From cb9f43551f46bf27095cd7bd6c1885a441004cd2 Mon Sep 17 00:00:00 2001 From: Pelle Wessman Date: Fri, 15 Oct 2021 12:51:41 +0200 Subject: [PATCH 1/6] fix: allow `--lockfile-version` config to be string and coerce to number As all CLI input is considered to be string, eg. a "npm install --lockfile-version 3" would fail with the error messages: ``` npm WARN invalid config lockfile-version="3" set in command line options npm WARN invalid config Must be one of: null, 1, 2, 3 ``` Until we have a config system that supports setting type and possible values of configs, we have to specify all string and number values for the `lockfile-version`, but we coerce all values to numbers in the flattener. Co-authored-by: @voxpelli Co-authored-by: @isaacs PR-URL: https://github.com/npm/cli/pull/3949 Credit: @lukekarrys Close: #3949 Reviewed-by: @isaacs --- docs/content/using-npm/config.md | 2 +- lib/utils/config/definitions.js | 6 ++++-- .../test/lib/utils/config/definitions.js.test.cjs | 2 +- .../test/lib/utils/config/describe-all.js.test.cjs | 2 +- test/lib/utils/config/definitions.js | 9 +++++++++ 5 files changed, 16 insertions(+), 5 deletions(-) diff --git a/docs/content/using-npm/config.md b/docs/content/using-npm/config.md index ddabe01d7d8d4..a5017e61db914 100644 --- a/docs/content/using-npm/config.md +++ b/docs/content/using-npm/config.md @@ -987,7 +987,7 @@ When passed to `npm config` this refers to which config file to use. * Default: Version 2 if no lockfile or current lockfile version less than or equal to 2, otherwise maintain current lockfile version -* Type: null, 1, 2, or 3 +* Type: null, 1, 2, 3, "1", "2", or "3" Set the lockfile format version to be used in package-lock.json and npm-shrinkwrap-json files. Possible options are: diff --git a/lib/utils/config/definitions.js b/lib/utils/config/definitions.js index c9806b3c2890f..a725ee0fa1d6f 100644 --- a/lib/utils/config/definitions.js +++ b/lib/utils/config/definitions.js @@ -1157,7 +1157,7 @@ define('location', { define('lockfile-version', { default: null, - type: [null, 1, 2, 3], + type: [null, 1, 2, 3, '1', '2', '3'], defaultDescription: ` Version 2 if no lockfile or current lockfile version less than or equal to 2, otherwise maintain current lockfile version @@ -1179,7 +1179,9 @@ define('lockfile-version', { on disk than lockfile version 2, but not interoperable with older npm versions. Ideal if all users are on npm version 7 and higher. `, - flatten, + flatten: (key, obj, flatOptions) => { + flatOptions.lockfileVersion = obj[key] && parseInt(obj[key], 10) + }, }) define('loglevel', { diff --git a/tap-snapshots/test/lib/utils/config/definitions.js.test.cjs b/tap-snapshots/test/lib/utils/config/definitions.js.test.cjs index aaf59e6a2be34..8c85225f2f998 100644 --- a/tap-snapshots/test/lib/utils/config/definitions.js.test.cjs +++ b/tap-snapshots/test/lib/utils/config/definitions.js.test.cjs @@ -1061,7 +1061,7 @@ exports[`test/lib/utils/config/definitions.js TAP > config description for lockf * Default: Version 2 if no lockfile or current lockfile version less than or equal to 2, otherwise maintain current lockfile version -* Type: null, 1, 2, or 3 +* Type: null, 1, 2, 3, "1", "2", or "3" Set the lockfile format version to be used in package-lock.json and npm-shrinkwrap-json files. Possible options are: diff --git a/tap-snapshots/test/lib/utils/config/describe-all.js.test.cjs b/tap-snapshots/test/lib/utils/config/describe-all.js.test.cjs index dc55893d00bf9..1ebb336092e39 100644 --- a/tap-snapshots/test/lib/utils/config/describe-all.js.test.cjs +++ b/tap-snapshots/test/lib/utils/config/describe-all.js.test.cjs @@ -861,7 +861,7 @@ When passed to \`npm config\` this refers to which config file to use. * Default: Version 2 if no lockfile or current lockfile version less than or equal to 2, otherwise maintain current lockfile version -* Type: null, 1, 2, or 3 +* Type: null, 1, 2, 3, "1", "2", or "3" Set the lockfile format version to be used in package-lock.json and npm-shrinkwrap-json files. Possible options are: diff --git a/test/lib/utils/config/definitions.js b/test/lib/utils/config/definitions.js index 622e603bc75c6..15b43715f45bd 100644 --- a/test/lib/utils/config/definitions.js +++ b/test/lib/utils/config/definitions.js @@ -892,3 +892,12 @@ t.test('workspaces derived', t => { t.equal(flat.workspacesEnabled, false) t.end() }) + +t.test('lockfile version', t => { + const flat = {} + definitions['lockfile-version'].flatten('lockfile-version', { + 'lockfile-version': '3', + }, flat) + t.match(flat.lockfileVersion, 3, 'flattens to a number') + t.end() +}) From 070901d7a6e3110a04ef41d8fcf14ffbfcce1496 Mon Sep 17 00:00:00 2001 From: Gar Date: Tue, 26 Oct 2021 12:46:58 -0700 Subject: [PATCH 2/6] fix(publish): clean args before logging PR-URL: https://github.com/npm/cli/pull/3943 Credit: @wraithgar Close: #3943 Reviewed-by: @lukekarrys --- lib/publish.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/publish.js b/lib/publish.js index 32e70129f2c03..5e064a34bc041 100644 --- a/lib/publish.js +++ b/lib/publish.js @@ -8,6 +8,7 @@ const pacote = require('pacote') const npa = require('npm-package-arg') const npmFetch = require('npm-registry-fetch') const chalk = require('chalk') +const replaceInfo = require('./utils/replace-info.js') const otplease = require('./utils/otplease.js') const { getContents, logTar } = require('./utils/tar.js') @@ -68,7 +69,7 @@ class Publish extends BaseCommand { if (args.length !== 1) throw this.usageError() - log.verbose('publish', args) + log.verbose('publish', replaceInfo(args)) const unicode = this.npm.config.get('unicode') const dryRun = this.npm.config.get('dry-run') From 8af94726b098031c7c0cae7ed50cc4e2e3499181 Mon Sep 17 00:00:00 2001 From: Luke Karrys Date: Wed, 27 Oct 2021 23:12:56 -0700 Subject: [PATCH 3/6] deps: arborist@4.0.3 PR-URL: https://github.com/npm/cli/pull/3953 Credit: @lukekarrys Close: #3953 Reviewed-by: @nlf --- .../@npmcli/arborist/lib/shrinkwrap.js | 35 ++++++++++++------- node_modules/@npmcli/arborist/package.json | 11 +++--- package-lock.json | 14 ++++---- package.json | 2 +- 4 files changed, 36 insertions(+), 26 deletions(-) diff --git a/node_modules/@npmcli/arborist/lib/shrinkwrap.js b/node_modules/@npmcli/arborist/lib/shrinkwrap.js index 93e1cb1a45ca2..e7dd435ca34fe 100644 --- a/node_modules/@npmcli/arborist/lib/shrinkwrap.js +++ b/node_modules/@npmcli/arborist/lib/shrinkwrap.js @@ -238,21 +238,31 @@ class Shrinkwrap { return swKeyOrder } - static reset (options) { + static async reset (options) { // still need to know if it was loaded from the disk, but don't // bother reading it if we're gonna just throw it away. const s = new Shrinkwrap(options) s.reset() - return s[_maybeStat]().then(([sw, lock]) => { - s.filename = resolve(s.path, - (s.hiddenLockfile ? 'node_modules/.package-lock' - : s.shrinkwrapOnly || sw ? 'npm-shrinkwrap' - : 'package-lock') + '.json') - s.loadedFromDisk = !!(sw || lock) - s.type = basename(s.filename) - return s - }) + const [sw, lock] = await s[_maybeStat]() + + s.filename = resolve(s.path, + (s.hiddenLockfile ? 'node_modules/.package-lock' + : s.shrinkwrapOnly || sw ? 'npm-shrinkwrap' + : 'package-lock') + '.json') + s.loadedFromDisk = !!(sw || lock) + s.type = basename(s.filename) + + try { + if (s.loadedFromDisk && !s.lockfileVersion) { + const json = parseJSON(await maybeReadFile(s.filename)) + if (json.lockfileVersion > defaultLockfileVersion) { + s.lockfileVersion = json.lockfileVersion + } + } + } catch (e) {} + + return s } static metaFromNode (node, path) { @@ -380,9 +390,10 @@ class Shrinkwrap { reset () { this.tree = null this[_awaitingUpdate] = new Map() - this.originalLockfileVersion = this.lockfileVersion + const lockfileVersion = this.lockfileVersion || defaultLockfileVersion + this.originalLockfileVersion = lockfileVersion this.data = { - lockfileVersion: this.lockfileVersion || defaultLockfileVersion, + lockfileVersion, requires: true, packages: {}, dependencies: {}, diff --git a/node_modules/@npmcli/arborist/package.json b/node_modules/@npmcli/arborist/package.json index 1954be5b3d7ca..cfa74a805b116 100644 --- a/node_modules/@npmcli/arborist/package.json +++ b/node_modules/@npmcli/arborist/package.json @@ -1,6 +1,6 @@ { "name": "@npmcli/arborist", - "version": "4.0.2", + "version": "4.0.3", "description": "Manage node_modules trees", "dependencies": { "@isaacs/string-locale-compare": "^1.0.1", @@ -45,11 +45,10 @@ "tcompare": "^5.0.6" }, "scripts": { - "test": "npm run test-only --", - "test-only": "tap", - "posttest": "npm run lint --", + "test": "tap", + "posttest": "npm run lint", "snap": "tap", - "postsnap": "npm run lintfix --", + "postsnap": "npm run lintfix", "test-proxy": "ARBORIST_TEST_PROXY=1 tap --snapshot", "preversion": "npm test", "postversion": "npm publish", @@ -88,7 +87,7 @@ "--no-warnings", "--no-deprecation" ], - "timeout": "240" + "timeout": "360" }, "engines": { "node": "^12.13.0 || ^14.15.0 || >=16" diff --git a/package-lock.json b/package-lock.json index 3fe8a086c70db..5f45cca04730d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -86,7 +86,7 @@ ], "dependencies": { "@isaacs/string-locale-compare": "^1.1.0", - "@npmcli/arborist": "^4.0.2", + "@npmcli/arborist": "^4.0.3", "@npmcli/ci-detect": "^1.4.0", "@npmcli/config": "^2.3.0", "@npmcli/map-workspaces": "^2.0.0", @@ -772,9 +772,9 @@ } }, "node_modules/@npmcli/arborist": { - "version": "4.0.2", - "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-4.0.2.tgz", - "integrity": "sha512-tmuUNr66acGh8oOo6rKLNOaleeUDSymxTBQJFzDpRET8kG1nzLwIRMpV+CZkzmQ0tbCQ1NMyDvBeyu+kaJ+Dtw==", + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-4.0.3.tgz", + "integrity": "sha512-gFz/dNJtpv2bYXlupcUpEaWlFDRUNmvVnQNbE6dY4ild6beZ2SkG4R5/CM4GZZwj9HD2TyfGjO350Ja+xlLzuA==", "inBundle": true, "dependencies": { "@isaacs/string-locale-compare": "^1.0.1", @@ -11082,9 +11082,9 @@ "dev": true }, "@npmcli/arborist": { - "version": "4.0.2", - "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-4.0.2.tgz", - "integrity": "sha512-tmuUNr66acGh8oOo6rKLNOaleeUDSymxTBQJFzDpRET8kG1nzLwIRMpV+CZkzmQ0tbCQ1NMyDvBeyu+kaJ+Dtw==", + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-4.0.3.tgz", + "integrity": "sha512-gFz/dNJtpv2bYXlupcUpEaWlFDRUNmvVnQNbE6dY4ild6beZ2SkG4R5/CM4GZZwj9HD2TyfGjO350Ja+xlLzuA==", "requires": { "@isaacs/string-locale-compare": "^1.0.1", "@npmcli/installed-package-contents": "^1.0.7", diff --git a/package.json b/package.json index b92ca93f613c5..7856494e717b1 100644 --- a/package.json +++ b/package.json @@ -55,7 +55,7 @@ }, "dependencies": { "@isaacs/string-locale-compare": "^1.1.0", - "@npmcli/arborist": "^4.0.2", + "@npmcli/arborist": "^4.0.3", "@npmcli/ci-detect": "^1.4.0", "@npmcli/config": "^2.3.0", "@npmcli/map-workspaces": "^2.0.0", From ee10604a4d1831444242e008671affc5b1f2e112 Mon Sep 17 00:00:00 2001 From: Luke Karrys Date: Thu, 28 Oct 2021 12:15:56 -0700 Subject: [PATCH 4/6] docs: changelog for v8.1.2 --- CHANGELOG.md | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 502b683eee2e6..11a14fcf89c34 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,27 @@ +## v8.1.2 (2021-10-28) + +### BUG FIXES + +* [`cb9f43551`](https://github.com/npm/cli/commit/cb9f43551f46bf27095cd7bd6c1885a441004cd2) + [#3949](https://github.com/npm/cli/issues/3949) + allow `--lockfile-version` config to be string and coerce to number ([@lukekarrys](https://github.com/lukekarrys)) +* [`070901d7a`](https://github.com/npm/cli/commit/070901d7a6e3110a04ef41d8fcf14ffbfcce1496) + [#3943](https://github.com/npm/cli/issues/3943) + fix(publish): clean args before logging + ([@wraithgar](https://github.com/wraithgar)) + +### DEPENDENCIES + +* [`8af94726b`](https://github.com/npm/cli/commit/8af94726b098031c7c0cae7ed50cc4e2e3499181) + [#3953](https://github.com/npm/cli/issues/3953) + `arborist@4.0.3` + * [`38cee94`](https://github.com/npm/arborist/commit/38cee94afa53d578830cc282348a803a8a6eefad) + [#340](https://github.com/npm/arborist/pull/340) + fix: set lockfileVersion from file during reset + * [`d310bd3`](https://github.com/npm/arborist/commit/d310bd3290c3a81e8285ceeb6eda9c9b5aa867d7) + [#339](https://github.com/npm/arborist/pull/339) + fix: always set originalLockfileVersion when doing shrinkwrap reset + ## v8.1.1 (2021-10-21) ### DEPENDENCIES From f09c21dbba1b5e7f7899ff75412a25cc7daadfb7 Mon Sep 17 00:00:00 2001 From: Luke Karrys Date: Thu, 28 Oct 2021 12:16:17 -0700 Subject: [PATCH 5/6] update AUTHORS --- AUTHORS | 1 + 1 file changed, 1 insertion(+) diff --git a/AUTHORS b/AUTHORS index 68aa4bbe465a2..6766b64f793c2 100644 --- a/AUTHORS +++ b/AUTHORS @@ -805,3 +805,4 @@ Edward Thomson Behnam Mohammadi gfyoung Luke Karrys +Pelle Wessman From 2c6421576e8d4bb80718993047fad95c198cfb35 Mon Sep 17 00:00:00 2001 From: Luke Karrys Date: Thu, 28 Oct 2021 12:16:17 -0700 Subject: [PATCH 6/6] 8.1.2 --- package-lock.json | 4 ++-- package.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index 5f45cca04730d..57f700f1fa873 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "npm", - "version": "8.1.1", + "version": "8.1.2", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "npm", - "version": "8.1.1", + "version": "8.1.2", "bundleDependencies": [ "@isaacs/string-locale-compare", "@npmcli/arborist", diff --git a/package.json b/package.json index 7856494e717b1..cb8b46e8a480f 100644 --- a/package.json +++ b/package.json @@ -1,5 +1,5 @@ { - "version": "8.1.1", + "version": "8.1.2", "name": "npm", "description": "a package manager for JavaScript", "workspaces": [