Age | Commit message (Collapse) | Author |
|
|
|
|
|
@npmcli/git@4.0.3, pacote@15.0.5, which@3.0.0
|
|
|
|
The readme already points to the canonical url (https://www.npmjs.com/install.sh)
which is sourced from https://github.com/npm/npm-install-script so this
file does not need to live in this repo anymore.
|
|
Previously it would report the errors and require rerunning the script.
It's been safe enough that we know automatically remove the files. We
then run the `git ls-files` command again to make sure they were all
removed. Only if any are left do we error with a message requiring a
manual fix.
|
|
|
|
|
|
|
|
This moves all the dependencies of the `docs/` workspace to dev deps. I
had originally moved them out of devDeps as part of #5309, but this
seems to go against the grain of other tooling. We would have to special
case both `audit` and `licensee` to run on a custom subset of our
dependency tree.
Maybe one day when all tools can be piped the output of an `npm query`
this will be possible. It would be nice if we could only audit
dependencies that are bundled as part of the CLI.
But for now it's easier to move these to devDeps and then reinstall only
the docs workspace after pruning during the publish step.
|
|
|
|
We will be updating to mdx@2 soon which is esm only, but built in to
Gatsby. Due to the new documentation build process here and in
`npm/documentation`, there is much less need for us to verify all our
docs here. Therefore, it is best to remove this dependency now to avoid
needing to update it here at the same time as the docs site.
|
|
|
|
Goals of this rewrite:
- Better portability of scripts to anywhere we can run `node` and no
reliance on `make` or other tools
- More code inside `scripts/` and less inside of CI workflows to allow
for easier local testing
- Reuse the same scripts for similar workflows (eg `publish` and
`smoke-publish`)
Future goals:
- Allow testing of `scripts`
Some highlights of the new scripts:
`scripts/create-node-pr.js`
- This now operates on cloned copy of the base repo that is pushed to
our fork, so we no longer need to manually sync our fork.
- Uses the published registry tarball for as much of the PR as possible,
falling back to including local files from source. This will enable
for easier migration to eventually only using the tarball contents.
`scripts/publish.js`
- Replaces `make publish`
- Will publish all workspaces that need to be published, before
publishing the CLI.
- Makes running tests an optional part of the script, since CI now runs
the tests.
- Can optionally only pack the tarball, for use in CI to test installing
the tarball.
`scripts/util.js`
- Shared utilities for spawning commands including helpers for `npm` and
`gh`.
- Common interface for running, parsing args, logging, and debugging
of scripts.
|
|
Previously this was using `new URL` which would fail on some urls that
`hosted-git-info` is able to parse. But if we still get a url that can't
be parsed, we now set it to be removed from the tree instead of
erroring.
Fixes: #5278
|
|
fixed some typos
|
|
|
|
|
|
|
|
|
|
|
|
Co-authored-by: shalvah <diakon.ng@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
Co-authored-by: Luke Karrys <luke@lukekarrys.com>
|
|
This also adds a new output method `outputBuffer()` which will buffer
all output until it is flushed in the exit handler. This allows the exit
handler to catch any errors and append them to the output when in json
mode. This was necessary to not introduce a regression in the case of
npm/cli#2150.
BREAKING CHANGE: `npm` now outputs some json errors on stdout.
Previously `npm` would output all json formatted errors on stderr,
making it difficult to parse as the stderr stream usually has logs
already written to it. In the future, `npm` will differentiate between
errors and crashes. Errors, such as `E404` and `ERESOLVE`, will be
handled and will continue to be output on stdout. In the case of a
crash, `npm` will log the error as usual but will not attempt to display
it as json, even in `--json` mode. Moving a case from the category of an
error to a crash will not be considered a breaking change. For more
information see npm/rfcs#482.
Closes #2740
Closes https://github.com/npm/statusboard/issues/589
|
|
BREAKING CHANGE: `npm config set` will no longer accept deprecated or
invalid config options.
|
|
* fix: duplicate hook names
* fix: incorrect names in mocks
|
|
Previously, `npmlog` was attempting to enable the progress bar even when
logs were paused. This displayed the most recent log (most often an
error) for the rest of the process.
Fixes #4527
|
|
BREAKING CHANGE: `timing` and `loglevel` changes
- `timing` has been removed as a value for `--loglevel`
- `--timing` will show timing information regardless of
`--loglevel`, except when `--silent`
Closes https://github.com/npm/statusboard/issues/455
Closes https://github.com/npm/statusboard/issues/454
|
|
I manually installed `@npmcli/fs` and `minipass-fetch` to the root of
our the dependency tree so that the deduped version would now live at
the root of `node_modules/` and any conflicting versions would be deduped
inside of its nested parent `node_modules/` directory. Once this was
locked in `package-lock.json` removing them from the `package.json` does
not undo the hoisting and deduping.
This has no effect on the resolved versions bundled with `npm` but it
does make it easier to visually scan the output of `query` commands to
be sure we are not inadvertently deduping dependencies in the future.
|
|
auth docs
|
|
|
|
|
|
|
|
`npm`, `npm@`, and `npm@*` are all now the same spec
|
|
--global-style, --legacy-bundling (#5709)
BREAKING CHANGE: deprecate boolean install flags in favor of `--install-strategy`
* deprecate --global-style, --global now sets --install-strategy=shallow
* deprecate --legacy-bundling, now sets --install-strategy=nested
|
|
closes npm/statusboard#540
BREAKING CHANGE: npm will no longer attempt to modify ownership of files it creates
|
|
- @npmcli/config@6.0.1
- @npmcli/disparity-colors@3.0.0
- @npmcli/git@4.0.1
- @npmcli/installed-package-contents@2.0.0
- @npmcli/map-workspaces@3.0.0
- @npmcli/metavuln-calculator@5.0.0
- @npmcli/move-file@3.0.0
- @npmcli/node-gyp@3.0.0
- @npmcli/package-json@3.0.0
- @npmcli/promise-spawn@4.0.0
- @npmcli/query@3.0.0
- @npmcli/run-script@5.0.0
- bin-links@4.0.1
- cacache@17.0.1
- ignore-walk@6.0.0
- init-package-json@4.0.1
- json-parse-even-better-errors@3.0.0
- make-fetch-happen@11.0.1
- normalize-package-data@5.0.0
- npm-audit-report@4.0.0
- npm-install-checks@6.0.0
- npm-packlist@7.0.1
- npm-pick-manifest@8.0.1
- npm-profile@7.0.1
- npm-registry-fetch@14.0.2
- npmlog@7.0.0
- pacote@15.0.1
- parse-conflict-json@3.0.0
- proc-log@3.0.0
- read-package-json-fast@3.0.1
- read-package-json@6.0.0
- ssri@10.0.0
- treeverse@3.0.0
- validate-npm-package-name@5.0.0
- write-file-atomic@5.0.0
Removed dependencies:
- `@npmcli/fs`
|
|
@npmcli/eslint-config@4.0.0
|
|
BREAKING CHANGE: this package no longer attempts to change file ownership automatically
|
|
BREAKING CHANGE: this package no longer attempts to change file ownership automatically
|
|
|
|
After #5309 moved docs dependencies to proudction deps, we started
failing our daily audit CI check. Currently these deps are production
so they are available when we run `pack`, but they don't need to be
audited since they are never present in our published tarball.
This change runs `audit` on the root CLI and all workspaces within the
`workspaces/` directory, which are the only production workspaces.
|
|
|
|
BREAKING CHANGE: the presence of auth related settings that are not scoped to a specific registry found in a config file is no longer supported and will throw errors
|
|
|