| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Fix #1650
PR-URL: https://github.com/npm/cli/pull/1652
Credit: @isaacs
Close: #1652
Reviewed-by: @mylesborins
|
|
|
|
|
|
|
|
Updates the new package-lock.json format where version is repeated.
|
|
This adds support for `npm audit --production`, by having Arborist
respect the `omit` option when running audit reports.
|
|
Fix: #1641
|
|
|
|
|
|
|
|
PR-URL: https://github.com/npm/cli/pull/1638
Credit: @isaacs
Close: #1638
Reviewed-by: @ruyadorno
|
|
Pending unit tests still, but at least it works to a rough approximation
now, instead of not working at all.
|
|
|
|
PR-URL: https://github.com/npm/cli/pull/1632
Credit: @isaacs
Close: #1632
Reviewed-by: @ruyadorno
|
|
This drops our usage of the update-notifier module, in favor of checking
ourselves, using the modules and UX patterns that npm already has in
place.
- While on a prerelease version, updates are checked for every day,
instead of every week, and always checks for a new beta in the current
release family. Ie, ^7.0.0-beta.2 instead of latest.
- Latest version is suggested if newer than current.
- If current version is newer than latest, then we check again for an
update in the current version family. Ie, ^7.0.0 instead of latest,
if current is 7.0.0 and latest is 6.x.
- Output is printed using log.notice, at the end of all other log
output, so that it's both less visually disruptive, and less likely to
be missed among other warnings and notices.
This has the side effect of requiring that we set npm.flatOptions as
soon as config is loaded, rather than waiting for a command to be run.
Since the cli runs a command immediately after loading anyway, this is
not a relevant change for our purposes, but worth mentioning here.
|
|
The existence of 'install-test' and 'install-clean' make 'npm inst' no longer
de-reference to 'npm install'. Similarly, the existence of 'help-search'
prevents 'hel' from being a shorthand for 'help'.
This adds some artisanally hand-crafted abbreviations for these cases.
Fix: #1617
PR-URL: https://github.com/npm/cli/pull/1622
Credit: @isaacs
Close: #1622
Reviewed-by: @ruyadorno
|
|
|
|
|
|
|
|
This makes the project installable with npm v6
|
|
We really need to replace this with something lighter.
PR-URL: https://github.com/npm/cli/pull/1612
Credit: @isaacs
Close: #1612
Reviewed-by: @ruyadorno
|
|
This should probably be done in libnpmpack. Can be removed
from here when it is.
|
|
Also, pass the options to `libnpmpack`, or else we end up getting
invalid integrity values for remote tarballs for some reason.
This fixes CITGM with npm v7.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- Refactored dist-tag tests into unit tests in test/lib
- Small tweaks and fixes to dist-tag found while writing tests
- Refactored lib/utils/read-local-package.js and its tests
- Tweaked usage in consuming lib/owner.js
PR-URL: https://github.com/npm/cli/pull/1611
Credit: @ruyadorno
Close: #1611
Reviewed-by: @isaacs
|
|
|
|
Fix #1595
|
|
Since npm v7 is imminent, it's a great opportunity to add the "exports"
field, which is otherwise very hard to make nonbreaking.
I used the verbose form for ".", because node v13.0 and v13.1 require
the string fallback, and if you ever want to add an ESM wrapper, this
will make it trivial to add the "import" key to the object form
correctly. I used the "default" key because some node versions will
produce an unfortunate experimental warning if you use the "node" or
"require" keys.
I also included package.json since a ton of tools rely on this
information being requireable.
PR-URL: https://github.com/npm/cli/pull/1413
Credit: @ljharb
Close: #1413
Reviewed-by: @isaacs
|
|
Related: #140
PR-URL: https://github.com/npm/cli/pull/163
Credit: @ybiquitous
Close: #163
Reviewd-By: @isaacs
|
|
Also, get Windows up to full coverage.
PR-URL: https://github.com/npm/cli/pull/1598
Credit: @isaacs
Close: #1598
Reviewed-by: @ruyadorno
|
|
Arrays of string literals are fine, and we're only using it in one place.
|
|
Still pending test coverage for most of these, but wanted to give them a
clean sweep to get the "load-all-commands" tests passing.
The following changes are in here:
- All commands now have a `completion()` method and a usage string that
uses the same `usage` util consistently.
- The `silent` argument to many commands has been removed.
- All commands use the `cmd = ${cmd}(args).then(() => cb()).catch(cb)`
pattern consistently.
Full test coverage for all commands is still lacking, and will have to
be done prior to the GA v7 release.
|
|
|
|
|
|
|
|
There's still a task pending to get it actually up to date with
non-conflicting peer deps and everything updated to remove deprecated
and outdated packages. But at least it builds at all now.
|
|
|
|
|
|
|
|
Fix #1597
|
|
|
|
|
|
The `tap` package bundles `import-jsx`, which in turn bundles
`@babel/core` and a bunch of other stuff.
However, even though `@babel/core` is in the bundle, it's getting placed
in the tree at the root. This is a mistake.
Because the node is placed, and not given the `extraneous` flag, in the
ideal tree building process, when reified, it goes ahead and puts it in
place. When reading the actual tree, we see a valid hidden lockfile,
which contains the module, and it doens't have the extraneous flag. So
everything seems fine.
Remove the hidden lockfile, and the problem presents itself.
Corrected here through some arduous and painstaking manual installs, so
at least we have the tree in the state it *should* be for now. But this
is a bug in arborist that must be fixed asap.
Re: https://github.com/npm/cli/issues/1597
|
|
|
