From 6bf688d1d86f0a642ab7f935d3b272a8d439e874 Mon Sep 17 00:00:00 2001 From: npm CLI robot Date: Thu, 28 Jul 2022 11:03:27 -0700 Subject: [PATCH] deps: upgrade npm to 8.15.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit PR-URL: https://github.com/nodejs/node/pull/44013 Reviewed-By: Mohammed Keyvanzadeh Reviewed-By: Tobias Nießen Reviewed-By: Filip Skokan Reviewed-By: Luigi Pinca --- deps/npm/docs/content/commands/npm-ci.md | 253 ++++++++++++++++- deps/npm/docs/content/commands/npm-init.md | 2 + .../content/commands/npm-install-ci-test.md | 253 ++++++++++++++++- deps/npm/docs/content/commands/npm-install.md | 2 +- deps/npm/docs/content/commands/npm-ls.md | 4 +- .../content/configuring-npm/package-json.md | 2 +- deps/npm/docs/content/using-npm/workspaces.md | 10 +- deps/npm/docs/output/commands/npm-ci.html | 211 +++++++++++++- deps/npm/docs/output/commands/npm-init.html | 2 + .../output/commands/npm-install-ci-test.html | 211 +++++++++++++- .../npm/docs/output/commands/npm-install.html | 2 +- deps/npm/docs/output/commands/npm-ls.html | 6 +- deps/npm/docs/output/commands/npm.html | 2 +- .../output/configuring-npm/package-json.html | 2 +- .../npm/docs/output/using-npm/workspaces.html | 9 +- deps/npm/lib/commands/ci.js | 9 +- deps/npm/lib/commands/diff.js | 14 +- deps/npm/lib/commands/init.js | 7 +- deps/npm/lib/commands/link.js | 4 +- deps/npm/lib/npm.js | 10 +- deps/npm/lib/utils/log-file.js | 6 +- deps/npm/man/man1/npm-ci.1 | 266 +++++++++++++++++- deps/npm/man/man1/npm-init.1 | 4 + deps/npm/man/man1/npm-install-ci-test.1 | 266 +++++++++++++++++- deps/npm/man/man1/npm-install.1 | 2 +- deps/npm/man/man1/npm-ls.1 | 6 +- deps/npm/man/man1/npm.1 | 2 +- deps/npm/man/man5/package-json.5 | 2 +- deps/npm/man/man7/workspaces.7 | 12 +- .../arborist/lib/arborist/build-ideal-tree.js | 4 +- .../arborist/lib/arborist/load-actual.js | 2 +- .../arborist/lib/arborist/load-virtual.js | 2 +- .../@npmcli/arborist/lib/arborist/reify.js | 2 +- .../arborist/lib/consistent-resolve.js | 4 +- .../node_modules/@npmcli/arborist/lib/link.js | 2 +- .../node_modules/@npmcli/arborist/lib/node.js | 2 +- .../@npmcli/arborist/lib/shrinkwrap.js | 6 +- .../@npmcli/arborist/package.json | 2 +- deps/npm/package.json | 2 +- .../test/lib/commands/link.js.test.cjs | 5 + .../test/lib/load-all-commands.js.test.cjs | 18 +- .../tap-snapshots/test/lib/npm.js.test.cjs | 18 +- deps/npm/test/fixtures/mock-npm.js | 36 +-- deps/npm/test/lib/commands/init.js | 38 +++ deps/npm/test/lib/commands/link.js | 36 +++ deps/npm/test/lib/npm.js | 46 ++- 46 files changed, 1651 insertions(+), 155 deletions(-) diff --git a/deps/npm/docs/content/commands/npm-ci.md b/deps/npm/docs/content/commands/npm-ci.md index 9b8238d05a3b91..30a03365ade814 100644 --- a/deps/npm/docs/content/commands/npm-ci.md +++ b/deps/npm/docs/content/commands/npm-ci.md @@ -84,15 +84,129 @@ cache: -#### `audit` +#### `save` + +* Default: `true` unless when using `npm update` where it defaults to `false` +* Type: Boolean + +Save installed packages to a `package.json` file as dependencies. + +When used with the `npm rm` command, removes the dependency from +`package.json`. + +Will also prevent writing to `package-lock.json` if set to `false`. + + + + +#### `save-exact` + +* Default: false +* Type: Boolean + +Dependencies saved to package.json will be configured with an exact version +rather than using npm's default semver range operator. + + + + +#### `global` + +* Default: false +* Type: Boolean + +Operates in "global" mode, so that packages are installed into the `prefix` +folder instead of the current working directory. See +[folders](/configuring-npm/folders) for more on the differences in behavior. + +* packages are installed into the `{prefix}/lib/node_modules` folder, instead + of the current working directory. +* bin files are linked to `{prefix}/bin` +* man pages are linked to `{prefix}/share/man` + + + + +#### `global-style` + +* Default: false +* Type: Boolean + +Causes npm to install the package into your local `node_modules` folder with +the same layout it uses with the global `node_modules` folder. Only your +direct dependencies will show in `node_modules` and everything they depend +on will be flattened in their `node_modules` folders. This obviously will +eliminate some deduping. If used with `legacy-bundling`, `legacy-bundling` +will be preferred. + + + + +#### `legacy-bundling` + +* Default: false +* Type: Boolean + +Causes npm to install the package such that versions of npm prior to 1.4, +such as the one included with node 0.8, can install the package. This +eliminates all automatic deduping. If used with `global-style` this option +will be preferred. + + + + +#### `omit` + +* Default: 'dev' if the `NODE_ENV` environment variable is set to + 'production', otherwise empty. +* Type: "dev", "optional", or "peer" (can be set multiple times) + +Dependency types to omit from the installation tree on disk. + +Note that these dependencies _are_ still resolved and added to the +`package-lock.json` or `npm-shrinkwrap.json` file. They are just not +physically installed on disk. + +If a package type appears in both the `--include` and `--omit` lists, then +it will be included. + +If the resulting omit list includes `'dev'`, then the `NODE_ENV` environment +variable will be set to `'production'` for all lifecycle scripts. + + + + +#### `strict-peer-deps` + +* Default: false +* Type: Boolean + +If set to `true`, and `--legacy-peer-deps` is not set, then _any_ +conflicting `peerDependencies` will be treated as an install failure, even +if npm could reasonably guess the appropriate resolution based on non-peer +dependency relationships. + +By default, conflicting `peerDependencies` deep in the dependency graph will +be resolved using the nearest non-peer dependency specification, even if +doing so will result in some packages receiving a peer dependency outside +the range set in their package's `peerDependencies` object. + +When such and override is performed, a warning is printed, explaining the +conflict and the packages involved. If `--strict-peer-deps` is set, then +this warning is treated as a failure. + + + + +#### `package-lock` * Default: true * Type: Boolean -When "true" submit audit reports alongside the current npm command to the -default registry and all registries configured for scopes. See the -documentation for [`npm audit`](/commands/npm-audit) for details on what is -submitted. +If set to false, then ignore `package-lock.json` files when installing. This +will also prevent _writing_ `package-lock.json` if `save` is true. + +This configuration does not affect `npm ci`. @@ -127,13 +241,132 @@ will *not* run any pre- or post-scripts. -#### `script-shell` +#### `audit` -* Default: '/bin/sh' on POSIX systems, 'cmd.exe' on Windows -* Type: null or String +* Default: true +* Type: Boolean + +When "true" submit audit reports alongside the current npm command to the +default registry and all registries configured for scopes. See the +documentation for [`npm audit`](/commands/npm-audit) for details on what is +submitted. + + + + +#### `bin-links` + +* Default: true +* Type: Boolean + +Tells npm to create symlinks (or `.cmd` shims on Windows) for package +executables. + +Set to false to have it not do this. This can be used to work around the +fact that some file systems don't support symlinks, even on ostensibly Unix +systems. + + + + +#### `fund` + +* Default: true +* Type: Boolean + +When "true" displays the message at the end of each `npm install` +acknowledging the number of dependencies looking for funding. See [`npm +fund`](/commands/npm-fund) for details. + + + + +#### `dry-run` + +* Default: false +* Type: Boolean + +Indicates that you don't want npm to make any changes and that it should +only report what it would have done. This can be passed into any of the +commands that modify your local installation, eg, `install`, `update`, +`dedupe`, `uninstall`, as well as `pack` and `publish`. + +Note: This is NOT honored by other network related commands, eg `dist-tags`, +`owner`, etc. + + + + +#### `workspace` + +* Default: +* Type: String (can be set multiple times) + +Enable running a command in the context of the configured workspaces of the +current project while filtering by running only the workspaces defined by +this configuration option. + +Valid values for the `workspace` config are either: + +* Workspace names +* Path to a workspace directory +* Path to a parent workspace directory (will result in selecting all + workspaces within that folder) + +When set for the `npm init` command, this may be set to the folder of a +workspace which does not yet exist, to create the folder and set it up as a +brand new workspace within the project. + +This value is not exported to the environment for child processes. + + + + +#### `workspaces` + +* Default: null +* Type: null or Boolean + +Set to true to run the command in the context of **all** configured +workspaces. + +Explicitly setting this to false will cause commands like `install` to +ignore workspaces altogether. When not set explicitly: + +- Commands that operate on the `node_modules` tree (install, update, etc.) +will link workspaces into the `node_modules` folder. - Commands that do +other things (test, exec, publish, etc.) will operate on the root project, +_unless_ one or more workspaces are specified in the `workspace` config. + +This value is not exported to the environment for child processes. + + + + +#### `include-workspace-root` + +* Default: false +* Type: Boolean + +Include the workspace root when workspaces are enabled for a command. + +When false, specifying individual workspaces via the `workspace` config, or +all workspaces via the `workspaces` flag, will cause npm to operate only on +the specified workspaces, and not on the root project. + +This value is not exported to the environment for child processes. + + + + +#### `install-links` + +* Default: false +* Type: Boolean -The shell to use for scripts run with the `npm exec`, `npm run` and `npm -init ` commands. +When set file: protocol dependencies that exist outside of the project root +will be packed and installed as regular dependencies instead of creating a +symlink. This option has no effect on workspaces. diff --git a/deps/npm/docs/content/commands/npm-init.md b/deps/npm/docs/content/commands/npm-init.md index cd0be4643e0ead..f3124a7768dfce 100644 --- a/deps/npm/docs/content/commands/npm-init.md +++ b/deps/npm/docs/content/commands/npm-init.md @@ -38,6 +38,8 @@ follows: * `npm init foo` -> `npm exec create-foo` * `npm init @usr/foo` -> `npm exec @usr/create-foo` * `npm init @usr` -> `npm exec @usr/create` +* `npm init @usr@2.0.0` -> `npm exec @usr/create@2.0.0` +* `npm init @usr/foo@2.0.0` -> `npm exec @usr/create-foo@2.0.0` If the initializer is omitted (by just calling `npm init`), init will fall back to legacy init behavior. It will ask you a bunch of questions, and diff --git a/deps/npm/docs/content/commands/npm-install-ci-test.md b/deps/npm/docs/content/commands/npm-install-ci-test.md index 74ed4667e81bfe..b886f8ab9599ad 100644 --- a/deps/npm/docs/content/commands/npm-install-ci-test.md +++ b/deps/npm/docs/content/commands/npm-install-ci-test.md @@ -30,15 +30,129 @@ This command runs `npm ci` followed immediately by `npm test`. -#### `audit` +#### `save` + +* Default: `true` unless when using `npm update` where it defaults to `false` +* Type: Boolean + +Save installed packages to a `package.json` file as dependencies. + +When used with the `npm rm` command, removes the dependency from +`package.json`. + +Will also prevent writing to `package-lock.json` if set to `false`. + + + + +#### `save-exact` + +* Default: false +* Type: Boolean + +Dependencies saved to package.json will be configured with an exact version +rather than using npm's default semver range operator. + + + + +#### `global` + +* Default: false +* Type: Boolean + +Operates in "global" mode, so that packages are installed into the `prefix` +folder instead of the current working directory. See +[folders](/configuring-npm/folders) for more on the differences in behavior. + +* packages are installed into the `{prefix}/lib/node_modules` folder, instead + of the current working directory. +* bin files are linked to `{prefix}/bin` +* man pages are linked to `{prefix}/share/man` + + + + +#### `global-style` + +* Default: false +* Type: Boolean + +Causes npm to install the package into your local `node_modules` folder with +the same layout it uses with the global `node_modules` folder. Only your +direct dependencies will show in `node_modules` and everything they depend +on will be flattened in their `node_modules` folders. This obviously will +eliminate some deduping. If used with `legacy-bundling`, `legacy-bundling` +will be preferred. + + + + +#### `legacy-bundling` + +* Default: false +* Type: Boolean + +Causes npm to install the package such that versions of npm prior to 1.4, +such as the one included with node 0.8, can install the package. This +eliminates all automatic deduping. If used with `global-style` this option +will be preferred. + + + + +#### `omit` + +* Default: 'dev' if the `NODE_ENV` environment variable is set to + 'production', otherwise empty. +* Type: "dev", "optional", or "peer" (can be set multiple times) + +Dependency types to omit from the installation tree on disk. + +Note that these dependencies _are_ still resolved and added to the +`package-lock.json` or `npm-shrinkwrap.json` file. They are just not +physically installed on disk. + +If a package type appears in both the `--include` and `--omit` lists, then +it will be included. + +If the resulting omit list includes `'dev'`, then the `NODE_ENV` environment +variable will be set to `'production'` for all lifecycle scripts. + + + + +#### `strict-peer-deps` + +* Default: false +* Type: Boolean + +If set to `true`, and `--legacy-peer-deps` is not set, then _any_ +conflicting `peerDependencies` will be treated as an install failure, even +if npm could reasonably guess the appropriate resolution based on non-peer +dependency relationships. + +By default, conflicting `peerDependencies` deep in the dependency graph will +be resolved using the nearest non-peer dependency specification, even if +doing so will result in some packages receiving a peer dependency outside +the range set in their package's `peerDependencies` object. + +When such and override is performed, a warning is printed, explaining the +conflict and the packages involved. If `--strict-peer-deps` is set, then +this warning is treated as a failure. + + + + +#### `package-lock` * Default: true * Type: Boolean -When "true" submit audit reports alongside the current npm command to the -default registry and all registries configured for scopes. See the -documentation for [`npm audit`](/commands/npm-audit) for details on what is -submitted. +If set to false, then ignore `package-lock.json` files when installing. This +will also prevent _writing_ `package-lock.json` if `save` is true. + +This configuration does not affect `npm ci`. @@ -73,13 +187,132 @@ will *not* run any pre- or post-scripts. -#### `script-shell` +#### `audit` -* Default: '/bin/sh' on POSIX systems, 'cmd.exe' on Windows -* Type: null or String +* Default: true +* Type: Boolean + +When "true" submit audit reports alongside the current npm command to the +default registry and all registries configured for scopes. See the +documentation for [`npm audit`](/commands/npm-audit) for details on what is +submitted. + + + + +#### `bin-links` + +* Default: true +* Type: Boolean + +Tells npm to create symlinks (or `.cmd` shims on Windows) for package +executables. + +Set to false to have it not do this. This can be used to work around the +fact that some file systems don't support symlinks, even on ostensibly Unix +systems. + + + + +#### `fund` + +* Default: true +* Type: Boolean + +When "true" displays the message at the end of each `npm install` +acknowledging the number of dependencies looking for funding. See [`npm +fund`](/commands/npm-fund) for details. + + + + +#### `dry-run` + +* Default: false +* Type: Boolean + +Indicates that you don't want npm to make any changes and that it should +only report what it would have done. This can be passed into any of the +commands that modify your local installation, eg, `install`, `update`, +`dedupe`, `uninstall`, as well as `pack` and `publish`. + +Note: This is NOT honored by other network related commands, eg `dist-tags`, +`owner`, etc. + + + + +#### `workspace` + +* Default: +* Type: String (can be set multiple times) + +Enable running a command in the context of the configured workspaces of the +current project while filtering by running only the workspaces defined by +this configuration option. + +Valid values for the `workspace` config are either: + +* Workspace names +* Path to a workspace directory +* Path to a parent workspace directory (will result in selecting all + workspaces within that folder) + +When set for the `npm init` command, this may be set to the folder of a +workspace which does not yet exist, to create the folder and set it up as a +brand new workspace within the project. + +This value is not exported to the environment for child processes. + + + + +#### `workspaces` + +* Default: null +* Type: null or Boolean + +Set to true to run the command in the context of **all** configured +workspaces. + +Explicitly setting this to false will cause commands like `install` to +ignore workspaces altogether. When not set explicitly: + +- Commands that operate on the `node_modules` tree (install, update, etc.) +will link workspaces into the `node_modules` folder. - Commands that do +other things (test, exec, publish, etc.) will operate on the root project, +_unless_ one or more workspaces are specified in the `workspace` config. + +This value is not exported to the environment for child processes. + + + + +#### `include-workspace-root` + +* Default: false +* Type: Boolean + +Include the workspace root when workspaces are enabled for a command. + +When false, specifying individual workspaces via the `workspace` config, or +all workspaces via the `workspaces` flag, will cause npm to operate only on +the specified workspaces, and not on the root project. + +This value is not exported to the environment for child processes. + + + + +#### `install-links` + +* Default: false +* Type: Boolean -The shell to use for scripts run with the `npm exec`, `npm run` and `npm -init ` commands. +When set file: protocol dependencies that exist outside of the project root +will be packed and installed as regular dependencies instead of creating a +symlink. This option has no effect on workspaces. diff --git a/deps/npm/docs/content/commands/npm-install.md b/deps/npm/docs/content/commands/npm-install.md index 7e5544f85e3dda..35e0df22777336 100644 --- a/deps/npm/docs/content/commands/npm-install.md +++ b/deps/npm/docs/content/commands/npm-install.md @@ -311,7 +311,7 @@ into a tarball (b). can be any valid semver range or exact version, and npm will look for any tags or refs matching that range in the remote repository, much as it would for a registry dependency. If neither `#` or - `#semver:` is specified, then `master` is used. + `#semver:` is specified, then the default branch is used. As with regular git dependencies, `dependencies` and `devDependencies` will be installed if the package has a `prepare` script before the diff --git a/deps/npm/docs/content/commands/npm-ls.md b/deps/npm/docs/content/commands/npm-ls.md index a97c5168e6e0b4..a7936fafc72a2c 100644 --- a/deps/npm/docs/content/commands/npm-ls.md +++ b/deps/npm/docs/content/commands/npm-ls.md @@ -44,7 +44,7 @@ npm@@VERSION@ /path/to/npm It will print out extraneous, missing, and invalid packages. If a project specifies git urls for dependencies these are shown -in parentheses after the name@version to make it easier for users to +in parentheses after the `name@version` to make it easier for users to recognize potential forks of a project. The tree shown is the logical dependency tree, based on package @@ -62,7 +62,7 @@ disk would be roughly identical. With the advent of automatic install-time deduplication of dependencies in npm v3, the `ls` output was modified to display the logical dependency graph as a tree structure, since this was more useful to most users. -However, without using `npm ls -l`, it became impossible show _where_ a +However, without using `npm ls -l`, it became impossible to show _where_ a package was actually installed much of the time! With the advent of automatic installation of `peerDependencies` in npm v7, diff --git a/deps/npm/docs/content/configuring-npm/package-json.md b/deps/npm/docs/content/configuring-npm/package-json.md index f0315d60efef48..b0231662f69309 100644 --- a/deps/npm/docs/content/configuring-npm/package-json.md +++ b/deps/npm/docs/content/configuring-npm/package-json.md @@ -632,7 +632,7 @@ commit. If the commit-ish has the format `#semver:`, `` can be any valid semver range or exact version, and npm will look for any tags or refs matching that range in the remote repository, much as it would for a registry dependency. If neither `#` or `#semver:` is -specified, then `master` is used. +specified, then the default branch is used. Examples: diff --git a/deps/npm/docs/content/using-npm/workspaces.md b/deps/npm/docs/content/using-npm/workspaces.md index 82491cd74af823..5b68ef8ce9d3d9 100644 --- a/deps/npm/docs/content/using-npm/workspaces.md +++ b/deps/npm/docs/content/using-npm/workspaces.md @@ -137,6 +137,8 @@ nested workspaces to be consumed elsewhere. You can use the `workspace` configuration option to run commands in the context of a configured workspace. +Additionally, if your current directory is in a workspace, the `workspace` +configuration is implicitly set, and `prefix` is set to the root workspace. Following is a quick example on how to use the `npm run` command in the context of nested workspaces. For a project containing multiple workspaces, e.g: @@ -158,7 +160,13 @@ given command in the context of that specific workspace. e.g: npm run test --workspace=a ``` -This will run the `test` script defined within the +You could also run the command within the workspace. + +``` +cd packages/a && npm run test +``` + +Either will run the `test` script defined within the `./packages/a/package.json` file. Please note that you can also specify this argument multiple times in the diff --git a/deps/npm/docs/output/commands/npm-ci.html b/deps/npm/docs/output/commands/npm-ci.html index abc8ce6deb0e31..51efa6ea98bc07 100644 --- a/deps/npm/docs/output/commands/npm-ci.html +++ b/deps/npm/docs/output/commands/npm-ci.html @@ -142,7 +142,7 @@

npm-ci

Table of contents

- +

Synopsis

@@ -205,15 +205,108 @@

Configuration

-

audit

+

save

+
    +
  • Default: true unless when using npm update where it defaults to false
  • +
  • Type: Boolean
  • +
+

Save installed packages to a package.json file as dependencies.

+

When used with the npm rm command, removes the dependency from +package.json.

+

Will also prevent writing to package-lock.json if set to false.

+ + +

save-exact

+
    +
  • Default: false
  • +
  • Type: Boolean
  • +
+

Dependencies saved to package.json will be configured with an exact version +rather than using npm's default semver range operator.

+ + +

global

+
    +
  • Default: false
  • +
  • Type: Boolean
  • +
+

Operates in "global" mode, so that packages are installed into the prefix +folder instead of the current working directory. See +folders for more on the differences in behavior.

+
    +
  • packages are installed into the {prefix}/lib/node_modules folder, instead +of the current working directory.
  • +
  • bin files are linked to {prefix}/bin
  • +
  • man pages are linked to {prefix}/share/man
  • +
+ + +

global-style

+
    +
  • Default: false
  • +
  • Type: Boolean
  • +
+

Causes npm to install the package into your local node_modules folder with +the same layout it uses with the global node_modules folder. Only your +direct dependencies will show in node_modules and everything they depend +on will be flattened in their node_modules folders. This obviously will +eliminate some deduping. If used with legacy-bundling, legacy-bundling +will be preferred.

+ + +

legacy-bundling

+
    +
  • Default: false
  • +
  • Type: Boolean
  • +
+

Causes npm to install the package such that versions of npm prior to 1.4, +such as the one included with node 0.8, can install the package. This +eliminates all automatic deduping. If used with global-style this option +will be preferred.

+ + +

omit

+
    +
  • Default: 'dev' if the NODE_ENV environment variable is set to +'production', otherwise empty.
  • +
  • Type: "dev", "optional", or "peer" (can be set multiple times)
  • +
+

Dependency types to omit from the installation tree on disk.

+

Note that these dependencies are still resolved and added to the +package-lock.json or npm-shrinkwrap.json file. They are just not +physically installed on disk.

+

If a package type appears in both the --include and --omit lists, then +it will be included.

+

If the resulting omit list includes 'dev', then the NODE_ENV environment +variable will be set to 'production' for all lifecycle scripts.

+ + +

strict-peer-deps

+
    +
  • Default: false
  • +
  • Type: Boolean
  • +
+

If set to true, and --legacy-peer-deps is not set, then any +conflicting peerDependencies will be treated as an install failure, even +if npm could reasonably guess the appropriate resolution based on non-peer +dependency relationships.

+

By default, conflicting peerDependencies deep in the dependency graph will +be resolved using the nearest non-peer dependency specification, even if +doing so will result in some packages receiving a peer dependency outside +the range set in their package's peerDependencies object.

+

When such and override is performed, a warning is printed, explaining the +conflict and the packages involved. If --strict-peer-deps is set, then +this warning is treated as a failure.

+ + +

package-lock

  • Default: true
  • Type: Boolean
-

When "true" submit audit reports alongside the current npm command to the -default registry and all registries configured for scopes. See the -documentation for npm audit for details on what is -submitted.

+

If set to false, then ignore package-lock.json files when installing. This +will also prevent writing package-lock.json if save is true.

+

This configuration does not affect npm ci.

foreground-scripts

@@ -240,12 +333,110 @@

ignore-scripts

will not run any pre- or post-scripts.

-

script-shell

+

audit

    -
  • Default: '/bin/sh' on POSIX systems, 'cmd.exe' on Windows
  • -
  • Type: null or String
  • +
  • Default: true
  • +
  • Type: Boolean
  • +
+

When "true" submit audit reports alongside the current npm command to the +default registry and all registries configured for scopes. See the +documentation for npm audit for details on what is +submitted.

+ + + +
    +
  • Default: true
  • +
  • Type: Boolean
  • +
+

Tells npm to create symlinks (or .cmd shims on Windows) for package +executables.

+

Set to false to have it not do this. This can be used to work around the +fact that some file systems don't support symlinks, even on ostensibly Unix +systems.

+ + +

fund

+
    +
  • Default: true
  • +
  • Type: Boolean
  • +
+

When "true" displays the message at the end of each npm install +acknowledging the number of dependencies looking for funding. See npm fund for details.

+ + +

dry-run

+
    +
  • Default: false
  • +
  • Type: Boolean
  • +
+

Indicates that you don't want npm to make any changes and that it should +only report what it would have done. This can be passed into any of the +commands that modify your local installation, eg, install, update, +dedupe, uninstall, as well as pack and publish.

+

Note: This is NOT honored by other network related commands, eg dist-tags, +owner, etc.

+ + +

workspace

+
    +
  • Default:
  • +
  • Type: String (can be set multiple times)
  • +
+

Enable running a command in the context of the configured workspaces of the +current project while filtering by running only the workspaces defined by +this configuration option.

+

Valid values for the workspace config are either:

+
    +
  • Workspace names
  • +
  • Path to a workspace directory
  • +
  • Path to a parent workspace directory (will result in selecting all +workspaces within that folder)
  • +
+

When set for the npm init command, this may be set to the folder of a +workspace which does not yet exist, to create the folder and set it up as a +brand new workspace within the project.

+

This value is not exported to the environment for child processes.

+ + +

workspaces

+
    +
  • Default: null
  • +
  • Type: null or Boolean
  • +
+

Set to true to run the command in the context of all configured +workspaces.

+

Explicitly setting this to false will cause commands like install to +ignore workspaces altogether. When not set explicitly:

+
    +
  • Commands that operate on the node_modules tree (install, update, etc.) +will link workspaces into the node_modules folder. - Commands that do +other things (test, exec, publish, etc.) will operate on the root project, +unless one or more workspaces are specified in the workspace config.
  • +
+

This value is not exported to the environment for child processes.

+ + +

include-workspace-root

+
    +
  • Default: false
  • +
  • Type: Boolean
  • +
+

Include the workspace root when workspaces are enabled for a command.

+

When false, specifying individual workspaces via the workspace config, or +all workspaces via the workspaces flag, will cause npm to operate only on +the specified workspaces, and not on the root project.

+

This value is not exported to the environment for child processes.

+ + + +
    +
  • Default: false
  • +
  • Type: Boolean
-

The shell to use for scripts run with the npm exec, npm run and npm init <package-spec> commands.

+

When set file: protocol dependencies that exist outside of the project root +will be packed and installed as regular dependencies instead of creating a +symlink. This option has no effect on workspaces.

diff --git a/deps/npm/docs/output/commands/npm-init.html b/deps/npm/docs/output/commands/npm-init.html index c7c00b3531becf..3897be30c76a9f 100644 --- a/deps/npm/docs/output/commands/npm-init.html +++ b/deps/npm/docs/output/commands/npm-init.html @@ -170,6 +170,8 @@

Description

  • npm init foo -> npm exec create-foo
  • npm init @usr/foo -> npm exec @usr/create-foo
  • npm init @usr -> npm exec @usr/create
  • +
  • npm init @usr@2.0.0 -> npm exec @usr/create@2.0.0
  • +
  • npm init @usr/foo@2.0.0 -> npm exec @usr/create-foo@2.0.0
  • If the initializer is omitted (by just calling npm init), init will fall back to legacy init behavior. It will ask you a bunch of questions, and diff --git a/deps/npm/docs/output/commands/npm-install-ci-test.html b/deps/npm/docs/output/commands/npm-install-ci-test.html index 8d3d9541421fe0..f7d6e04649c48b 100644 --- a/deps/npm/docs/output/commands/npm-install-ci-test.html +++ b/deps/npm/docs/output/commands/npm-install-ci-test.html @@ -142,7 +142,7 @@

    npm-install-ci-test

    Table of contents

    - +

    Synopsis

    @@ -162,15 +162,108 @@

    Configuration

    -

    audit

    +

    save

    +
      +
    • Default: true unless when using npm update where it defaults to false
    • +
    • Type: Boolean
    • +
    +

    Save installed packages to a package.json file as dependencies.

    +

    When used with the npm rm command, removes the dependency from +package.json.

    +

    Will also prevent writing to package-lock.json if set to false.

    + + +

    save-exact

    +
      +
    • Default: false
    • +
    • Type: Boolean
    • +
    +

    Dependencies saved to package.json will be configured with an exact version +rather than using npm's default semver range operator.

    + + +

    global

    +
      +
    • Default: false
    • +
    • Type: Boolean
    • +
    +

    Operates in "global" mode, so that packages are installed into the prefix +folder instead of the current working directory. See +folders for more on the differences in behavior.

    +
      +
    • packages are installed into the {prefix}/lib/node_modules folder, instead +of the current working directory.
    • +
    • bin files are linked to {prefix}/bin
    • +
    • man pages are linked to {prefix}/share/man
    • +
    + + +

    global-style

    +
      +
    • Default: false
    • +
    • Type: Boolean
    • +
    +

    Causes npm to install the package into your local node_modules folder with +the same layout it uses with the global node_modules folder. Only your +direct dependencies will show in node_modules and everything they depend +on will be flattened in their node_modules folders. This obviously will +eliminate some deduping. If used with legacy-bundling, legacy-bundling +will be preferred.

    + + +

    legacy-bundling

    +
      +
    • Default: false
    • +
    • Type: Boolean
    • +
    +

    Causes npm to install the package such that versions of npm prior to 1.4, +such as the one included with node 0.8, can install the package. This +eliminates all automatic deduping. If used with global-style this option +will be preferred.

    + + +

    omit

    +
      +
    • Default: 'dev' if the NODE_ENV environment variable is set to +'production', otherwise empty.
    • +
    • Type: "dev", "optional", or "peer" (can be set multiple times)
    • +
    +

    Dependency types to omit from the installation tree on disk.

    +

    Note that these dependencies are still resolved and added to the +package-lock.json or npm-shrinkwrap.json file. They are just not +physically installed on disk.

    +

    If a package type appears in both the --include and --omit lists, then +it will be included.

    +

    If the resulting omit list includes 'dev', then the NODE_ENV environment +variable will be set to 'production' for all lifecycle scripts.

    + + +

    strict-peer-deps

    +
      +
    • Default: false
    • +
    • Type: Boolean
    • +
    +

    If set to true, and --legacy-peer-deps is not set, then any +conflicting peerDependencies will be treated as an install failure, even +if npm could reasonably guess the appropriate resolution based on non-peer +dependency relationships.

    +

    By default, conflicting peerDependencies deep in the dependency graph will +be resolved using the nearest non-peer dependency specification, even if +doing so will result in some packages receiving a peer dependency outside +the range set in their package's peerDependencies object.

    +

    When such and override is performed, a warning is printed, explaining the +conflict and the packages involved. If --strict-peer-deps is set, then +this warning is treated as a failure.

    + + +

    package-lock

    • Default: true
    • Type: Boolean
    -

    When "true" submit audit reports alongside the current npm command to the -default registry and all registries configured for scopes. See the -documentation for npm audit for details on what is -submitted.

    +

    If set to false, then ignore package-lock.json files when installing. This +will also prevent writing package-lock.json if save is true.

    +

    This configuration does not affect npm ci.

    foreground-scripts

    @@ -197,12 +290,110 @@

    ignore-scripts

    will not run any pre- or post-scripts.

    -

    script-shell

    +

    audit

      -
    • Default: '/bin/sh' on POSIX systems, 'cmd.exe' on Windows
    • -
    • Type: null or String
    • +
    • Default: true
    • +
    • Type: Boolean
    • +
    +

    When "true" submit audit reports alongside the current npm command to the +default registry and all registries configured for scopes. See the +documentation for npm audit for details on what is +submitted.

    + + + +
      +
    • Default: true
    • +
    • Type: Boolean
    • +
    +

    Tells npm to create symlinks (or .cmd shims on Windows) for package +executables.

    +

    Set to false to have it not do this. This can be used to work around the +fact that some file systems don't support symlinks, even on ostensibly Unix +systems.

    + + +

    fund

    +
      +
    • Default: true
    • +
    • Type: Boolean
    • +
    +

    When "true" displays the message at the end of each npm install +acknowledging the number of dependencies looking for funding. See npm fund for details.

    + + +

    dry-run

    +
      +
    • Default: false
    • +
    • Type: Boolean
    • +
    +

    Indicates that you don't want npm to make any changes and that it should +only report what it would have done. This can be passed into any of the +commands that modify your local installation, eg, install, update, +dedupe, uninstall, as well as pack and publish.

    +

    Note: This is NOT honored by other network related commands, eg dist-tags, +owner, etc.

    + + +

    workspace

    +
      +
    • Default:
    • +
    • Type: String (can be set multiple times)
    • +
    +

    Enable running a command in the context of the configured workspaces of the +current project while filtering by running only the workspaces defined by +this configuration option.

    +

    Valid values for the workspace config are either:

    +
      +
    • Workspace names
    • +
    • Path to a workspace directory
    • +
    • Path to a parent workspace directory (will result in selecting all +workspaces within that folder)
    • +
    +

    When set for the npm init command, this may be set to the folder of a +workspace which does not yet exist, to create the folder and set it up as a +brand new workspace within the project.

    +

    This value is not exported to the environment for child processes.

    + + +

    workspaces

    +
      +
    • Default: null
    • +
    • Type: null or Boolean
    • +
    +

    Set to true to run the command in the context of all configured +workspaces.

    +

    Explicitly setting this to false will cause commands like install to +ignore workspaces altogether. When not set explicitly:

    +
      +
    • Commands that operate on the node_modules tree (install, update, etc.) +will link workspaces into the node_modules folder. - Commands that do +other things (test, exec, publish, etc.) will operate on the root project, +unless one or more workspaces are specified in the workspace config.
    • +
    +

    This value is not exported to the environment for child processes.

    + + +

    include-workspace-root

    +
      +
    • Default: false
    • +
    • Type: Boolean
    • +
    +

    Include the workspace root when workspaces are enabled for a command.

    +

    When false, specifying individual workspaces via the workspace config, or +all workspaces via the workspaces flag, will cause npm to operate only on +the specified workspaces, and not on the root project.

    +

    This value is not exported to the environment for child processes.

    + + + +
      +
    • Default: false
    • +
    • Type: Boolean
    -

    The shell to use for scripts run with the npm exec, npm run and npm init <package-spec> commands.

    +

    When set file: protocol dependencies that exist outside of the project root +will be packed and installed as regular dependencies instead of creating a +symlink. This option has no effect on workspaces.

    diff --git a/deps/npm/docs/output/commands/npm-install.html b/deps/npm/docs/output/commands/npm-install.html index 48f62f9e4822c7..7702ab5c167750 100644 --- a/deps/npm/docs/output/commands/npm-install.html +++ b/deps/npm/docs/output/commands/npm-install.html @@ -408,7 +408,7 @@

    Description

    can be any valid semver range or exact version, and npm will look for any tags or refs matching that range in the remote repository, much as it would for a registry dependency. If neither #<commit-ish> or -#semver:<semver> is specified, then master is used.

    +#semver:<semver> is specified, then the default branch is used.

    As with regular git dependencies, dependencies and devDependencies will be installed if the package has a prepare script before the package is done installing.

    diff --git a/deps/npm/docs/output/commands/npm-ls.html b/deps/npm/docs/output/commands/npm-ls.html index 47b3bbc085e164..ce8eda1b71176d 100644 --- a/deps/npm/docs/output/commands/npm-ls.html +++ b/deps/npm/docs/output/commands/npm-ls.html @@ -166,13 +166,13 @@

    Description

    the results to only the paths to the packages named. Note that nested packages will also show the paths to the specified packages. For example, running npm ls promzard in npm's source tree will show:

    -
    npm@8.15.0 /path/to/npm
    +
    npm@8.15.1 /path/to/npm
     └─┬ init-package-json@0.0.4
       └── promzard@0.1.5
     

    It will print out extraneous, missing, and invalid packages.

    If a project specifies git urls for dependencies these are shown -in parentheses after the name@version to make it easier for users to +in parentheses after the name@version to make it easier for users to recognize potential forks of a project.

    The tree shown is the logical dependency tree, based on package dependencies, not the physical layout of your node_modules folder.

    @@ -185,7 +185,7 @@

    Note: Design Changes Pending

    With the advent of automatic install-time deduplication of dependencies in npm v3, the ls output was modified to display the logical dependency graph as a tree structure, since this was more useful to most users. -However, without using npm ls -l, it became impossible show where a +However, without using npm ls -l, it became impossible to show where a package was actually installed much of the time!

    With the advent of automatic installation of peerDependencies in npm v7, this gets even more curious, as peerDependencies are logically diff --git a/deps/npm/docs/output/commands/npm.html b/deps/npm/docs/output/commands/npm.html index 514017fd875943..b254b72c370861 100644 --- a/deps/npm/docs/output/commands/npm.html +++ b/deps/npm/docs/output/commands/npm.html @@ -149,7 +149,7 @@

    Table of contents

    Version

    -

    8.15.0

    +

    8.15.1

    Description

    npm is the package manager for the Node JavaScript platform. It puts modules in place so that node can find them, and manages dependency diff --git a/deps/npm/docs/output/configuring-npm/package-json.html b/deps/npm/docs/output/configuring-npm/package-json.html index 354069b1a2c738..2b1240ebee9124 100644 --- a/deps/npm/docs/output/configuring-npm/package-json.html +++ b/deps/npm/docs/output/configuring-npm/package-json.html @@ -622,7 +622,7 @@

    Git URLs as Dependencies

    be any valid semver range or exact version, and npm will look for any tags or refs matching that range in the remote repository, much as it would for a registry dependency. If neither #<commit-ish> or #semver:<semver> is -specified, then master is used.

    +specified, then the default branch is used.

    Examples:

    git+ssh://git@github.com:npm/cli.git#v1.0.27
     git+ssh://git@github.com:npm/cli#semver:^5.0
    diff --git a/deps/npm/docs/output/using-npm/workspaces.html b/deps/npm/docs/output/using-npm/workspaces.html
    index 06928563acc1fd..2a3dd880c2c697 100644
    --- a/deps/npm/docs/output/using-npm/workspaces.html
    +++ b/deps/npm/docs/output/using-npm/workspaces.html
    @@ -240,7 +240,9 @@ 

    Using workspaces

    nested workspaces to be consumed elsewhere.

    Running commands in the context of workspaces

    You can use the workspace configuration option to run commands in the context -of a configured workspace.

    +of a configured workspace. +Additionally, if your current directory is in a workspace, the workspace +configuration is implicitly set, and prefix is set to the root workspace.

    Following is a quick example on how to use the npm run command in the context of nested workspaces. For a project containing multiple workspaces, e.g:

    .
    @@ -255,7 +257,10 @@ 

    Running commands in the c given command in the context of that specific workspace. e.g:

    npm run test --workspace=a
     
    -

    This will run the test script defined within the +

    You could also run the command within the workspace.

    +
    cd packages/a && npm run test
    +
    +

    Either will run the test script defined within the ./packages/a/package.json file.

    Please note that you can also specify this argument multiple times in the command-line in order to target multiple workspaces, e.g:

    diff --git a/deps/npm/lib/commands/ci.js b/deps/npm/lib/commands/ci.js index 2a6125d564e912..0adf203a9856e6 100644 --- a/deps/npm/lib/commands/ci.js +++ b/deps/npm/lib/commands/ci.js @@ -9,16 +9,13 @@ const log = require('../utils/log-shim.js') const validateLockfile = require('../utils/validate-lockfile.js') const ArboristWorkspaceCmd = require('../arborist-cmd.js') +const Install = require('./install.js') class CI extends ArboristWorkspaceCmd { static description = 'Clean install a project' static name = 'ci' - static params = [ - 'audit', - 'foreground-scripts', - 'ignore-scripts', - 'script-shell', - ] + + static params = Install.params async exec () { if (this.npm.global) { diff --git a/deps/npm/lib/commands/diff.js b/deps/npm/lib/commands/diff.js index b8a64bd98a0394..bbd6fae6680ca9 100644 --- a/deps/npm/lib/commands/diff.js +++ b/deps/npm/lib/commands/diff.js @@ -106,7 +106,7 @@ class Diff extends BaseCommand { const pkgName = await this.packageName(this.prefix) return [ `${pkgName}@${this.npm.config.get('tag')}`, - `file:${this.prefix}`, + `file:${this.prefix.replace(/#/g, '%23')}`, ] } @@ -134,7 +134,7 @@ class Diff extends BaseCommand { } return [ `${pkgName}@${a}`, - `file:${this.prefix}`, + `file:${this.prefix.replace(/#/g, '%23')}`, ] } @@ -165,7 +165,7 @@ class Diff extends BaseCommand { } return [ `${spec.name}@${spec.fetchSpec}`, - `file:${this.prefix}`, + `file:${this.prefix.replace(/#/g, '%23')}`, ] } @@ -178,7 +178,7 @@ class Diff extends BaseCommand { } } - const aSpec = `file:${node.realpath}` + const aSpec = `file:${node.realpath.replace(/#/g, '%23')}` // finds what version of the package to compare against, if a exact // version or tag was passed than it should use that, otherwise @@ -211,8 +211,8 @@ class Diff extends BaseCommand { ] } else if (spec.type === 'directory') { return [ - `file:${spec.fetchSpec}`, - `file:${this.prefix}`, + `file:${spec.fetchSpec.replace(/#/g, '%23')}`, + `file:${this.prefix.replace(/#/g, '%23')}`, ] } else { throw this.usageError(`Spec type ${spec.type} not supported.`) @@ -279,7 +279,7 @@ class Diff extends BaseCommand { const res = !node || !node.package || !node.package.version ? spec.fetchSpec - : `file:${node.realpath}` + : `file:${node.realpath.replace(/#/g, '%23')}` return `${spec.name}@${res}` }) diff --git a/deps/npm/lib/commands/init.js b/deps/npm/lib/commands/init.js index b8b6bd5d53e088..cff8340dcd7074 100644 --- a/deps/npm/lib/commands/init.js +++ b/deps/npm/lib/commands/init.js @@ -85,8 +85,13 @@ class Init extends BaseCommand { const [initerName, ...otherArgs] = args let packageName = initerName + // Only a scope, possibly with a version if (/^@[^/]+$/.test(initerName)) { - packageName = initerName + '/create' + const [, scope, version] = initerName.split('@') + packageName = `@${scope}/create` + if (version) { + packageName = `${packageName}@${version}` + } } else { const req = npa(initerName) if (req.type === 'git' && req.hosted) { diff --git a/deps/npm/lib/commands/link.js b/deps/npm/lib/commands/link.js index b0b889ea787fd5..7bce73ed2bb6f5 100644 --- a/deps/npm/lib/commands/link.js +++ b/deps/npm/lib/commands/link.js @@ -122,7 +122,7 @@ class Link extends ArboristWorkspaceCmd { ...this.npm.flatOptions, prune: false, path: this.npm.prefix, - add: names.map(l => `file:${resolve(globalTop, 'node_modules', l)}`), + add: names.map(l => `file:${resolve(globalTop, 'node_modules', l).replace(/#/g, '%23')}`), save, workspaces: this.workspaceNames, }) @@ -133,7 +133,7 @@ class Link extends ArboristWorkspaceCmd { async linkPkg () { const wsp = this.workspacePaths const paths = wsp && wsp.length ? wsp : [this.npm.prefix] - const add = paths.map(path => `file:${path}`) + const add = paths.map(path => `file:${path.replace(/#/g, '%23')}`) const globalTop = resolve(this.npm.globalDir, '..') const arb = new Arborist({ ...this.npm.flatOptions, diff --git a/deps/npm/lib/npm.js b/deps/npm/lib/npm.js index 2197f11a52c4a9..66111cab89a844 100644 --- a/deps/npm/lib/npm.js +++ b/deps/npm/lib/npm.js @@ -241,16 +241,18 @@ class Npm extends EventEmitter { await this.time('npm:load:configload', () => this.config.load()) // mkdir this separately since the logs dir can be set to - // a different location. an error here should be surfaced - // right away since it will error in cacache later + // a different location. if this fails, then we don't have + // a cache dir, but we don't want to fail immediately since + // the command might not need a cache dir (like `npm --version`) await this.time('npm:load:mkdirpcache', () => - fs.mkdir(this.cache, { recursive: true, owner: 'inherit' })) + fs.mkdir(this.cache, { recursive: true, owner: 'inherit' }) + .catch((e) => log.verbose('cache', `could not create cache: ${e}`))) // its ok if this fails. user might have specified an invalid dir // which we will tell them about at the end await this.time('npm:load:mkdirplogs', () => fs.mkdir(this.logsDir, { recursive: true, owner: 'inherit' }) - .catch((e) => log.warn('logfile', `could not create logs-dir: ${e}`))) + .catch((e) => log.verbose('logfile', `could not create logs-dir: ${e}`))) // note: this MUST be shorter than the actual argv length, because it // uses the same memory, so node will truncate it if it's too long. diff --git a/deps/npm/lib/utils/log-file.js b/deps/npm/lib/utils/log-file.js index 9cf6513bedf484..d62329c8551e21 100644 --- a/deps/npm/lib/utils/log-file.js +++ b/deps/npm/lib/utils/log-file.js @@ -204,7 +204,9 @@ class LogFiles { this.#files.push(logStream.path) return logStream } catch (e) { - log.warn('logfile', `could not be created: ${e}`) + // If the user has a readonly logdir then we don't want to + // warn this on every command so it should be verbose + log.verbose('logfile', `could not be created: ${e}`) } } @@ -226,7 +228,7 @@ class LogFiles { ) // Always ignore the currently written files - const files = await glob(globify(logGlob), { ignore: this.#files.map(globify) }) + const files = await glob(globify(logGlob), { ignore: this.#files.map(globify), silent: true }) const toDelete = files.length - this.#logsMax if (toDelete <= 0) { diff --git a/deps/npm/man/man1/npm-ci.1 b/deps/npm/man/man1/npm-ci.1 index 316da3a61189ce..6a83ab881caec5 100644 --- a/deps/npm/man/man1/npm-ci.1 +++ b/deps/npm/man/man1/npm-ci.1 @@ -80,7 +80,126 @@ cache: .fi .RE .SS Configuration -.SS \fBaudit\fP +.SS \fBsave\fP +.RS 0 +.IP \(bu 2 +Default: \fBtrue\fP unless when using \fBnpm update\fP where it defaults to \fBfalse\fP +.IP \(bu 2 +Type: Boolean + +.RE +.P +Save installed packages to a \fBpackage\.json\fP file as dependencies\. +.P +When used with the \fBnpm rm\fP command, removes the dependency from +\fBpackage\.json\fP\|\. +.P +Will also prevent writing to \fBpackage\-lock\.json\fP if set to \fBfalse\fP\|\. +.SS \fBsave\-exact\fP +.RS 0 +.IP \(bu 2 +Default: false +.IP \(bu 2 +Type: Boolean + +.RE +.P +Dependencies saved to package\.json will be configured with an exact version +rather than using npm's default semver range operator\. +.SS \fBglobal\fP +.RS 0 +.IP \(bu 2 +Default: false +.IP \(bu 2 +Type: Boolean + +.RE +.P +Operates in "global" mode, so that packages are installed into the \fBprefix\fP +folder instead of the current working directory\. See +npm help folders for more on the differences in behavior\. +.RS 0 +.IP \(bu 2 +packages are installed into the \fB{prefix}/lib/node_modules\fP folder, instead +of the current working directory\. +.IP \(bu 2 +bin files are linked to \fB{prefix}/bin\fP +.IP \(bu 2 +man pages are linked to \fB{prefix}/share/man\fP + +.RE +.SS \fBglobal\-style\fP +.RS 0 +.IP \(bu 2 +Default: false +.IP \(bu 2 +Type: Boolean + +.RE +.P +Causes npm to install the package into your local \fBnode_modules\fP folder with +the same layout it uses with the global \fBnode_modules\fP folder\. Only your +direct dependencies will show in \fBnode_modules\fP and everything they depend +on will be flattened in their \fBnode_modules\fP folders\. This obviously will +eliminate some deduping\. If used with \fBlegacy\-bundling\fP, \fBlegacy\-bundling\fP +will be preferred\. +.SS \fBlegacy\-bundling\fP +.RS 0 +.IP \(bu 2 +Default: false +.IP \(bu 2 +Type: Boolean + +.RE +.P +Causes npm to install the package such that versions of npm prior to 1\.4, +such as the one included with node 0\.8, can install the package\. This +eliminates all automatic deduping\. If used with \fBglobal\-style\fP this option +will be preferred\. +.SS \fBomit\fP +.RS 0 +.IP \(bu 2 +Default: 'dev' if the \fBNODE_ENV\fP environment variable is set to +\|'production', otherwise empty\. +.IP \(bu 2 +Type: "dev", "optional", or "peer" (can be set multiple times) + +.RE +.P +Dependency types to omit from the installation tree on disk\. +.P +Note that these dependencies \fIare\fR still resolved and added to the +\fBpackage\-lock\.json\fP or \fBnpm\-shrinkwrap\.json\fP file\. They are just not +physically installed on disk\. +.P +If a package type appears in both the \fB\-\-include\fP and \fB\-\-omit\fP lists, then +it will be included\. +.P +If the resulting omit list includes \fB\|'dev'\fP, then the \fBNODE_ENV\fP environment +variable will be set to \fB\|'production'\fP for all lifecycle scripts\. +.SS \fBstrict\-peer\-deps\fP +.RS 0 +.IP \(bu 2 +Default: false +.IP \(bu 2 +Type: Boolean + +.RE +.P +If set to \fBtrue\fP, and \fB\-\-legacy\-peer\-deps\fP is not set, then \fIany\fR +conflicting \fBpeerDependencies\fP will be treated as an install failure, even +if npm could reasonably guess the appropriate resolution based on non\-peer +dependency relationships\. +.P +By default, conflicting \fBpeerDependencies\fP deep in the dependency graph will +be resolved using the nearest non\-peer dependency specification, even if +doing so will result in some packages receiving a peer dependency outside +the range set in their package's \fBpeerDependencies\fP object\. +.P +When such and override is performed, a warning is printed, explaining the +conflict and the packages involved\. If \fB\-\-strict\-peer\-deps\fP is set, then +this warning is treated as a failure\. +.SS \fBpackage\-lock\fP .RS 0 .IP \(bu 2 Default: true @@ -89,10 +208,10 @@ Type: Boolean .RE .P -When "true" submit audit reports alongside the current npm command to the -default registry and all registries configured for scopes\. See the -documentation for npm help \fBaudit\fP for details on what is -submitted\. +If set to false, then ignore \fBpackage\-lock\.json\fP files when installing\. This +will also prevent \fIwriting\fR \fBpackage\-lock\.json\fP if \fBsave\fP is true\. +.P +This configuration does not affect \fBnpm ci\fP\|\. .SS \fBforeground\-scripts\fP .RS 0 .IP \(bu 2 @@ -123,17 +242,144 @@ Note that commands explicitly intended to run a particular script, such as \fBnpm start\fP, \fBnpm stop\fP, \fBnpm restart\fP, \fBnpm test\fP, and \fBnpm run\-script\fP will still run their intended script if \fBignore\-scripts\fP is set, but they will \fInot\fR run any pre\- or post\-scripts\. -.SS \fBscript\-shell\fP +.SS \fBaudit\fP +.RS 0 +.IP \(bu 2 +Default: true +.IP \(bu 2 +Type: Boolean + +.RE +.P +When "true" submit audit reports alongside the current npm command to the +default registry and all registries configured for scopes\. See the +documentation for npm help \fBaudit\fP for details on what is +submitted\. +.SS \fBbin\-links\fP +.RS 0 +.IP \(bu 2 +Default: true +.IP \(bu 2 +Type: Boolean + +.RE +.P +Tells npm to create symlinks (or \fB\|\.cmd\fP shims on Windows) for package +executables\. +.P +Set to false to have it not do this\. This can be used to work around the +fact that some file systems don't support symlinks, even on ostensibly Unix +systems\. +.SS \fBfund\fP .RS 0 .IP \(bu 2 -Default: '/bin/sh' on POSIX systems, 'cmd\.exe' on Windows +Default: true +.IP \(bu 2 +Type: Boolean + +.RE +.P +When "true" displays the message at the end of each \fBnpm install\fP +acknowledging the number of dependencies looking for funding\. See npm help \fBnpm +fund\fP for details\. +.SS \fBdry\-run\fP +.RS 0 .IP \(bu 2 -Type: null or String +Default: false +.IP \(bu 2 +Type: Boolean + +.RE +.P +Indicates that you don't want npm to make any changes and that it should +only report what it would have done\. This can be passed into any of the +commands that modify your local installation, eg, \fBinstall\fP, \fBupdate\fP, +\fBdedupe\fP, \fBuninstall\fP, as well as \fBpack\fP and \fBpublish\fP\|\. +.P +Note: This is NOT honored by other network related commands, eg \fBdist\-tags\fP, +\fBowner\fP, etc\. +.SS \fBworkspace\fP +.RS 0 +.IP \(bu 2 +Default: +.IP \(bu 2 +Type: String (can be set multiple times) + +.RE +.P +Enable running a command in the context of the configured workspaces of the +current project while filtering by running only the workspaces defined by +this configuration option\. +.P +Valid values for the \fBworkspace\fP config are either: +.RS 0 +.IP \(bu 2 +Workspace names +.IP \(bu 2 +Path to a workspace directory +.IP \(bu 2 +Path to a parent workspace directory (will result in selecting all +workspaces within that folder) + +.RE +.P +When set for the \fBnpm init\fP command, this may be set to the folder of a +workspace which does not yet exist, to create the folder and set it up as a +brand new workspace within the project\. +.P +This value is not exported to the environment for child processes\. +.SS \fBworkspaces\fP +.RS 0 +.IP \(bu 2 +Default: null +.IP \(bu 2 +Type: null or Boolean + +.RE +.P +Set to true to run the command in the context of \fBall\fR configured +workspaces\. +.P +Explicitly setting this to false will cause commands like \fBinstall\fP to +ignore workspaces altogether\. When not set explicitly: +.RS 0 +.IP \(bu 2 +Commands that operate on the \fBnode_modules\fP tree (install, update, etc\.) +will link workspaces into the \fBnode_modules\fP folder\. \- Commands that do +other things (test, exec, publish, etc\.) will operate on the root project, +\fIunless\fR one or more workspaces are specified in the \fBworkspace\fP config\. + +.RE +.P +This value is not exported to the environment for child processes\. +.SS \fBinclude\-workspace\-root\fP +.RS 0 +.IP \(bu 2 +Default: false +.IP \(bu 2 +Type: Boolean + +.RE +.P +Include the workspace root when workspaces are enabled for a command\. +.P +When false, specifying individual workspaces via the \fBworkspace\fP config, or +all workspaces via the \fBworkspaces\fP flag, will cause npm to operate only on +the specified workspaces, and not on the root project\. +.P +This value is not exported to the environment for child processes\. +.SS \fBinstall\-links\fP +.RS 0 +.IP \(bu 2 +Default: false +.IP \(bu 2 +Type: Boolean .RE .P -The shell to use for scripts run with the \fBnpm exec\fP, \fBnpm run\fP and \fBnpm -init \fP commands\. +When set file: protocol dependencies that exist outside of the project root +will be packed and installed as regular dependencies instead of creating a +symlink\. This option has no effect on workspaces\. .SS See Also .RS 0 .IP \(bu 2 diff --git a/deps/npm/man/man1/npm-init.1 b/deps/npm/man/man1/npm-init.1 index 50334564f99085..b21a794af47cc2 100644 --- a/deps/npm/man/man1/npm-init.1 +++ b/deps/npm/man/man1/npm-init.1 @@ -30,6 +30,10 @@ follows: \fBnpm init @usr/foo\fP \-> \fBnpm exec @usr/create\-foo\fP .IP \(bu 2 \fBnpm init @usr\fP \-> \fBnpm exec @usr/create\fP +.IP \(bu 2 +\fBnpm init @usr@2\.0\.0\fP \-> \fBnpm exec @usr/create@2\.0\.0\fP +.IP \(bu 2 +\fBnpm init @usr/foo@2\.0\.0\fP \-> \fBnpm exec @usr/create\-foo@2\.0\.0\fP .RE .P diff --git a/deps/npm/man/man1/npm-install-ci-test.1 b/deps/npm/man/man1/npm-install-ci-test.1 index 59fb33b10bdafc..10f785698528d9 100644 --- a/deps/npm/man/man1/npm-install-ci-test.1 +++ b/deps/npm/man/man1/npm-install-ci-test.1 @@ -14,7 +14,126 @@ alias: cit .P This command runs \fBnpm ci\fP followed immediately by \fBnpm test\fP\|\. .SS Configuration -.SS \fBaudit\fP +.SS \fBsave\fP +.RS 0 +.IP \(bu 2 +Default: \fBtrue\fP unless when using \fBnpm update\fP where it defaults to \fBfalse\fP +.IP \(bu 2 +Type: Boolean + +.RE +.P +Save installed packages to a \fBpackage\.json\fP file as dependencies\. +.P +When used with the \fBnpm rm\fP command, removes the dependency from +\fBpackage\.json\fP\|\. +.P +Will also prevent writing to \fBpackage\-lock\.json\fP if set to \fBfalse\fP\|\. +.SS \fBsave\-exact\fP +.RS 0 +.IP \(bu 2 +Default: false +.IP \(bu 2 +Type: Boolean + +.RE +.P +Dependencies saved to package\.json will be configured with an exact version +rather than using npm's default semver range operator\. +.SS \fBglobal\fP +.RS 0 +.IP \(bu 2 +Default: false +.IP \(bu 2 +Type: Boolean + +.RE +.P +Operates in "global" mode, so that packages are installed into the \fBprefix\fP +folder instead of the current working directory\. See +npm help folders for more on the differences in behavior\. +.RS 0 +.IP \(bu 2 +packages are installed into the \fB{prefix}/lib/node_modules\fP folder, instead +of the current working directory\. +.IP \(bu 2 +bin files are linked to \fB{prefix}/bin\fP +.IP \(bu 2 +man pages are linked to \fB{prefix}/share/man\fP + +.RE +.SS \fBglobal\-style\fP +.RS 0 +.IP \(bu 2 +Default: false +.IP \(bu 2 +Type: Boolean + +.RE +.P +Causes npm to install the package into your local \fBnode_modules\fP folder with +the same layout it uses with the global \fBnode_modules\fP folder\. Only your +direct dependencies will show in \fBnode_modules\fP and everything they depend +on will be flattened in their \fBnode_modules\fP folders\. This obviously will +eliminate some deduping\. If used with \fBlegacy\-bundling\fP, \fBlegacy\-bundling\fP +will be preferred\. +.SS \fBlegacy\-bundling\fP +.RS 0 +.IP \(bu 2 +Default: false +.IP \(bu 2 +Type: Boolean + +.RE +.P +Causes npm to install the package such that versions of npm prior to 1\.4, +such as the one included with node 0\.8, can install the package\. This +eliminates all automatic deduping\. If used with \fBglobal\-style\fP this option +will be preferred\. +.SS \fBomit\fP +.RS 0 +.IP \(bu 2 +Default: 'dev' if the \fBNODE_ENV\fP environment variable is set to +\|'production', otherwise empty\. +.IP \(bu 2 +Type: "dev", "optional", or "peer" (can be set multiple times) + +.RE +.P +Dependency types to omit from the installation tree on disk\. +.P +Note that these dependencies \fIare\fR still resolved and added to the +\fBpackage\-lock\.json\fP or \fBnpm\-shrinkwrap\.json\fP file\. They are just not +physically installed on disk\. +.P +If a package type appears in both the \fB\-\-include\fP and \fB\-\-omit\fP lists, then +it will be included\. +.P +If the resulting omit list includes \fB\|'dev'\fP, then the \fBNODE_ENV\fP environment +variable will be set to \fB\|'production'\fP for all lifecycle scripts\. +.SS \fBstrict\-peer\-deps\fP +.RS 0 +.IP \(bu 2 +Default: false +.IP \(bu 2 +Type: Boolean + +.RE +.P +If set to \fBtrue\fP, and \fB\-\-legacy\-peer\-deps\fP is not set, then \fIany\fR +conflicting \fBpeerDependencies\fP will be treated as an install failure, even +if npm could reasonably guess the appropriate resolution based on non\-peer +dependency relationships\. +.P +By default, conflicting \fBpeerDependencies\fP deep in the dependency graph will +be resolved using the nearest non\-peer dependency specification, even if +doing so will result in some packages receiving a peer dependency outside +the range set in their package's \fBpeerDependencies\fP object\. +.P +When such and override is performed, a warning is printed, explaining the +conflict and the packages involved\. If \fB\-\-strict\-peer\-deps\fP is set, then +this warning is treated as a failure\. +.SS \fBpackage\-lock\fP .RS 0 .IP \(bu 2 Default: true @@ -23,10 +142,10 @@ Type: Boolean .RE .P -When "true" submit audit reports alongside the current npm command to the -default registry and all registries configured for scopes\. See the -documentation for npm help \fBaudit\fP for details on what is -submitted\. +If set to false, then ignore \fBpackage\-lock\.json\fP files when installing\. This +will also prevent \fIwriting\fR \fBpackage\-lock\.json\fP if \fBsave\fP is true\. +.P +This configuration does not affect \fBnpm ci\fP\|\. .SS \fBforeground\-scripts\fP .RS 0 .IP \(bu 2 @@ -57,17 +176,144 @@ Note that commands explicitly intended to run a particular script, such as \fBnpm start\fP, \fBnpm stop\fP, \fBnpm restart\fP, \fBnpm test\fP, and \fBnpm run\-script\fP will still run their intended script if \fBignore\-scripts\fP is set, but they will \fInot\fR run any pre\- or post\-scripts\. -.SS \fBscript\-shell\fP +.SS \fBaudit\fP +.RS 0 +.IP \(bu 2 +Default: true +.IP \(bu 2 +Type: Boolean + +.RE +.P +When "true" submit audit reports alongside the current npm command to the +default registry and all registries configured for scopes\. See the +documentation for npm help \fBaudit\fP for details on what is +submitted\. +.SS \fBbin\-links\fP +.RS 0 +.IP \(bu 2 +Default: true +.IP \(bu 2 +Type: Boolean + +.RE +.P +Tells npm to create symlinks (or \fB\|\.cmd\fP shims on Windows) for package +executables\. +.P +Set to false to have it not do this\. This can be used to work around the +fact that some file systems don't support symlinks, even on ostensibly Unix +systems\. +.SS \fBfund\fP .RS 0 .IP \(bu 2 -Default: '/bin/sh' on POSIX systems, 'cmd\.exe' on Windows +Default: true +.IP \(bu 2 +Type: Boolean + +.RE +.P +When "true" displays the message at the end of each \fBnpm install\fP +acknowledging the number of dependencies looking for funding\. See npm help \fBnpm +fund\fP for details\. +.SS \fBdry\-run\fP +.RS 0 .IP \(bu 2 -Type: null or String +Default: false +.IP \(bu 2 +Type: Boolean + +.RE +.P +Indicates that you don't want npm to make any changes and that it should +only report what it would have done\. This can be passed into any of the +commands that modify your local installation, eg, \fBinstall\fP, \fBupdate\fP, +\fBdedupe\fP, \fBuninstall\fP, as well as \fBpack\fP and \fBpublish\fP\|\. +.P +Note: This is NOT honored by other network related commands, eg \fBdist\-tags\fP, +\fBowner\fP, etc\. +.SS \fBworkspace\fP +.RS 0 +.IP \(bu 2 +Default: +.IP \(bu 2 +Type: String (can be set multiple times) + +.RE +.P +Enable running a command in the context of the configured workspaces of the +current project while filtering by running only the workspaces defined by +this configuration option\. +.P +Valid values for the \fBworkspace\fP config are either: +.RS 0 +.IP \(bu 2 +Workspace names +.IP \(bu 2 +Path to a workspace directory +.IP \(bu 2 +Path to a parent workspace directory (will result in selecting all +workspaces within that folder) + +.RE +.P +When set for the \fBnpm init\fP command, this may be set to the folder of a +workspace which does not yet exist, to create the folder and set it up as a +brand new workspace within the project\. +.P +This value is not exported to the environment for child processes\. +.SS \fBworkspaces\fP +.RS 0 +.IP \(bu 2 +Default: null +.IP \(bu 2 +Type: null or Boolean + +.RE +.P +Set to true to run the command in the context of \fBall\fR configured +workspaces\. +.P +Explicitly setting this to false will cause commands like \fBinstall\fP to +ignore workspaces altogether\. When not set explicitly: +.RS 0 +.IP \(bu 2 +Commands that operate on the \fBnode_modules\fP tree (install, update, etc\.) +will link workspaces into the \fBnode_modules\fP folder\. \- Commands that do +other things (test, exec, publish, etc\.) will operate on the root project, +\fIunless\fR one or more workspaces are specified in the \fBworkspace\fP config\. + +.RE +.P +This value is not exported to the environment for child processes\. +.SS \fBinclude\-workspace\-root\fP +.RS 0 +.IP \(bu 2 +Default: false +.IP \(bu 2 +Type: Boolean + +.RE +.P +Include the workspace root when workspaces are enabled for a command\. +.P +When false, specifying individual workspaces via the \fBworkspace\fP config, or +all workspaces via the \fBworkspaces\fP flag, will cause npm to operate only on +the specified workspaces, and not on the root project\. +.P +This value is not exported to the environment for child processes\. +.SS \fBinstall\-links\fP +.RS 0 +.IP \(bu 2 +Default: false +.IP \(bu 2 +Type: Boolean .RE .P -The shell to use for scripts run with the \fBnpm exec\fP, \fBnpm run\fP and \fBnpm -init \fP commands\. +When set file: protocol dependencies that exist outside of the project root +will be packed and installed as regular dependencies instead of creating a +symlink\. This option has no effect on workspaces\. .SS See Also .RS 0 .IP \(bu 2 diff --git a/deps/npm/man/man1/npm-install.1 b/deps/npm/man/man1/npm-install.1 index 43adfbe9e4b5f0..f54f1e202cd067 100644 --- a/deps/npm/man/man1/npm-install.1 +++ b/deps/npm/man/man1/npm-install.1 @@ -320,7 +320,7 @@ GIT_SSH_COMMAND='ssh \-i ~/\.ssh/custom_ident' npm install git+ssh://git@github\ can be any valid semver range or exact version, and npm will look for any tags or refs matching that range in the remote repository, much as it would for a registry dependency\. If neither \fB#\fP or - \fB#semver:\fP is specified, then \fBmaster\fP is used\. + \fB#semver:\fP is specified, then the default branch is used\. As with regular git dependencies, \fBdependencies\fP and \fBdevDependencies\fP will be installed if the package has a \fBprepare\fP script before the package is done installing\. diff --git a/deps/npm/man/man1/npm-ls.1 b/deps/npm/man/man1/npm-ls.1 index 511f481a6ea9fd..cc465caebe5a1e 100644 --- a/deps/npm/man/man1/npm-ls.1 +++ b/deps/npm/man/man1/npm-ls.1 @@ -26,7 +26,7 @@ example, running \fBnpm ls promzard\fP in npm's source tree will show: .P .RS 2 .nf -npm@8\.15\.0 /path/to/npm +npm@8\.15\.1 /path/to/npm └─┬ init\-package\-json@0\.0\.4 └── promzard@0\.1\.5 .fi @@ -35,7 +35,7 @@ npm@8\.15\.0 /path/to/npm It will print out extraneous, missing, and invalid packages\. .P If a project specifies git urls for dependencies these are shown -in parentheses after the name@version to make it easier for users to +in parentheses after the \fBname@version\fP to make it easier for users to recognize potential forks of a project\. .P The tree shown is the logical dependency tree, based on package @@ -52,7 +52,7 @@ disk would be roughly identical\. With the advent of automatic install\-time deduplication of dependencies in npm v3, the \fBls\fP output was modified to display the logical dependency graph as a tree structure, since this was more useful to most users\. -However, without using \fBnpm ls \-l\fP, it became impossible show \fIwhere\fR a +However, without using \fBnpm ls \-l\fP, it became impossible to show \fIwhere\fR a package was actually installed much of the time! .P With the advent of automatic installation of \fBpeerDependencies\fP in npm v7, diff --git a/deps/npm/man/man1/npm.1 b/deps/npm/man/man1/npm.1 index 984dbc49192dd7..b3bc8bb417198d 100644 --- a/deps/npm/man/man1/npm.1 +++ b/deps/npm/man/man1/npm.1 @@ -4,7 +4,7 @@ .SS Synopsis .SS Version .P -8\.15\.0 +8\.15\.1 .SS Description .P npm is the package manager for the Node JavaScript platform\. It puts diff --git a/deps/npm/man/man5/package-json.5 b/deps/npm/man/man5/package-json.5 index 0fd5174f6aa7b6..ae522f1de8294a 100644 --- a/deps/npm/man/man5/package-json.5 +++ b/deps/npm/man/man5/package-json.5 @@ -709,7 +709,7 @@ commit\. If the commit\-ish has the format \fB#semver:\fP, \fB\f be any valid semver range or exact version, and npm will look for any tags or refs matching that range in the remote repository, much as it would for a registry dependency\. If neither \fB#\fP or \fB#semver:\fP is -specified, then \fBmaster\fP is used\. +specified, then the default branch is used\. .P Examples: .P diff --git a/deps/npm/man/man7/workspaces.7 b/deps/npm/man/man7/workspaces.7 index 0bc4488b44e5f2..6575130ec7f759 100644 --- a/deps/npm/man/man7/workspaces.7 +++ b/deps/npm/man/man7/workspaces.7 @@ -143,6 +143,8 @@ nested workspaces to be consumed elsewhere\. .P You can use the \fBworkspace\fP configuration option to run commands in the context of a configured workspace\. +Additionally, if your current directory is in a workspace, the \fBworkspace\fP +configuration is implicitly set, and \fBprefix\fP is set to the root workspace\. .P Following is a quick example on how to use the \fBnpm run\fP command in the context of nested workspaces\. For a project containing multiple workspaces, e\.g: @@ -168,7 +170,15 @@ npm run test \-\-workspace=a .fi .RE .P -This will run the \fBtest\fP script defined within the +You could also run the command within the workspace\. +.P +.RS 2 +.nf +cd packages/a && npm run test +.fi +.RE +.P +Either will run the \fBtest\fP script defined within the \fB\|\./packages/a/package\.json\fP file\. .P Please note that you can also specify this argument multiple times in the diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/build-ideal-tree.js b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/build-ideal-tree.js index da2652c449a1cd..0e98ed6fc533c1 100644 --- a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/build-ideal-tree.js +++ b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/build-ideal-tree.js @@ -484,7 +484,7 @@ Try using the package name instead, e.g: .catch(/* istanbul ignore next */ er => null) if (st && st.isSymbolicLink()) { const target = await readlink(dir) - const real = resolve(dirname(dir), target) + const real = resolve(dirname(dir), target).replace(/#/g, '%23') tree.package.dependencies[name] = `file:${real}` } else { tree.package.dependencies[name] = '*' @@ -603,7 +603,7 @@ Try using the package name instead, e.g: if (filepath) { const { name } = spec const tree = this.idealTree.target - spec = npa(`file:${relpath(tree.path, filepath)}`, tree.path) + spec = npa(`file:${relpath(tree.path, filepath).replace(/#/g, '%23')}`, tree.path) spec.name = name } return spec diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/load-actual.js b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/load-actual.js index 43351b69034af8..d4eabe8c0fdfd7 100644 --- a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/load-actual.js +++ b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/load-actual.js @@ -196,7 +196,7 @@ module.exports = cls => class ActualLoader extends cls { const actualRoot = tree.isLink ? tree.target : tree const { dependencies = {} } = actualRoot.package for (const [name, kid] of actualRoot.children.entries()) { - const def = kid.isLink ? `file:${kid.realpath}` : '*' + const def = kid.isLink ? `file:${kid.realpath.replace(/#/g, '%23')}` : '*' dependencies[name] = dependencies[name] || def } actualRoot.package = { ...actualRoot.package, dependencies } diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/load-virtual.js b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/load-virtual.js index fb3f334747fc8a..947659f177eefe 100644 --- a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/load-virtual.js +++ b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/load-virtual.js @@ -162,7 +162,7 @@ module.exports = cls => class VirtualLoader extends cls { lockfile: s.data, }) for (const [name, path] of workspaces.entries()) { - lockWS.push(['workspace', name, `file:${path}`]) + lockWS.push(['workspace', name, `file:${path.replace(/#/g, '%23')}`]) } const lockEdges = [ diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js index faf016c7040109..4f1061e4abe500 100644 --- a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js +++ b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js @@ -1241,7 +1241,7 @@ module.exports = cls => class Reifier extends cls { // path initially, in which case we can end up with the wrong // thing, so just get the ultimate fetchSpec and relativize it. const p = req.fetchSpec.replace(/^file:/, '') - const rel = relpath(addTree.realpath, p) + const rel = relpath(addTree.realpath, p).replace(/#/g, '%23') newSpec = `file:${rel}` } } else { diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/consistent-resolve.js b/deps/npm/node_modules/@npmcli/arborist/lib/consistent-resolve.js index e34e40a46d0024..5308dc7e2f95ea 100644 --- a/deps/npm/node_modules/@npmcli/arborist/lib/consistent-resolve.js +++ b/deps/npm/node_modules/@npmcli/arborist/lib/consistent-resolve.js @@ -20,8 +20,8 @@ const consistentResolve = (resolved, fromPath, toPath, relPaths = false) => { raw, } = npa(resolved, fromPath) const isPath = type === 'file' || type === 'directory' - return isPath && !relPaths ? `file:${fetchSpec}` - : isPath ? 'file:' + (toPath ? relpath(toPath, fetchSpec) : fetchSpec) + return isPath && !relPaths ? `file:${fetchSpec.replace(/#/g, '%23')}` + : isPath ? 'file:' + (toPath ? relpath(toPath, fetchSpec.replace(/#/g, '%23')) : fetchSpec.replace(/#/g, '%23')) : hosted ? `git+${ hosted.auth ? hosted.https(hostedOpt) : hosted.sshurl(hostedOpt) }` diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/link.js b/deps/npm/node_modules/@npmcli/arborist/lib/link.js index dcce8c0d3dfa55..6fed063772b6a8 100644 --- a/deps/npm/node_modules/@npmcli/arborist/lib/link.js +++ b/deps/npm/node_modules/@npmcli/arborist/lib/link.js @@ -118,7 +118,7 @@ class Link extends Node { // the path/realpath guard is there for the benefit of setting // these things in the "wrong" order return this.path && this.realpath - ? `file:${relpath(dirname(this.path), this.realpath)}` + ? `file:${relpath(dirname(this.path), this.realpath).replace(/#/g, '%23')}` : null } diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/node.js b/deps/npm/node_modules/@npmcli/arborist/lib/node.js index d731e5f617908a..66d46d746abf3e 100644 --- a/deps/npm/node_modules/@npmcli/arborist/lib/node.js +++ b/deps/npm/node_modules/@npmcli/arborist/lib/node.js @@ -824,7 +824,7 @@ class Node { } for (const [name, path] of this[_workspaces].entries()) { - new Edge({ from: this, name, spec: `file:${path}`, type: 'workspace' }) + new Edge({ from: this, name, spec: `file:${path.replace(/#/g, '%23')}`, type: 'workspace' }) } } diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/shrinkwrap.js b/deps/npm/node_modules/@npmcli/arborist/lib/shrinkwrap.js index 3305bac4914be5..e2180fd4c8076e 100644 --- a/deps/npm/node_modules/@npmcli/arborist/lib/shrinkwrap.js +++ b/deps/npm/node_modules/@npmcli/arborist/lib/shrinkwrap.js @@ -815,7 +815,7 @@ class Shrinkwrap { const pathFixed = !resolved ? null : !/^file:/.test(resolved) ? resolved // resolve onto the metadata path - : `file:${resolve(this.path, resolved.slice(5))}` + : `file:${resolve(this.path, resolved.slice(5)).replace(/#/g, '%23')}` // if we have one, only set the other if it matches // otherwise it could be for a completely different thing. @@ -996,7 +996,7 @@ class Shrinkwrap { : npa.resolve(node.name, edge.spec, edge.from.realpath) if (node.isLink) { - lock.version = `file:${relpath(this.path, node.realpath)}` + lock.version = `file:${relpath(this.path, node.realpath).replace(/#/g, '%23')}` } else if (spec && (spec.type === 'file' || spec.type === 'remote')) { lock.version = spec.saveSpec } else if (spec && spec.type === 'git' || rSpec.type === 'git') { @@ -1074,7 +1074,7 @@ class Shrinkwrap { // this especially shows up with workspace edges when the root // node is also a workspace in the set. const p = resolve(node.realpath, spec.slice('file:'.length)) - set[k] = `file:${relpath(node.realpath, p)}` + set[k] = `file:${relpath(node.realpath, p).replace(/#/g, '%23')}` } else { set[k] = spec } diff --git a/deps/npm/node_modules/@npmcli/arborist/package.json b/deps/npm/node_modules/@npmcli/arborist/package.json index 328cdf0146c141..48814eda69166f 100644 --- a/deps/npm/node_modules/@npmcli/arborist/package.json +++ b/deps/npm/node_modules/@npmcli/arborist/package.json @@ -1,6 +1,6 @@ { "name": "@npmcli/arborist", - "version": "5.3.0", + "version": "5.3.1", "description": "Manage node_modules trees", "dependencies": { "@isaacs/string-locale-compare": "^1.1.0", diff --git a/deps/npm/package.json b/deps/npm/package.json index 969e8e160c28c5..7526c4754b0ff5 100644 --- a/deps/npm/package.json +++ b/deps/npm/package.json @@ -1,5 +1,5 @@ { - "version": "8.15.0", + "version": "8.15.1", "name": "npm", "description": "a package manager for JavaScript", "workspaces": [ diff --git a/deps/npm/tap-snapshots/test/lib/commands/link.js.test.cjs b/deps/npm/tap-snapshots/test/lib/commands/link.js.test.cjs index a9a10b20a2f83d..e01409e4ce1964 100644 --- a/deps/npm/tap-snapshots/test/lib/commands/link.js.test.cjs +++ b/deps/npm/tap-snapshots/test/lib/commands/link.js.test.cjs @@ -5,6 +5,11 @@ * Make sure to inspect the output below. Do not ignore changes! */ 'use strict' +exports[`test/lib/commands/link.js TAP hash character in working directory path > should create a global link to current pkg, even within path with hash 1`] = ` +{CWD}/test/lib/commands/tap-testdir-link-hash-character-in-working-directory-path/global-prefix/lib/node_modules/test-pkg-link -> {CWD}/test/lib/commands/tap-testdir-link-hash-character-in-working-directory-path/i_like_#_in_my_paths/test-pkg-link + +` + exports[`test/lib/commands/link.js TAP link global linked pkg to local nm when using args > should create a local symlink to global pkg 1`] = ` {CWD}/test/lib/commands/tap-testdir-link-link-global-linked-pkg-to-local-nm-when-using-args/my-project/node_modules/@myscope/bar -> {CWD}/test/lib/commands/tap-testdir-link-link-global-linked-pkg-to-local-nm-when-using-args/global-prefix/lib/node_modules/@myscope/bar {CWD}/test/lib/commands/tap-testdir-link-link-global-linked-pkg-to-local-nm-when-using-args/my-project/node_modules/@myscope/linked -> {CWD}/test/lib/commands/tap-testdir-link-link-global-linked-pkg-to-local-nm-when-using-args/scoped-linked diff --git a/deps/npm/tap-snapshots/test/lib/load-all-commands.js.test.cjs b/deps/npm/tap-snapshots/test/lib/load-all-commands.js.test.cjs index b697dfbb796c68..88b1d49556fd89 100644 --- a/deps/npm/tap-snapshots/test/lib/load-all-commands.js.test.cjs +++ b/deps/npm/tap-snapshots/test/lib/load-all-commands.js.test.cjs @@ -116,8 +116,13 @@ Usage: npm ci Options: -[--no-audit] [--foreground-scripts] [--ignore-scripts] -[--script-shell ] +[-S|--save|--no-save|--save-prod|--save-dev|--save-optional|--save-peer|--save-bundle] +[-E|--save-exact] [-g|--global] [--global-style] [--legacy-bundling] +[--omit [--omit ...]] +[--strict-peer-deps] [--no-package-lock] [--foreground-scripts] +[--ignore-scripts] [--no-audit] [--no-bin-links] [--no-fund] [--dry-run] +[-w|--workspace [-w|--workspace ...]] +[-ws|--workspaces] [--include-workspace-root] [--install-links] aliases: clean-install, ic, install-clean, isntall-clean @@ -425,8 +430,13 @@ Usage: npm install-ci-test Options: -[--no-audit] [--foreground-scripts] [--ignore-scripts] -[--script-shell ] +[-S|--save|--no-save|--save-prod|--save-dev|--save-optional|--save-peer|--save-bundle] +[-E|--save-exact] [-g|--global] [--global-style] [--legacy-bundling] +[--omit [--omit ...]] +[--strict-peer-deps] [--no-package-lock] [--foreground-scripts] +[--ignore-scripts] [--no-audit] [--no-bin-links] [--no-fund] [--dry-run] +[-w|--workspace [-w|--workspace ...]] +[-ws|--workspaces] [--include-workspace-root] [--install-links] alias: cit diff --git a/deps/npm/tap-snapshots/test/lib/npm.js.test.cjs b/deps/npm/tap-snapshots/test/lib/npm.js.test.cjs index b2ba45b2d615cb..8d5f188b07924c 100644 --- a/deps/npm/tap-snapshots/test/lib/npm.js.test.cjs +++ b/deps/npm/tap-snapshots/test/lib/npm.js.test.cjs @@ -254,8 +254,13 @@ All commands: npm ci Options: - [--no-audit] [--foreground-scripts] [--ignore-scripts] - [--script-shell ] + [-S|--save|--no-save|--save-prod|--save-dev|--save-optional|--save-peer|--save-bundle] + [-E|--save-exact] [-g|--global] [--global-style] [--legacy-bundling] + [--omit [--omit ...]] + [--strict-peer-deps] [--no-package-lock] [--foreground-scripts] + [--ignore-scripts] [--no-audit] [--no-bin-links] [--no-fund] [--dry-run] + [-w|--workspace [-w|--workspace ...]] + [-ws|--workspaces] [--include-workspace-root] [--install-links] aliases: clean-install, ic, install-clean, isntall-clean @@ -511,8 +516,13 @@ All commands: npm install-ci-test Options: - [--no-audit] [--foreground-scripts] [--ignore-scripts] - [--script-shell ] + [-S|--save|--no-save|--save-prod|--save-dev|--save-optional|--save-peer|--save-bundle] + [-E|--save-exact] [-g|--global] [--global-style] [--legacy-bundling] + [--omit [--omit ...]] + [--strict-peer-deps] [--no-package-lock] [--foreground-scripts] + [--ignore-scripts] [--no-audit] [--no-bin-links] [--no-fund] [--dry-run] + [-w|--workspace [-w|--workspace ...]] + [-ws|--workspaces] [--include-workspace-root] [--install-links] alias: cit diff --git a/deps/npm/test/fixtures/mock-npm.js b/deps/npm/test/fixtures/mock-npm.js index a79812fb71a299..90bf7da4c10bc7 100644 --- a/deps/npm/test/fixtures/mock-npm.js +++ b/deps/npm/test/fixtures/mock-npm.js @@ -108,17 +108,20 @@ const LoadMockNpm = async (t, { cache: cacheDir, global: globalPrefixDir, }) - const prefix = path.join(dir, 'prefix') - const cache = path.join(dir, 'cache') - const globalPrefix = path.join(dir, 'global') - const home = path.join(dir, 'home') + const dirs = { + testdir: dir, + prefix: path.join(dir, 'prefix'), + cache: path.join(dir, 'cache'), + globalPrefix: path.join(dir, 'global'), + home: path.join(dir, 'home'), + } // Set cache to testdir via env var so it is available when load is run // XXX: remove this for a solution where cache argv is passed in mockGlobals(t, { - 'process.env.HOME': home, - 'process.env.npm_config_cache': cache, - ...(globals ? result(globals, { prefix, cache, home }) : {}), + 'process.env.HOME': dirs.home, + 'process.env.npm_config_cache': dirs.cache, + ...(globals ? result(globals, { ...dirs }) : {}), // Some configs don't work because they can't be set via npm.config.set until // config is loaded. But some config items are needed before that. So this is // an explicit set of configs that must be loaded as env vars. @@ -126,7 +129,8 @@ const LoadMockNpm = async (t, { ...Object.entries(config) .filter(([k]) => envConfigKeys.includes(k)) .reduce((acc, [k, v]) => { - acc[`process.env.npm_config_${k.replace(/-/g, '_')}`] = v.toString() + acc[`process.env.npm_config_${k.replace(/-/g, '_')}`] = + result(v, { ...dirs }).toString() return acc }, {}), }) @@ -138,7 +142,7 @@ const LoadMockNpm = async (t, { if (load) { await npm.load() - for (const [k, v] of Object.entries(result(config, { npm, prefix, cache }))) { + for (const [k, v] of Object.entries(result(config, { npm, ...dirs }))) { if (typeof v === 'object' && v.value && v.where) { npm.config.set(k, v.value, v.where) } else { @@ -148,20 +152,16 @@ const LoadMockNpm = async (t, { // Set global loglevel *again* since it possibly got reset during load // XXX: remove with npmlog setLoglevel(t, config.loglevel, false) - npm.prefix = prefix - npm.cache = cache - npm.globalPrefix = globalPrefix + npm.prefix = dirs.prefix + npm.cache = dirs.cache + npm.globalPrefix = dirs.globalPrefix } return { ...rest, + ...dirs, Npm, npm, - home, - prefix, - globalPrefix, - testdir: dir, - cache, debugFile: async () => { const readFiles = npm.logFiles.map(f => fs.readFile(f)) const logFiles = await Promise.all(readFiles) @@ -171,7 +171,7 @@ const LoadMockNpm = async (t, { .join('\n') }, timingFile: async () => { - const data = await fs.readFile(path.resolve(cache, '_timing.json'), 'utf8') + const data = await fs.readFile(path.resolve(dirs.cache, '_timing.json'), 'utf8') return JSON.parse(data) // XXX: this fails if multiple timings are written }, } diff --git a/deps/npm/test/lib/commands/init.js b/deps/npm/test/lib/commands/init.js index 32816adbc272ee..e7b2739341437c 100644 --- a/deps/npm/test/lib/commands/init.js +++ b/deps/npm/test/lib/commands/init.js @@ -136,6 +136,44 @@ t.test('npm init @scope/name', async t => { await init.exec(['@npmcli/something']) }) +t.test('npm init @scope@spec', async t => { + t.plan(1) + npm.localPrefix = t.testdir({}) + + const Init = t.mock('../../../lib/commands/init.js', { + libnpmexec: ({ args }) => { + t.same( + args, + ['@npmcli/create@foo'], + 'should npx with scoped packages' + ) + }, + }) + const init = new Init(npm) + + process.chdir(npm.localPrefix) + await init.exec(['@npmcli@foo']) +}) + +t.test('npm init @scope/name@spec', async t => { + t.plan(1) + npm.localPrefix = t.testdir({}) + + const Init = t.mock('../../../lib/commands/init.js', { + libnpmexec: ({ args }) => { + t.same( + args, + ['@npmcli/create-something@foo'], + 'should npx with scoped packages' + ) + }, + }) + const init = new Init(npm) + + process.chdir(npm.localPrefix) + await init.exec(['@npmcli/something@foo']) +}) + t.test('npm init git spec', async t => { t.plan(1) npm.localPrefix = t.testdir({}) diff --git a/deps/npm/test/lib/commands/link.js b/deps/npm/test/lib/commands/link.js index a01de0b2479909..5bd7a3f1480ae1 100644 --- a/deps/npm/test/lib/commands/link.js +++ b/deps/npm/test/lib/commands/link.js @@ -514,3 +514,39 @@ t.test('--global option', async t => { 'should throw an useful error' ) }) + +t.test('hash character in working directory path', async t => { + const testdir = t.testdir({ + 'global-prefix': { + lib: { + node_modules: { + a: { + 'package.json': JSON.stringify({ + name: 'a', + version: '1.0.0', + }), + }, + }, + }, + }, + 'i_like_#_in_my_paths': { + 'test-pkg-link': { + 'package.json': JSON.stringify({ + name: 'test-pkg-link', + version: '1.0.0', + }), + }, + }, + }) + npm.globalDir = resolve(testdir, 'global-prefix', 'lib', 'node_modules') + npm.prefix = resolve(testdir, 'i_like_#_in_my_paths', 'test-pkg-link') + + link.workspacePaths = null + await link.exec([]) + const links = await printLinks({ + path: resolve(npm.globalDir, '..'), + global: true, + }) + + t.matchSnapshot(links, 'should create a global link to current pkg, even within path with hash') +}) diff --git a/deps/npm/test/lib/npm.js b/deps/npm/test/lib/npm.js index cd692a93f50772..62e48ce6050db1 100644 --- a/deps/npm/test/lib/npm.js +++ b/deps/npm/test/lib/npm.js @@ -3,6 +3,7 @@ const { resolve, dirname, join } = require('path') const { load: loadMockNpm } = require('../fixtures/mock-npm.js') const mockGlobals = require('../fixtures/mock-globals') +const fs = require('@npmcli/fs') // delete this so that we don't have configs from the fact that it // is being run by 'npm test' @@ -435,23 +436,42 @@ t.test('debug log', async t => { t.match(debug, log2.join(' '), 'after load log appears') }) - t.test('with bad dir', async t => { - const { npm } = await loadMockNpm(t, { + t.test('can load with bad dir', async t => { + const { npm, testdir } = await loadMockNpm(t, { + load: false, config: { - 'logs-dir': 'LOGS_DIR', - }, - mocks: { - '@npmcli/fs': { - mkdir: async (dir) => { - if (dir.includes('LOGS_DIR')) { - throw new Error('err') - } - }, - }, + 'logs-dir': (c) => join(c.testdir, 'my_logs_dir'), }, }) + const logsDir = join(testdir, 'my_logs_dir') + + // make logs dir a file before load so it files + await fs.writeFile(logsDir, 'A_TEXT_FILE') + await t.resolves(npm.load(), 'loads with invalid logs dir') + + t.equal(npm.logFiles.length, 0, 'no log files array') + t.strictSame(fs.readFileSync(logsDir, 'utf-8'), 'A_TEXT_FILE') + }) +}) + +t.test('cache dir', async t => { + t.test('creates a cache dir', async t => { + const { npm } = await loadMockNpm(t) + + t.ok(fs.existsSync(npm.cache), 'cache dir exists') + }) + + t.test('can load with a bad cache dir', async t => { + const { npm, cache } = await loadMockNpm(t, { + load: false, + // The easiest way to make mkdir(cache) fail is to make it a file. + // This will have the same effect as if its read only or inaccessible. + cacheDir: 'A_TEXT_FILE', + }) + + await t.resolves(npm.load(), 'loads with cache dir as a file') - t.equal(npm.logFiles.length, 0, 'no log file') + t.equal(fs.readFileSync(cache, 'utf-8'), 'A_TEXT_FILE') }) })