From cc9c53a87f8a7f9726ad72b350a878492a1483e8 Mon Sep 17 00:00:00 2001
From: npm CLI robot Description
the results to only the paths to the packages named. Note that nested
packages will also show the paths to the specified packages. For
example, running npm ls promzard
in npm's source tree will show:
npm@8.13.1 /path/to/npm
+npm@8.13.2 /path/to/npm
└─┬ init-package-json@0.0.4
└── promzard@0.1.5
diff --git a/deps/npm/docs/output/commands/npm-run-script.html b/deps/npm/docs/output/commands/npm-run-script.html
index d74acb05644..5b1150cf4b9 100644
--- a/deps/npm/docs/output/commands/npm-run-script.html
+++ b/deps/npm/docs/output/commands/npm-run-script.html
@@ -142,7 +142,7 @@ npm-run-script
Table of contents
-
+
Synopsis
@@ -319,6 +319,18 @@ ignore-scripts
will not run any pre- or post-scripts.
+foreground-scripts
+
+- Default: false
+- Type: Boolean
+
+Run all build scripts (ie, preinstall
, install
, and postinstall
)
+scripts for installed packages in the foreground process, sharing standard
+input, output, and error with the main npm process.
+Note that this will generally make installs run slower, and be much noisier,
+but can be useful for debugging.
+
+
script-shell
- Default: '/bin/sh' on POSIX systems, 'cmd.exe' on Windows
diff --git a/deps/npm/docs/output/commands/npm.html b/deps/npm/docs/output/commands/npm.html
index c7b7dd5dc7a..9a0446af631 100644
--- a/deps/npm/docs/output/commands/npm.html
+++ b/deps/npm/docs/output/commands/npm.html
@@ -149,7 +149,7 @@ Table of contents
Version
-8.13.1
+8.13.2
Description
npm is the package manager for the Node JavaScript platform. It puts
modules in place so that node can find them, and manages dependency
diff --git a/deps/npm/lib/commands/run-script.js b/deps/npm/lib/commands/run-script.js
index a1591c7900b..8507dbe79a9 100644
--- a/deps/npm/lib/commands/run-script.js
+++ b/deps/npm/lib/commands/run-script.js
@@ -35,6 +35,7 @@ class RunScript extends BaseCommand {
'include-workspace-root',
'if-present',
'ignore-scripts',
+ 'foreground-scripts',
'script-shell',
]
diff --git a/deps/npm/man/man1/npm-ls.1 b/deps/npm/man/man1/npm-ls.1
index a24c524909f..5a78c46a6e6 100644
--- a/deps/npm/man/man1/npm-ls.1
+++ b/deps/npm/man/man1/npm-ls.1
@@ -26,7 +26,7 @@ example, running \fBnpm ls promzard\fP in npm's source tree will show:
.P
.RS 2
.nf
-npm@8\.13\.1 /path/to/npm
+npm@8\.13\.2 /path/to/npm
└─┬ init\-package\-json@0\.0\.4
└── promzard@0\.1\.5
.fi
diff --git a/deps/npm/man/man1/npm-run-script.1 b/deps/npm/man/man1/npm-run-script.1
index c9dc22f4eb6..c9c2925ff12 100644
--- a/deps/npm/man/man1/npm-run-script.1
+++ b/deps/npm/man/man1/npm-run-script.1
@@ -246,6 +246,21 @@ Note that commands explicitly intended to run a particular script, such as
\fBnpm start\fP, \fBnpm stop\fP, \fBnpm restart\fP, \fBnpm test\fP, and \fBnpm run\-script\fP
will still run their intended script if \fBignore\-scripts\fP is set, but they
will \fInot\fR run any pre\- or post\-scripts\.
+.SS \fBforeground\-scripts\fP
+.RS 0
+.IP \(bu 2
+Default: false
+.IP \(bu 2
+Type: Boolean
+
+.RE
+.P
+Run all build scripts (ie, \fBpreinstall\fP, \fBinstall\fP, and \fBpostinstall\fP)
+scripts for installed packages in the foreground process, sharing standard
+input, output, and error with the main npm process\.
+.P
+Note that this will generally make installs run slower, and be much noisier,
+but can be useful for debugging\.
.SS \fBscript\-shell\fP
.RS 0
.IP \(bu 2
diff --git a/deps/npm/man/man1/npm.1 b/deps/npm/man/man1/npm.1
index a26c713a110..1e2c15ebae1 100644
--- a/deps/npm/man/man1/npm.1
+++ b/deps/npm/man/man1/npm.1
@@ -4,7 +4,7 @@
.SS Synopsis
.SS Version
.P
-8\.13\.1
+8\.13\.2
.SS Description
.P
npm is the package manager for the Node JavaScript platform\. It puts
diff --git a/deps/npm/node_modules/@npmcli/metavuln-calculator/lib/advisory.js b/deps/npm/node_modules/@npmcli/metavuln-calculator/lib/advisory.js
index d30838e7384..1f479a90dd9 100644
--- a/deps/npm/node_modules/@npmcli/metavuln-calculator/lib/advisory.js
+++ b/deps/npm/node_modules/@npmcli/metavuln-calculator/lib/advisory.js
@@ -166,8 +166,8 @@ class Advisory {
// we can try to be a *little* smarter up front by doing x-y for all
// contiguous version sets in the list
const ranges = []
- this.versions = semver.sort(this.versions)
- this.vulnerableVersions = semver.sort(this.vulnerableVersions)
+ this.versions = semver.sort(this.versions, semverOpt)
+ this.vulnerableVersions = semver.sort(this.vulnerableVersions, semverOpt)
for (let v = 0, vulnVer = 0; v < this.versions.length; v++) {
// figure out the vulnerable subrange
const vr = [this.versions[v]]
diff --git a/deps/npm/node_modules/@npmcli/metavuln-calculator/package.json b/deps/npm/node_modules/@npmcli/metavuln-calculator/package.json
index 2c04e0fd420..2e7209ffc7d 100644
--- a/deps/npm/node_modules/@npmcli/metavuln-calculator/package.json
+++ b/deps/npm/node_modules/@npmcli/metavuln-calculator/package.json
@@ -1,6 +1,6 @@
{
"name": "@npmcli/metavuln-calculator",
- "version": "3.1.0",
+ "version": "3.1.1",
"main": "lib/index.js",
"files": [
"bin/",
@@ -33,7 +33,7 @@
},
"devDependencies": {
"@npmcli/eslint-config": "^3.0.1",
- "@npmcli/template-oss": "3.2.0",
+ "@npmcli/template-oss": "3.5.0",
"require-inject": "^1.4.4",
"tap": "^16.0.1"
},
@@ -48,6 +48,6 @@
},
"templateOSS": {
"//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
- "version": "3.2.0"
+ "version": "3.5.0"
}
}
diff --git a/deps/npm/node_modules/@npmcli/run-script/lib/escape.js b/deps/npm/node_modules/@npmcli/run-script/lib/escape.js
index 5254be24bf7..3c574371bcf 100644
--- a/deps/npm/node_modules/@npmcli/run-script/lib/escape.js
+++ b/deps/npm/node_modules/@npmcli/run-script/lib/escape.js
@@ -65,7 +65,13 @@ const sh = (input) => {
return result
}
+// disabling the no-control-regex rule for this line as we very specifically _do_ want to
+// replace those characters if they somehow exist at this point, which is highly unlikely
+// eslint-disable-next-line no-control-regex
+const filename = (input) => input.replace(/[<>:"/\\|?*\x00-\x31]/g, '')
+
module.exports = {
cmd,
sh,
+ filename,
}
diff --git a/deps/npm/node_modules/@npmcli/run-script/lib/make-spawn-args.js b/deps/npm/node_modules/@npmcli/run-script/lib/make-spawn-args.js
index 660588e3ee9..47f73463011 100644
--- a/deps/npm/node_modules/@npmcli/run-script/lib/make-spawn-args.js
+++ b/deps/npm/node_modules/@npmcli/run-script/lib/make-spawn-args.js
@@ -30,6 +30,7 @@ const makeSpawnArgs = options => {
npm_config_node_gyp,
})
+ const fileName = escape.filename(`${event}-${Date.now()}`)
let scriptFile
let script = ''
@@ -61,7 +62,7 @@ const makeSpawnArgs = options => {
const doubleEscape = pathToInitial.endsWith('.cmd') || pathToInitial.endsWith('.bat')
- scriptFile = resolve(tmpdir(), `${event}-${Date.now()}.cmd`)
+ scriptFile = resolve(tmpdir(), `${fileName}.cmd`)
script += '@echo off\n'
script += cmd
if (args.length) {
@@ -71,7 +72,7 @@ const makeSpawnArgs = options => {
const shebang = isAbsolute(scriptShell)
? `#!${scriptShell}`
: `#!/usr/bin/env ${scriptShell}`
- scriptFile = resolve(tmpdir(), `${event}-${Date.now()}.sh`)
+ scriptFile = resolve(tmpdir(), `${fileName}.sh`)
script += `${shebang}\n`
script += cmd
if (args.length) {
diff --git a/deps/npm/node_modules/@npmcli/run-script/package.json b/deps/npm/node_modules/@npmcli/run-script/package.json
index ef8b43f772d..1ce162dd8d1 100644
--- a/deps/npm/node_modules/@npmcli/run-script/package.json
+++ b/deps/npm/node_modules/@npmcli/run-script/package.json
@@ -1,6 +1,6 @@
{
"name": "@npmcli/run-script",
- "version": "4.1.3",
+ "version": "4.1.5",
"description": "Run a lifecycle script for a package (descendant of npm-lifecycle)",
"author": "GitHub Inc.",
"license": "ISC",
@@ -17,10 +17,6 @@
"posttest": "npm run lint",
"template-oss-apply": "template-oss-apply --force"
},
- "tap": {
- "check-coverage": true,
- "coverage-map": "map.js"
- },
"devDependencies": {
"@npmcli/eslint-config": "^3.0.1",
"@npmcli/template-oss": "3.5.0",
@@ -32,7 +28,8 @@
"@npmcli/node-gyp": "^2.0.0",
"@npmcli/promise-spawn": "^3.0.0",
"node-gyp": "^9.0.0",
- "read-package-json-fast": "^2.0.3"
+ "read-package-json-fast": "^2.0.3",
+ "which": "^2.0.2"
},
"files": [
"bin/",
diff --git a/deps/npm/node_modules/npm-packlist/lib/index.js b/deps/npm/node_modules/npm-packlist/lib/index.js
index e4a2e76c545..bd72329f027 100644
--- a/deps/npm/node_modules/npm-packlist/lib/index.js
+++ b/deps/npm/node_modules/npm-packlist/lib/index.js
@@ -34,10 +34,13 @@ const glob = require('glob')
const globify = pattern => pattern.split('\\').join('/')
const readOutOfTreeIgnoreFiles = (root, rel, result = '') => {
- for (const file of ['.gitignore', '.npmignore']) {
+ for (const file of ['.npmignore', '.gitignore']) {
try {
const ignoreContent = fs.readFileSync(path.join(root, file), { encoding: 'utf8' })
result += ignoreContent + '\n'
+ // break the loop immediately after concatting, this allows us to prioritize the
+ // .npmignore and discard the .gitignore if one exists
+ break
} catch (err) {
// we ignore ENOENT errors completely because we don't care if the file doesn't exist
// but we throw everything else because failing to read a file that does exist is
diff --git a/deps/npm/node_modules/npm-packlist/package.json b/deps/npm/node_modules/npm-packlist/package.json
index dfa0188b4c4..4c63caf21e8 100644
--- a/deps/npm/node_modules/npm-packlist/package.json
+++ b/deps/npm/node_modules/npm-packlist/package.json
@@ -1,6 +1,6 @@
{
"name": "npm-packlist",
- "version": "5.1.0",
+ "version": "5.1.1",
"description": "Get a list of the files to add from a folder into an npm package",
"directories": {
"test": "test"
diff --git a/deps/npm/package.json b/deps/npm/package.json
index a9d84ab62ce..95afa528fa1 100644
--- a/deps/npm/package.json
+++ b/deps/npm/package.json
@@ -1,5 +1,5 @@
{
- "version": "8.13.1",
+ "version": "8.13.2",
"name": "npm",
"description": "a package manager for JavaScript",
"workspaces": [
@@ -62,7 +62,7 @@
"@npmcli/fs": "^2.1.0",
"@npmcli/map-workspaces": "^2.0.3",
"@npmcli/package-json": "^2.0.0",
- "@npmcli/run-script": "^4.1.3",
+ "@npmcli/run-script": "^4.1.5",
"abbrev": "~1.1.1",
"archy": "~1.0.0",
"cacache": "^16.1.1",
diff --git a/deps/npm/tap-snapshots/test/lib/load-all-commands.js.test.cjs b/deps/npm/tap-snapshots/test/lib/load-all-commands.js.test.cjs
index 13a3b06fe33..57dd6126660 100644
--- a/deps/npm/tap-snapshots/test/lib/load-all-commands.js.test.cjs
+++ b/deps/npm/tap-snapshots/test/lib/load-all-commands.js.test.cjs
@@ -746,7 +746,7 @@ npm run-script [-- ]
Options:
[-w|--workspace [-w|--workspace ...]]
[-ws|--workspaces] [--include-workspace-root] [--if-present] [--ignore-scripts]
-[--script-shell ]
+[--foreground-scripts] [--script-shell ]
aliases: run, rum, urn
diff --git a/deps/npm/tap-snapshots/test/lib/npm.js.test.cjs b/deps/npm/tap-snapshots/test/lib/npm.js.test.cjs
index c59252f9e81..5ae34e86877 100644
--- a/deps/npm/tap-snapshots/test/lib/npm.js.test.cjs
+++ b/deps/npm/tap-snapshots/test/lib/npm.js.test.cjs
@@ -790,7 +790,7 @@ All commands:
Options:
[-w|--workspace [-w|--workspace ...]]
[-ws|--workspaces] [--include-workspace-root] [--if-present] [--ignore-scripts]
- [--script-shell ]
+ [--foreground-scripts] [--script-shell ]
aliases: run, rum, urn