Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

deps: upgrade npm to 8.19.0 #44469

Closed
wants to merge 1 commit into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 6 additions & 7 deletions deps/npm/docs/content/commands/npm-access.md
Original file line number Diff line number Diff line change
Expand Up @@ -35,29 +35,28 @@ For all of the subcommands, `npm access` will perform actions on the packages
in the current working directory if no package name is passed to the
subcommand.
* public / restricted:
* public / restricted (deprecated):
Set a package to be either publicly accessible or restricted.
* grant / revoke:
* grant / revoke (deprecated):
Add or remove the ability of users and teams to have read-only or read-write
access to a package.
* 2fa-required / 2fa-not-required:
* 2fa-required / 2fa-not-required (deprecated):
Configure whether a package requires that anyone publishing it have two-factor
authentication enabled on their account.
* ls-packages:
* ls-packages (deprecated):
Show all of the packages a user or a team is able to access, along with the
access level, except for read-only public packages (it won't print the whole
registry listing)
* ls-collaborators:
* ls-collaborators (deprecated):
Show all of the access privileges for a package. Will only show permissions
for packages to which you have at least read access. If `<user>` is passed in,
the list is filtered only to teams _that_ user happens to belong to.
* edit:
Set the access privileges for a package at once using `$EDITOR`.
* edit (not implemented)
### Details
Expand Down
2 changes: 1 addition & 1 deletion deps/npm/docs/content/commands/npm-query.md
Original file line number Diff line number Diff line change
Expand Up @@ -232,4 +232,4 @@ This value is not exported to the environment for child processes.
<!-- AUTOGENERATED CONFIG DESCRIPTIONS END -->
## See Also

* [dependency selector](/using-npm/dependency-selector)
* [dependency selectors](/using-npm/dependency-selectors)
28 changes: 28 additions & 0 deletions deps/npm/docs/content/configuring-npm/npmrc.md
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,34 @@ consistent across updates. Set fields in here using the `./configure`
script that comes with npm. This is primarily for distribution maintainers
to override default configs in a standard and consistent manner.

### Auth related configuration

The settings `_auth`, `_authToken`, `username` and `_password` must all be
scoped to a specific registry. This ensures that `npm` will never send
credentials to the wrong host.

In order to scope these values, they must be prefixed by a URI fragment.
If the credential is meant for any request to a registry on a single host,
the scope may look like `//registry.npmjs.org/:`. If it must be scoped to a
specific path on the host that path may also be provided, such as
`//my-custom-registry.org/unique/path:`.

```
; bad config
_authToken=MYTOKEN

; good config
@myorg:registry=https://somewhere-else.com/myorg
@another:registry=https://somewhere-else.com/another
//registry.npmjs.org/:_authToken=MYTOKEN
; would apply to both @myorg and @another
; //somewhere-else.com/:_authToken=MYTOKEN
; would apply only to @myorg
//somewhere-else.com/myorg/:_authToken=MYTOKEN1
; would apply only to @another
//somewhere-else.com/another/:_authToken=MYTOKEN2
```

### See also

* [npm folders](/configuring-npm/folders)
Expand Down
4 changes: 2 additions & 2 deletions deps/npm/docs/content/using-npm/dependency-selectors.md
Original file line number Diff line number Diff line change
Expand Up @@ -144,7 +144,7 @@ const arb = new Arborist({})

```js
// root-level
arb.loadActual((tree) => {
arb.loadActual().then(async (tree) => {
// query all production dependencies
const results = await tree.querySelectorAll('.prod')
console.log(results)
Expand All @@ -153,7 +153,7 @@ arb.loadActual((tree) => {

```js
// iterative
arb.loadActual((tree) => {
arb.loadActual().then(async (tree) => {
// query for the deduped version of react
const results = await tree.querySelectorAll('#react:not(:deduped)')
// query the deduped react for git deps
Expand Down
13 changes: 6 additions & 7 deletions deps/npm/docs/output/commands/npm-access.html
Original file line number Diff line number Diff line change
Expand Up @@ -169,34 +169,33 @@ <h3 id="description">Description</h3>
subcommand.</p>
<ul>
<li>
<p>public / restricted:
<p>public / restricted (deprecated):
Set a package to be either publicly accessible or restricted.</p>
</li>
<li>
<p>grant / revoke:
<p>grant / revoke (deprecated):
Add or remove the ability of users and teams to have read-only or read-write
access to a package.</p>
</li>
<li>
<p>2fa-required / 2fa-not-required:
<p>2fa-required / 2fa-not-required (deprecated):
Configure whether a package requires that anyone publishing it have two-factor
authentication enabled on their account.</p>
</li>
<li>
<p>ls-packages:
<p>ls-packages (deprecated):
Show all of the packages a user or a team is able to access, along with the
access level, except for read-only public packages (it won't print the whole
registry listing)</p>
</li>
<li>
<p>ls-collaborators:
<p>ls-collaborators (deprecated):
Show all of the access privileges for a package. Will only show permissions
for packages to which you have at least read access. If <code>&lt;user&gt;</code> is passed in,
the list is filtered only to teams <em>that</em> user happens to belong to.</p>
</li>
<li>
<p>edit:
Set the access privileges for a package at once using <code>$EDITOR</code>.</p>
<p>edit (not implemented)</p>
</li>
</ul>
<h3 id="details">Details</h3>
Expand Down
2 changes: 1 addition & 1 deletion deps/npm/docs/output/commands/npm-ls.html
Original file line number Diff line number Diff line change
Expand Up @@ -166,7 +166,7 @@ <h3 id="description">Description</h3>
the results to only the paths to the packages named. Note that nested
packages will <em>also</em> show the paths to the specified packages. For
example, running <code>npm ls promzard</code> in npm's source tree will show:</p>
<pre lang="bash"><code>npm@8.18.0 /path/to/npm
<pre lang="bash"><code>npm@8.19.0 /path/to/npm
└─┬ [email protected]
└── [email protected]
</code></pre>
Expand Down
2 changes: 1 addition & 1 deletion deps/npm/docs/output/commands/npm-query.html
Original file line number Diff line number Diff line change
Expand Up @@ -344,7 +344,7 @@ <h4 id="include-workspace-root"><code>include-workspace-root</code></h4>
<!-- raw HTML omitted -->
<h2 id="see-also">See Also</h2>
<ul>
<li><a href="../using-npm/dependency-selector.html">dependency selector</a></li>
<li><a href="../using-npm/dependency-selectors.html">dependency selectors</a></li>
</ul>
</div>

Expand Down
2 changes: 1 addition & 1 deletion deps/npm/docs/output/commands/npm.html
Original file line number Diff line number Diff line change
Expand Up @@ -149,7 +149,7 @@ <h2 id="table-of-contents">Table of contents</h2>
<!-- raw HTML omitted -->
<!-- raw HTML omitted -->
<h3 id="version">Version</h3>
<p>8.18.0</p>
<p>8.19.0</p>
<h3 id="description">Description</h3>
<p>npm is the package manager for the Node JavaScript platform. It puts
modules in place so that node can find them, and manages dependency
Expand Down
25 changes: 24 additions & 1 deletion deps/npm/docs/output/configuring-npm/npmrc.html
Original file line number Diff line number Diff line change
Expand Up @@ -142,7 +142,7 @@ <h1 id="npmrc">npmrc</h1>

<section id="table_of_contents">
<h2 id="table-of-contents">Table of contents</h2>
<div id="_table_of_contents"><ul><li><a href="#description">Description</a></li><li><a href="#files">Files</a></li><ul><li><a href="#comments">Comments</a></li><li><a href="#per-project-config-file">Per-project config file</a></li><li><a href="#per-user-config-file">Per-user config file</a></li><li><a href="#global-config-file">Global config file</a></li><li><a href="#built-in-config-file">Built-in config file</a></li></ul><li><a href="#see-also">See also</a></li></ul></div>
<div id="_table_of_contents"><ul><li><a href="#description">Description</a></li><li><a href="#files">Files</a></li><ul><li><a href="#comments">Comments</a></li><li><a href="#per-project-config-file">Per-project config file</a></li><li><a href="#per-user-config-file">Per-user config file</a></li><li><a href="#global-config-file">Global config file</a></li><li><a href="#built-in-config-file">Built-in config file</a></li></ul><li><a href="#auth-related-configuration">Auth related configuration</a></li><li><a href="#see-also">See also</a></li></ul></div>
</section>

<div id="_content"><h3 id="description">Description</h3>
Expand Down Expand Up @@ -204,6 +204,29 @@ <h4 id="built-in-config-file">Built-in config file</h4>
consistent across updates. Set fields in here using the <code>./configure</code>
script that comes with npm. This is primarily for distribution maintainers
to override default configs in a standard and consistent manner.</p>
<h3 id="auth-related-configuration">Auth related configuration</h3>
<p>The settings <code>_auth</code>, <code>_authToken</code>, <code>username</code> and <code>_password</code> must all be
scoped to a specific registry. This ensures that <code>npm</code> will never send
credentials to the wrong host.</p>
<p>In order to scope these values, they must be prefixed by a URI fragment.
If the credential is meant for any request to a registry on a single host,
the scope may look like <code>//registry.npmjs.org/:</code>. If it must be scoped to a
specific path on the host that path may also be provided, such as
<code>//my-custom-registry.org/unique/path:</code>.</p>
<pre><code>; bad config
_authToken=MYTOKEN

; good config
@myorg:registry=https://somewhere-else.com/myorg
@another:registry=https://somewhere-else.com/another
//registry.npmjs.org/:_authToken=MYTOKEN
; would apply to both @myorg and @another
; //somewhere-else.com/:_authToken=MYTOKEN
; would apply only to @myorg
//somewhere-else.com/myorg/:_authToken=MYTOKEN1
; would apply only to @another
//somewhere-else.com/another/:_authToken=MYTOKEN2
</code></pre>
<h3 id="see-also">See also</h3>
<ul>
<li><a href="../configuring-npm/folders.html">npm folders</a></li>
Expand Down
4 changes: 2 additions & 2 deletions deps/npm/docs/output/using-npm/dependency-selectors.html
Original file line number Diff line number Diff line change
Expand Up @@ -264,14 +264,14 @@ <h3 id="programmatic-usage">Programmatic Usage</h3>
const arb = new Arborist({})
</code></pre>
<pre lang="js"><code>// root-level
arb.loadActual((tree) =&gt; {
arb.loadActual().then(async (tree) =&gt; {
// query all production dependencies
const results = await tree.querySelectorAll('.prod')
console.log(results)
})
</code></pre>
<pre lang="js"><code>// iterative
arb.loadActual((tree) =&gt; {
arb.loadActual().then(async (tree) =&gt; {
// query for the deduped version of react
const results = await tree.querySelectorAll('#react:not(:deduped)')
// query the deduped react for git deps
Expand Down
16 changes: 15 additions & 1 deletion deps/npm/lib/commands/access.js
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ const readPackageJson = require('read-package-json-fast')

const otplease = require('../utils/otplease.js')
const getIdentity = require('../utils/get-identity.js')
const log = require('../utils/log-shim.js')
const BaseCommand = require('../base-command.js')

const subcommands = [
Expand All @@ -19,6 +20,15 @@ const subcommands = [
'2fa-not-required',
]

const deprecated = [
'2fa-not-required',
'2fa-required',
'ls-collaborators',
'ls-packages',
'public',
'restricted',
]

class Access extends BaseCommand {
static description = 'Set access level on published packages'
static name = 'access'
Expand Down Expand Up @@ -78,6 +88,10 @@ class Access extends BaseCommand {
throw this.usageError(`${cmd} is not a recognized subcommand.`)
}

if (deprecated.includes(cmd)) {
log.warn('access', `${cmd} subcommand will be removed in the next version of npm`)
}

return this[cmd](args, {
...this.npm.flatOptions,
})
Expand Down Expand Up @@ -175,7 +189,7 @@ class Access extends BaseCommand {
}

async edit () {
throw new Error('edit subcommand is not implemented yet')
throw new Error('edit subcommand is not implemented')
}

modifyPackage (pkg, opts, fn, requireScope = true) {
Expand Down
5 changes: 3 additions & 2 deletions deps/npm/lib/commands/audit.js
Original file line number Diff line number Diff line change
Expand Up @@ -178,11 +178,12 @@ class VerifySignatures {
let name = edge.name
try {
name = npa(edge.spec).subSpec.name
} catch (_) {
} catch {
// leave it as edge.name
}
try {
return npa(`${name}@${edge.spec}`)
} catch (_) {
} catch {
// Skip packages with invalid spec
}
}
Expand Down
9 changes: 7 additions & 2 deletions deps/npm/lib/commands/edit.js
Original file line number Diff line number Diff line change
Expand Up @@ -58,11 +58,16 @@ class Edit extends BaseCommand {
}
const [bin, ...args] = this.npm.config.get('editor').split(/\s+/)
const editor = cp.spawn(bin, [...args, dir], { stdio: 'inherit' })
editor.on('exit', (code) => {
editor.on('exit', async (code) => {
if (code) {
return reject(new Error(`editor process exited with code: ${code}`))
}
this.npm.exec('rebuild', [dir]).catch(reject).then(resolve)
try {
await this.npm.exec('rebuild', [dir])
} catch (err) {
reject(err)
}
resolve()
})
})
})
Expand Down
Loading