm init</code>.</li>
<li>Allow clobbering existing values in <code>npm pkg</code></li>
</ul>
<p>If you dont have a clear idea of what you want to do, it is strongly
<p>If you don't have a clear idea of what you want to do, it is strongly
recommended that you do not use this option!</p>
<!-- raw HTML omitted -->
<!-- raw HTML omitted -->
@@ -348,9 +349,9 @@ <h4 id="package-lock-only"><code>package-lock-only</code></h4>
<!-- raw HTML omitted -->
<h4 id="omit"><code>omit</code></h4>
<ul>
<li>Default: dev if the <code>NODE_ENV</code> environment variable is set to
production, otherwise empty.</li>
<li>Type: dev”, “optional, or peer (can be set multiple times)</li>
<li>Default: 'dev' if the <code>NODE_ENV</code> environment variable is set to
'production', otherwise empty.</li>
<li>Type: "dev", "optional", or "peer" (can be set multiple times)</li>
</ul>
<p>Dependency types to omit from the installation tree on disk.</p>
<p>Note that these dependencies <em>are</em> still resolved and added to the
5 changes: 3 additions & 2 deletions deps/npm/docs/output/commands/npm-bin.html
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
<html><head>
<!DOCTYPE html><html><head>
<meta charset="utf-8">
<title>npm-bin</title>
<style>
body {
@@ -159,7 +160,7 @@ <h4 id="global"><code>global</code></h4>
<li>Default: false</li>
<li>Type: Boolean</li>
</ul>
<p>Operates in global mode, so that packages are installed into the <code>prefix</code>
<p>Operates in "global" mode, so that packages are installed into the <code>prefix</code>
folder instead of the current working directory. See
<a href="../configuring-npm/folders.html">folders</a> for more on the differences in behavior.</p>
<ul>
7 changes: 4 additions & 3 deletions deps/npm/docs/output/commands/npm-bugs.html
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
<html><head>
<!DOCTYPE html><html><head>
<meta charset="utf-8">
<title>npm-bugs</title>
<style>
body {
@@ -150,7 +151,7 @@ <h2 id="table-of-contents">Table of contents</h2>
aliases: issues
</code></pre>
<h3 id="description">Description</h3>
<p>This command tries to guess at the likely location of a packages bug
<p>This command tries to guess at the likely location of a package's bug
tracker URL or the <code>mailto</code> URL of the support email, and then tries to
open it using the <code>--browser</code> config param. If no package name is provided, it
will search for a <code>package.json</code> in the current folder and use the <code>name</code> property.</p>
@@ -171,7 +172,7 @@ <h4 id="browser"><code>browser</code></h4>
<!-- raw HTML omitted -->
<h4 id="registry"><code>registry</code></h4>
<ul>
<li>Default: <a href="https://registry.npmjs.org/">https://registry.npmjs.org/</a></li>
<li>Default: "<a href="https://registry.npmjs.org/">https://registry.npmjs.org/</a>"</li>
<li>Type: URL</li>
</ul>
<p>The base URL of the npm registry.</p>
11 changes: 6 additions & 5 deletions deps/npm/docs/output/commands/npm-cache.html
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
<html><head>
<!DOCTYPE html><html><head>
<meta charset="utf-8">
<title>npm-cache</title>
<style>
body {
@@ -141,7 +142,7 @@ <h1 id="npm-cache">npm-cache</h1>

<section id="table_of_contents">
<h2 id="table-of-contents">Table of contents</h2>
<div id="_table_of_contents"><ul><li><a href="#synopsis">Synopsis</a></li><li><a href="#description">Description</a></li><li><a href="#details">Details</a></li><li><a href="#a-note-about-the-caches-design">A note about the caches design</a></li><li><a href="#configuration">Configuration</a></li><ul><li><a href="#cache"><code>cache</code></a></li></ul><li><a href="#see-also">See Also</a></li></ul></div>
<div id="_table_of_contents"><ul><li><a href="#synopsis">Synopsis</a></li><li><a href="#description">Description</a></li><li><a href="#details">Details</a></li><li><a href="#a-note-about-the-caches-design">A note about the cache's design</a></li><li><a href="#configuration">Configuration</a></li><ul><li><a href="#cache"><code>cache</code></a></li></ul><li><a href="#see-also">See Also</a></li></ul></div>
</section>

<div id="_content"><h3 id="synopsis">Synopsis</h3>
@@ -168,7 +169,7 @@ <h3 id="description">Description</h3>
<li>
<p>clean:
Delete all data out of the cache folder. Note that this is typically
unnecessary, as npms cache is self-healing and resistant to data
unnecessary, as npm's cache is self-healing and resistant to data
corruption issues.</p>
</li>
<li>
@@ -195,7 +196,7 @@ <h3 id="details">Details</h3>
used directly.</p>
<p>npm will not remove data by itself: the cache will grow as new packages are
installed.</p>
<h3 id="a-note-about-the-caches-design">A note about the caches design</h3>
<h3 id="a-note-about-the-caches-design">A note about the cache's design</h3>
<p>The npm cache is strictly a cache: it should not be relied upon as a
persistent and reliable data store for package data. npm makes no guarantee
that a previously-cached piece of data will be available later, and will
@@ -212,7 +213,7 @@ <h4 id="cache"><code>cache</code></h4>
<li>Default: Windows: <code>%LocalAppData%\npm-cache</code>, Posix: <code>~/.npm</code></li>
<li>Type: Path</li>
</ul>
<p>The location of npms cache directory. See <a href="../commands/npm-cache.html"><code>npm cache</code></a></p>
<p>The location of npm's cache directory. See <a href="../commands/npm-cache.html"><code>npm cache</code></a></p>
<!-- raw HTML omitted -->
<!-- raw HTML omitted -->
<!-- raw HTML omitted -->
13 changes: 7 additions & 6 deletions deps/npm/docs/output/commands/npm-ci.html
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
<html><head>
<!DOCTYPE html><html><head>
<meta charset="utf-8">
<title>npm-ci</title>
<style>
body {
@@ -149,9 +150,9 @@ <h2 id="table-of-contents">Table of contents</h2>
</code></pre>
<h3 id="description">Description</h3>
<p>This command is similar to <a href="../commands/npm-install.html"><code>npm install</code></a>, except
its meant to be used in automated environments such as test platforms,
continuous integration, and deployment or any situation where you want
to make sure youre doing a clean install of your dependencies.</p>
it's meant to be used in automated environments such as test platforms,
continuous integration, and deployment -- or any situation where you want
to make sure you're doing a clean install of your dependencies.</p>
<p><code>npm ci</code> will be significantly faster when:</p>
<ul>
<li>There is a <code>package-lock.json</code> or <code>npm-shrinkwrap.json</code> file.</li>
@@ -199,7 +200,7 @@ <h4 id="audit"><code>audit</code></h4>
<li>Default: true</li>
<li>Type: Boolean</li>
</ul>
<p>When true submit audit reports alongside the current npm command to the
<p>When "true" submit audit reports alongside the current npm command to the
default registry and all registries configured for scopes. See the
documentation for <a href="../commands/npm-audit.html"><code>npm audit</code></a> for details on what is
submitted.</p>
@@ -219,7 +220,7 @@ <h4 id="ignore-scripts"><code>ignore-scripts</code></h4>
<!-- raw HTML omitted -->
<h4 id="script-shell"><code>script-shell</code></h4>
<ul>
<li>Default: /bin/sh on POSIX systems, cmd.exe on Windows</li>
<li>Default: '/bin/sh' on POSIX systems, 'cmd.exe' on Windows</li>
<li>Type: null or String</li>
</ul>
<p>The shell to use for scripts run with the <code>npm exec</code>, <code>npm run</code> and <code>npm init &lt;pkg&gt;</code> commands.</p>
5 changes: 3 additions & 2 deletions deps/npm/docs/output/commands/npm-completion.html
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
<html><head>
<!DOCTYPE html><html><head>
<meta charset="utf-8">
<title>npm-completion</title>
<style>
body {
@@ -162,7 +163,7 @@ <h3 id="description">Description</h3>
<code>/etc/bash_completion.d/npm</code> if you have a system that will read
that file for you.</p>
<p>When <code>COMP_CWORD</code>, <code>COMP_LINE</code>, and <code>COMP_POINT</code> are defined in the
environment, <code>npm completion</code> acts in plumbing mode, and outputs
environment, <code>npm completion</code> acts in "plumbing mode", and outputs
completions based on the arguments.</p>
<h3 id="see-also">See Also</h3>
<ul>
Loading

0 comments on commit 90f35fc

Please sign in to comment.