.release-please-manifest.json

@@ -1,14 +1,14 @@
 {
-  ".": "9.1.2",
-  "workspaces/arborist": "6.1.3",
+  ".": "9.1.3",
+  "workspaces/arborist": "6.1.4",
   "workspaces/libnpmaccess": "7.0.0",
-  "workspaces/libnpmdiff": "5.0.4",
-  "workspaces/libnpmexec": "5.0.4",
-  "workspaces/libnpmfund": "4.0.4",
+  "workspaces/libnpmdiff": "5.0.5",
+  "workspaces/libnpmexec": "5.0.5",
+  "workspaces/libnpmfund": "4.0.5",
   "workspaces/libnpmhook": "9.0.0",
   "workspaces/libnpmorg": "5.0.0",
-  "workspaces/libnpmpack": "5.0.4",
-  "workspaces/libnpmpublish": "7.0.4",
+  "workspaces/libnpmpack": "5.0.5",
+  "workspaces/libnpmpublish": "7.0.5",
   "workspaces/libnpmsearch": "6.0.0",
   "workspaces/libnpmteam": "5.0.0",
   "workspaces/libnpmversion": "4.0.1",

AUTHORS

@@ -864,3 +864,6 @@ shalvah <diakon.ng@gmail.com>
 Albert 理斯特 <shuaizhexu@gmail.com>
 Gennadiy Gashev <63790536+gennadiygashev@users.noreply.github.com>
 Andrew Dawes <andrewsdawes@gmail.com>
+sosoba <slawomir.osoba@coig.pl>
+Aron <aron@master.co>
+HenryNguyen5 <6404866+HenryNguyen5@users.noreply.github.com>

CHANGELOG.md

@@ -1,5 +1,28 @@
 # Changelog
 
+## [9.1.3](https://github.com/npm/cli/compare/v9.1.2...v9.1.3) (2022-11-30)
+
+### Bug Fixes
+
+* [`ffbdea2`](https://github.com/npm/cli/commit/ffbdea286a08eeaf40ab83eea5bfe0602dc6bbcd) [#5894](https://github.com/npm/cli/pull/5894) npm pack filename on scoped packages (#5894) (@HenryNguyen5)
+* [`c26d708`](https://github.com/npm/cli/commit/c26d708428a96da530092759b5ff6d67c7282348) [#5884](https://github.com/npm/cli/pull/5884) validate username at get-identity (#5884) (@sosoba, @nlf)
+
+### Documentation
+
+* [`ea948dc`](https://github.com/npm/cli/commit/ea948dceac5cfeef437c97874ab26c3275e75766) [#5881](https://github.com/npm/cli/pull/5881) update description of npm exec (#5881) (@styfle, @wraithgar)
+* [`40f2c21`](https://github.com/npm/cli/commit/40f2c213d75a252665311b4f8775d297390aeb70) [#5865](https://github.com/npm/cli/pull/5865) ci-info url (#5865) (@wraithgar)
+* [`681a45b`](https://github.com/npm/cli/commit/681a45bb48acd57aa64cb3241ea4915f5a12e029) [#5875](https://github.com/npm/cli/pull/5875) run the comand for directory workspaces (#5875) (@1aron)
+* [`681a45b`](https://github.com/npm/cli/commit/681a45bb48acd57aa64cb3241ea4915f5a12e029) [#5875](https://github.com/npm/cli/pull/5875) add workspace directory example (#5875) (@1aron)
+
+### Dependencies
+
+* [Workspace](https://github.com/npm/cli/compare/arborist-v6.1.3...arborist-v6.1.4): `@npmcli/arborist@6.1.4`
+* [Workspace](https://github.com/npm/cli/compare/libnpmdiff-v5.0.4...libnpmdiff-v5.0.5): `libnpmdiff@5.0.5`
+* [Workspace](https://github.com/npm/cli/compare/libnpmexec-v5.0.4...libnpmexec-v5.0.5): `libnpmexec@5.0.5`
+* [Workspace](https://github.com/npm/cli/compare/libnpmfund-v4.0.4...libnpmfund-v4.0.5): `libnpmfund@4.0.5`
+* [Workspace](https://github.com/npm/cli/compare/libnpmpack-v5.0.4...libnpmpack-v5.0.5): `libnpmpack@5.0.5`
+* [Workspace](https://github.com/npm/cli/compare/libnpmpublish-v7.0.4...libnpmpublish-v7.0.5): `libnpmpublish@7.0.5`
+
 ## [9.1.2](https://github.com/npm/cli/compare/v9.1.1...v9.1.2) (2022-11-16)
 
 ### Bug Fixes

DEPENDENCIES.md

@@ -33,6 +33,7 @@ graph LR;
   libnpmexec-->npm-package-arg;
   libnpmexec-->npmcli-arborist["@npmcli/arborist"];
   libnpmexec-->npmcli-eslint-config["@npmcli/eslint-config"];
+  libnpmexec-->npmcli-mock-registry["@npmcli/mock-registry"];
   libnpmexec-->npmcli-run-script["@npmcli/run-script"];
   libnpmexec-->npmcli-template-oss["@npmcli/template-oss"];
   libnpmexec-->npmlog;
@@ -352,11 +353,14 @@ graph LR;
   libnpmexec-->bin-links;
   libnpmexec-->chalk;
   libnpmexec-->ci-info;
+  libnpmexec-->just-extend;
+  libnpmexec-->just-safe-set;
   libnpmexec-->minify-registry-metadata;
   libnpmexec-->mkdirp;
   libnpmexec-->npm-package-arg;
   libnpmexec-->npmcli-arborist["@npmcli/arborist"];
   libnpmexec-->npmcli-eslint-config["@npmcli/eslint-config"];
+  libnpmexec-->npmcli-mock-registry["@npmcli/mock-registry"];
   libnpmexec-->npmcli-run-script["@npmcli/run-script"];
   libnpmexec-->npmcli-template-oss["@npmcli/template-oss"];
   libnpmexec-->npmlog;
@@ -772,8 +776,8 @@ Each group depends on packages lower down the chain, nothing depends on
 packages higher up the chain.
 
  - npm
- - @npmcli/smoke-tests, libnpmpublish
- - @npmcli/mock-registry, libnpmdiff, libnpmexec, libnpmfund, libnpmpack
+ - @npmcli/smoke-tests, libnpmexec, libnpmpublish
+ - @npmcli/mock-registry, libnpmdiff, libnpmfund, libnpmpack
  - @npmcli/arborist
  - @npmcli/metavuln-calculator
  - pacote, libnpmaccess, libnpmhook, libnpmorg, libnpmsearch, libnpmteam, npm-profile

docs/lib/content/commands/npm-exec.md

@@ -26,10 +26,11 @@ specified multiple times, to execute the supplied command in an environment
 where all specified packages are available.
 
 If any requested packages are not present in the local project
-dependencies, then they are installed to a folder in the npm cache, which
-is added to the `PATH` environment variable in the executed process.  A
-prompt is printed (which can be suppressed by providing either `--yes` or
-`--no`).
+dependencies, then a prompt is printed, which can be suppressed by
+providing either `--yes` or `--no`. When standard input is not a TTY or a
+CI environment is detected, `--yes` is assumed. The requested packages are
+installed to a folder in the npm cache, which is added to the `PATH`
+environment variable in the executed process.
 
 Package names provided without a specifier will be matched with whatever
 version exists in the local project.  Package names with a specifier will

docs/lib/content/using-npm/workspaces.md

@@ -176,6 +176,11 @@ command-line in order to target multiple workspaces, e.g:
 npm run test --workspace=a --workspace=b
 ```
 
+Or run the command for each workspace within the 'packages' folder:
+```
+npm run test --workspace=packages
+```
+
 It's also possible to use the `workspaces` (plural) configuration option to
 enable the same behavior but running that command in the context of **all**
 configured workspaces. e.g:

lib/utils/config/definitions.js

@@ -441,7 +441,7 @@ define('ci-name', {
   description: `
     The name of a continuous integration system.  If not set explicitly, npm
     will detect the current CI environment using the
-    [\`ci-info\`](http://npm.im/@npmcli/ci-info) module.
+    [\`ci-info\`](http://npm.im/ci-info) module.
   `,
   flatten,
 })

lib/utils/get-identity.js

@@ -12,7 +12,9 @@ module.exports = async (npm, opts) => {
   // No username, but we have other credentials; fetch the username from registry
   if (creds.token || creds.certfile && creds.keyfile) {
     const registryData = await npmFetch.json('/-/whoami', { ...opts })
-    return registryData.username
+    if (typeof registryData?.username === 'string') {
+      return registryData.username
+    }
   }
 
   // At this point, even if they have a credentials object, it doesn't have a

lib/utils/tar.js

@@ -120,7 +120,9 @@ const getContents = async (manifest, tarball) => {
     unpackedSize: totalEntrySize,
     shasum,
     integrity: ssri.parse(integrity.sha512[0]),
-    filename: `${manifest.name}-${manifest.version}.tgz`,
+    // @scope/packagename.tgz => scope-packagename.tgz
+    // we can safely use these global replace rules due to npm package naming rules
+    filename: `${manifest.name.replace('@', '').replace('/', '-')}-${manifest.version}.tgz`,
     files: uppers.concat(others),
     entryCount: totalEntries,
     bundled: Array.from(bundled),

mock-registry/lib/index.js

@@ -10,6 +10,7 @@ class MockRegistry {
   #authorization
   #basic
   #debug
+  #strict
 
   constructor (opts) {
     if (!opts.registry) {
@@ -19,20 +20,48 @@ class MockRegistry {
     this.#authorization = opts.authorization
     this.#basic = opts.basic
     this.#debug = opts.debug
+    this.#strict = opts.strict
     // Required for this.package
     this.#tap = opts.tap
+    if (this.#tap) {
+      this.startNock()
+    }
   }
 
-  static tnock (t, host, opts, { debug = false } = {}) {
-    if (debug) {
-      Nock.emitter.on('no match', req => console.error('NO MATCH', req.options))
+  static tnock (t, host, opts, { debug = false, strict = false } = {}) {
+    const noMatch = (req) => {
+      if (strict) {
+        // There are network requests that get caught regardless of error code.
+        // Turning on strict mode requires that those requests get explicitly
+        // mocked with a 404, 500, etc.
+        // XXX: this is opt-in currently because it breaks some existing CLI
+        // tests. We should work towards making this the default for all tests.
+        t.fail(`Unmatched request: ${JSON.stringify(req.options, null, 2)}`)
+      }
+      if (debug) {
+        console.error('NO MATCH', t.name, req.options)
+      }
     }
+
+    Nock.emitter.on('no match', noMatch)
     Nock.disableNetConnect()
     const server = Nock(host, opts)
+
+    if (strict) {
+      // this requires that mocks not be shared between sub tests but it helps
+      // find mistakes quicker instead of waiting for the entire test to end
+      t.afterEach((t) => {
+        t.strictSame(server.pendingMocks(), [], 'no pending mocks after each')
+        t.strictSame(server.activeMocks(), [], 'no active mocks after each')
+      })
+    }
+
     t.teardown(() => {
       Nock.enableNetConnect()
       server.done()
+      Nock.emitter.off('no match', noMatch)
     })
+
     return server
   }
 
@@ -41,31 +70,38 @@ class MockRegistry {
   }
 
   get nock () {
-    if (!this.#nock) {
-      if (!this.#tap) {
-        throw new Error('cannot mock packages without a tap fixture')
-      }
-      const reqheaders = {}
-      if (this.#authorization) {
-        reqheaders.authorization = `Bearer ${this.#authorization}`
-      }
-      if (this.#basic) {
-        reqheaders.authorization = `Basic ${this.#basic}`
-      }
-      this.#nock = MockRegistry.tnock(
-        this.#tap,
-        this.#registry,
-        { reqheaders },
-        { debug: this.#debug }
-      )
-    }
     return this.#nock
   }
 
   set nock (nock) {
     this.#nock = nock
   }
 
+  startNock () {
+    if (this.nock) {
+      return
+    }
+
+    if (!this.#tap) {
+      throw new Error('cannot mock packages without a tap fixture')
+    }
+
+    const reqheaders = {}
+    if (this.#authorization) {
+      reqheaders.authorization = `Bearer ${this.#authorization}`
+    }
+    if (this.#basic) {
+      reqheaders.authorization = `Basic ${this.#basic}`
+    }
+
+    this.nock = MockRegistry.tnock(
+      this.#tap,
+      this.#registry,
+      { reqheaders },
+      { debug: this.#debug, strict: this.#strict }
+    )
+  }
+
   search ({ responseCode = 200, results = [], error }) {
     // the flags, score, and searchScore parts of the response are never used
     // by npm, only package is used
@@ -296,13 +332,14 @@ class MockRegistry {
       manifest.users = users
     }
     for (const packument of packuments) {
+      const unscoped = name.includes('/') ? name.split('/')[1] : name
       manifest.versions[packument.version] = {
         _id: `${name}@${packument.version}`,
         name,
         description: 'test package mock manifest',
         dependencies: {},
         dist: {
-          tarball: `${this.#registry}/${name}/-/${name}-${packument.version}.tgz`,
+          tarball: `${this.#registry}/${name}/-/${unscoped}-${packument.version}.tgz`,
         },
         maintainers: [],
         ...packument,