From 0379eab698b78ae4aa89bbe2043607f420e52f11 Mon Sep 17 00:00:00 2001 From: Gar Date: Tue, 23 Mar 2021 15:48:52 -0700 Subject: [PATCH 1/6] fix(install): ignore auditLevel `npm install` should not be affected by the `auditLevel` config, as the results of audit do not change its exit status. PR-URL: https://github.com/npm/cli/pull/2929 Credit: @wraithgar Close: #2929 Reviewed-by: @ljharb, @ruyadorno --- lib/install.js | 12 ++++++------ test/lib/install.js | 6 ++++-- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/lib/install.js b/lib/install.js index 54ea6d8251051..d3f11983df918 100644 --- a/lib/install.js +++ b/lib/install.js @@ -126,15 +126,15 @@ class Install extends BaseCommand { if (this.npm.config.get('dev')) log.warn('install', 'Usage of the `--dev` option is deprecated. Use `--include=dev` instead.') - const arb = new Arborist({ + const opts = { ...this.npm.flatOptions, + auditLevel: null, path: where, - }) - - await arb.reify({ - ...this.npm.flatOptions, add: args, - }) + } + const arb = new Arborist(opts) + await arb.reify(opts) + if (!args.length && !isGlobalInstall && !ignoreScripts) { const scriptShell = this.npm.config.get('script-shell') || undefined const scripts = [ diff --git a/test/lib/install.js b/test/lib/install.js index b44452a69cc6f..619f0bb346984 100644 --- a/test/lib/install.js +++ b/test/lib/install.js @@ -32,7 +32,7 @@ test('should install using Arborist', (t) => { const npm = mockNpm({ config: { dev: true }, - flatOptions: { global: false }, + flatOptions: { global: false, auditLevel: 'low' }, globalDir: 'path/to/node_modules/', prefix: 'foo', }) @@ -42,7 +42,9 @@ test('should install using Arborist', (t) => { install.exec(['fizzbuzz'], er => { if (er) throw er - t.match(ARB_ARGS, { global: false, path: 'foo' }) + t.match(ARB_ARGS, + { global: false, path: 'foo', auditLevel: null }, + 'Arborist gets correct args and ignores auditLevel') t.equal(REIFY_CALLED, true, 'called reify') t.strictSame(SCRIPTS, [], 'no scripts when adding dep') t.end() From 98efadeb4b2ae9289f14ed6f42a169230faf7239 Mon Sep 17 00:00:00 2001 From: Gar Date: Tue, 23 Mar 2021 10:28:37 -0700 Subject: [PATCH 2/6] fix(audit-level): add `info` audit level This is a valid level but wasn't configured to be allowed. Also added this param to the usage output for `npm audit` PR-URL: https://github.com/npm/cli/pull/2923 Credit: @wraithgar Close: #2923 Reviewed-by: @ruyadorno --- lib/audit.js | 1 + lib/utils/config/definitions.js | 2 +- tap-snapshots/test-lib-utils-config-describe-all.js-TAP.test.js | 2 +- tap-snapshots/test-lib-utils-npm-usage.js-TAP.test.js | 2 +- 4 files changed, 4 insertions(+), 3 deletions(-) diff --git a/lib/audit.js b/lib/audit.js index f990e1fa5efaa..9df2698589278 100644 --- a/lib/audit.js +++ b/lib/audit.js @@ -18,6 +18,7 @@ class Audit extends BaseCommand { /* istanbul ignore next - see test/lib/load-all-commands.js */ static get params () { return [ + 'audit-level', 'dry-run', 'force', 'json', diff --git a/lib/utils/config/definitions.js b/lib/utils/config/definitions.js index b8e021c5212bf..e8cdbec3e1d52 100644 --- a/lib/utils/config/definitions.js +++ b/lib/utils/config/definitions.js @@ -220,7 +220,7 @@ define('audit', { define('audit-level', { default: null, - type: ['low', 'moderate', 'high', 'critical', 'none', null], + type: ['info', 'low', 'moderate', 'high', 'critical', 'none', null], description: ` The minimum level of vulnerability for \`npm audit\` to exit with a non-zero exit code. diff --git a/tap-snapshots/test-lib-utils-config-describe-all.js-TAP.test.js b/tap-snapshots/test-lib-utils-config-describe-all.js-TAP.test.js index 8af8c1edd3e52..cfb34dfadb697 100644 --- a/tap-snapshots/test-lib-utils-config-describe-all.js-TAP.test.js +++ b/tap-snapshots/test-lib-utils-config-describe-all.js-TAP.test.js @@ -64,7 +64,7 @@ registry and all registries configured for scopes. See the documentation for #### \`audit-level\` * Default: null -* Type: "low", "moderate", "high", "critical", "none", or null +* Type: "info", "low", "moderate", "high", "critical", "none", or null The minimum level of vulnerability for \`npm audit\` to exit with a non-zero exit code. diff --git a/tap-snapshots/test-lib-utils-npm-usage.js-TAP.test.js b/tap-snapshots/test-lib-utils-npm-usage.js-TAP.test.js index 260e2ab8f8d50..5a860bd2ee554 100644 --- a/tap-snapshots/test-lib-utils-npm-usage.js-TAP.test.js +++ b/tap-snapshots/test-lib-utils-npm-usage.js-TAP.test.js @@ -204,7 +204,7 @@ All commands: npm audit [fix] Options: - [--dry-run] [-f|--force] [--json] [--package-lock-only] [--production] + [--audit-level ] [--dry-run] [-f|--force] [--json] [--package-lock-only] [--production] Run "npm help audit" for more info From e8d2adcf40ad63030f844c9aa44c6d16e2146797 Mon Sep 17 00:00:00 2001 From: nlf Date: Wed, 24 Mar 2021 10:47:47 -0700 Subject: [PATCH 3/6] fix: config should not error when workspaces are configured PR-URL: https://github.com/npm/cli/pull/2945 Credit: @nlf Close: #2945 Reviewed-by: @wraithgar --- lib/config.js | 4 ++++ test/lib/config.js | 7 +++++++ 2 files changed, 11 insertions(+) diff --git a/lib/config.js b/lib/config.js index d5ef6ec50a5e6..6bfde9845ce33 100644 --- a/lib/config.js +++ b/lib/config.js @@ -88,6 +88,10 @@ class Config extends BaseCommand { this.config(args).then(() => cb()).catch(cb) } + execWorkspaces (args, filters, cb) { + this.exec(args, cb) + } + async config ([action, ...args]) { this.npm.log.disableProgress() try { diff --git a/test/lib/config.js b/test/lib/config.js index 14cd816171da5..98ece0f4f05c7 100644 --- a/test/lib/config.js +++ b/test/lib/config.js @@ -93,6 +93,13 @@ t.test('config no args', t => { }) }) +t.test('config ignores workspaces', t => { + config.execWorkspaces([], [], (err) => { + t.match(err, /usage instructions/, 'should not error out when workspaces are defined') + t.end() + }) +}) + t.test('config list', t => { t.plan(2) From aba2bc623ea99e563b1b15b81dbb4ba94f86fe4c Mon Sep 17 00:00:00 2001 From: Gar Date: Wed, 24 Mar 2021 10:42:28 -0700 Subject: [PATCH 4/6] fix(progress): re-add progress bar to reify The logger was no longer in flatOptions, we pass it in explicitly now PR-URL: https://github.com/npm/cli/pull/2944 Credit: @wraithgar Close: #2944 Reviewed-by: @nlf --- lib/ci.js | 11 ++++++++--- lib/dedupe.js | 1 + lib/exec.js | 12 ++++++++++-- lib/install.js | 1 + lib/link.js | 9 ++++++++- lib/prune.js | 8 +++++--- lib/uninstall.js | 11 +++++++---- lib/update.js | 1 + test/lib/update.js | 7 ++++--- 9 files changed, 45 insertions(+), 16 deletions(-) diff --git a/lib/ci.js b/lib/ci.js index b73b3a8591114..9ae31950ef102 100644 --- a/lib/ci.js +++ b/lib/ci.js @@ -42,8 +42,14 @@ class CI extends BaseCommand { } const where = this.npm.prefix - const arb = new Arborist({ ...this.npm.flatOptions, path: where }) + const opts = { + ...this.npm.flatOptions, + path: where, + log: this.npm.log, + save: false, // npm ci should never modify the lockfile or package.json + } + const arb = new Arborist(opts) await Promise.all([ arb.loadVirtual().catch(er => { log.verbose('loadVirtual', er.stack) @@ -55,8 +61,7 @@ class CI extends BaseCommand { }), removeNodeModules(where), ]) - // npm ci should never modify the lockfile or package.json - await arb.reify({ ...this.npm.flatOptions, save: false }) + await arb.reify(opts) const ignoreScripts = this.npm.config.get('ignore-scripts') // run the same set of scripts that `npm install` runs. diff --git a/lib/dedupe.js b/lib/dedupe.js index b80a777fcc2f7..9649025739c60 100644 --- a/lib/dedupe.js +++ b/lib/dedupe.js @@ -30,6 +30,7 @@ class Dedupe extends BaseCommand { const where = this.npm.prefix const opts = { ...this.npm.flatOptions, + log: this.npm.log, path: where, dryRun, } diff --git a/lib/exec.js b/lib/exec.js index 0a61de7c1200c..5967ee4234592 100644 --- a/lib/exec.js +++ b/lib/exec.js @@ -175,7 +175,11 @@ class Exec extends BaseCommand { if (needInstall) { const installDir = this.cacheInstallDir(packages) await mkdirp(installDir) - const arb = new Arborist({ ...this.npm.flatOptions, path: installDir }) + const arb = new Arborist({ + ...this.npm.flatOptions, + log: this.npm.log, + path: installDir, + }) const tree = await arb.loadActual() // at this point, we have to ensure that we get the exact same @@ -212,7 +216,11 @@ class Exec extends BaseCommand { throw new Error('canceled') } } - await arb.reify({ ...this.npm.flatOptions, add }) + await arb.reify({ + ...this.npm.flatOptions, + log: this.npm.log, + add, + }) } pathArr.unshift(resolve(installDir, 'node_modules/.bin')) } diff --git a/lib/install.js b/lib/install.js index d3f11983df918..a023015ed823a 100644 --- a/lib/install.js +++ b/lib/install.js @@ -128,6 +128,7 @@ class Install extends BaseCommand { const opts = { ...this.npm.flatOptions, + log: this.npm.log, auditLevel: null, path: where, add: args, diff --git a/lib/link.js b/lib/link.js index fe9cfd3a6b254..3e9ec1807fca1 100644 --- a/lib/link.js +++ b/lib/link.js @@ -66,6 +66,7 @@ class Link extends BaseCommand { const globalOpts = { ...this.npm.flatOptions, path: globalTop, + log: this.npm.log, global: true, prune: false, } @@ -113,12 +114,14 @@ class Link extends BaseCommand { // reify all the pending names as symlinks there const localArb = new Arborist({ ...this.npm.flatOptions, + log: this.npm.log, path: this.npm.prefix, save, }) await localArb.reify({ ...this.npm.flatOptions, path: this.npm.prefix, + log: this.npm.log, add: names.map(l => `file:${resolve(globalTop, 'node_modules', l)}`), save, }) @@ -131,9 +134,13 @@ class Link extends BaseCommand { const arb = new Arborist({ ...this.npm.flatOptions, path: globalTop, + log: this.npm.log, global: true, }) - await arb.reify({ add: [`file:${this.npm.prefix}`] }) + await arb.reify({ + add: [`file:${this.npm.prefix}`], + log: this.npm.log, + }) await reifyFinish(this.npm, arb) } diff --git a/lib/prune.js b/lib/prune.js index 1da86a3e82187..5c4a549d4d7ad 100644 --- a/lib/prune.js +++ b/lib/prune.js @@ -30,11 +30,13 @@ class Prune extends BaseCommand { async prune () { const where = this.npm.prefix - const arb = new Arborist({ + const opts = { ...this.npm.flatOptions, path: where, - }) - await arb.prune(this.npm.flatOptions) + log: this.npm.log, + } + const arb = new Arborist(opts) + await arb.prune(opts) await reifyFinish(this.npm, arb) } } diff --git a/lib/uninstall.js b/lib/uninstall.js index dfdd8ebd5a1db..79a4420d89f39 100644 --- a/lib/uninstall.js +++ b/lib/uninstall.js @@ -61,12 +61,15 @@ class Uninstall extends BaseCommand { } } - const arb = new Arborist({ ...this.npm.flatOptions, path }) - - await arb.reify({ + const opts = { ...this.npm.flatOptions, + path, + log: this.npm.log, rm: args, - }) + + } + const arb = new Arborist(opts) + await arb.reify(opts) await reifyFinish(this.npm, arb) } } diff --git a/lib/update.js b/lib/update.js index 6a87dd9ecddcf..f8cb12d267d8a 100644 --- a/lib/update.js +++ b/lib/update.js @@ -51,6 +51,7 @@ class Update extends BaseCommand { const arb = new Arborist({ ...this.npm.flatOptions, + log: this.npm.log, path: where, }) diff --git a/test/lib/update.js b/test/lib/update.js index 695218a7f69cd..780484afbeb03 100644 --- a/test/lib/update.js +++ b/test/lib/update.js @@ -10,6 +10,7 @@ const config = { const noop = () => null const npm = mockNpm({ globalDir: '', + log: noop, config, prefix: '', }) @@ -38,7 +39,7 @@ t.test('no args', t => { constructor (args) { t.deepEqual( args, - { ...npm.flatOptions, path: npm.prefix }, + { ...npm.flatOptions, path: npm.prefix, log: noop }, 'should call arborist contructor with expected args' ) } @@ -72,7 +73,7 @@ t.test('with args', t => { constructor (args) { t.deepEqual( args, - { ...npm.flatOptions, path: npm.prefix }, + { ...npm.flatOptions, path: npm.prefix, log: noop }, 'should call arborist contructor with expected args' ) } @@ -140,7 +141,7 @@ t.test('update --global', t => { const { path, ...opts } = args t.deepEqual( opts, - npm.flatOptions, + { ...npm.flatOptions, log: noop }, 'should call arborist contructor with expected options' ) From 877b4ed2925c97b5249a4d33575420dda64f7339 Mon Sep 17 00:00:00 2001 From: Gar Date: Wed, 24 Mar 2021 10:57:05 -0700 Subject: [PATCH 5/6] fix(flatOptions): re-add `_auth` This was not being added to flatOptions, and things like `npm-registry-fetch` are looking for it. PR-URL: https://github.com/npm/cli/pull/2946 Credit: @wraithgar Close: #2946 Reviewed-by: @nlf --- lib/utils/config/definitions.js | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/utils/config/definitions.js b/lib/utils/config/definitions.js index e8cdbec3e1d52..3b6d61583e252 100644 --- a/lib/utils/config/definitions.js +++ b/lib/utils/config/definitions.js @@ -143,6 +143,7 @@ define('_auth', { is safer to use a registry-provided authentication bearer token stored in the ~/.npmrc file by running \`npm login\`. `, + flatten, }) define('access', { From c76f04ac28ddf2ae4df4b3ce0aec684a118de1b5 Mon Sep 17 00:00:00 2001 From: Yash Singh Date: Tue, 23 Mar 2021 11:59:38 -0700 Subject: [PATCH 6/6] fix(set-script): add completion PR-URL: https://github.com/npm/cli/pull/2925 Credit: @Yash-Singh1 Close: #2925 Reviewed-by: @ruyadorno --- lib/set-script.js | 11 +++++++++++ test/lib/set-script.js | 37 +++++++++++++++++++++++++++++++++++++ 2 files changed, 48 insertions(+) diff --git a/lib/set-script.js b/lib/set-script.js index df101a0acb709..9d4aadad558fb 100644 --- a/lib/set-script.js +++ b/lib/set-script.js @@ -2,6 +2,7 @@ const log = require('npmlog') const fs = require('fs') const parseJSON = require('json-parse-even-better-errors') const rpj = require('read-package-json-fast') +const { resolve } = require('path') const BaseCommand = require('./base-command.js') class SetScript extends BaseCommand { @@ -20,6 +21,16 @@ class SetScript extends BaseCommand { return ['[