Age | Commit message (Collapse) | Author |
|
BREAKING CHANGE: this changes the default value of `install-links` to
true
Closes https://github.com/npm/statusboard/issues/510
|
|
|
|
fix: correct link to dependency selectors
|
|
Lots of bugfixes here, we properly parse ranges and versions, and we
also now work with git repos and gists, and know when they are already
installed.
|
|
Co-authored-by: Gar <gar+gh@danger.computer>
|
|
Use the full proper name of Travis CI
Signed-off-by: Takuya Noguchi <takninnovationresearch@gmail.com>
|
|
|
|
|
|
|
|
* docs: update commit-ish default branch
To match with https://github.com/npm/cli/blob/latest/docs/content/using-npm/developers.md#what-is-a-package
|
|
fix: Update docs for audit signatures cmd
Update command documentation for `npm audit signatures` added in this PR:
https://github.com/npm/cli/pull/4827
|
|
|
|
|
|
|
|
* feat: add npm audit signatures
Implements [RFC: Improve signature verification](https://github.com/npm/rfcs/pull/550/)
Adds a new sub-command to `audit`: `npm audit signatures` (following [`npm audit licenses`](https://github.com/npm/cli/pull/3452))
This command will verify registry signatures stored in the packument against a public key on the registry.
Supporting:
- Any registry that implements `host/-/npm/v1/keys` endpoint and provides `signatures` in the packument `dist` object
- Validates public keys are not expired
- Errors when encountering packages with missing signatures when the registry returns keys at `host/-/npm/v1/keys`
- Errors when encountering invalid signatures
- Output: json/human formats
|
|
|
|
Many of our commands parse their args via
[npm-package-arg](https://npm.im/npm-package-arg), which is a good
standard way of parsing a "package" argument. However the docs
surrounding these args are not very consistent. This can lead to
confusion in commands such as `npm publish` where the behavior is
slightly different than in the past due to this.
This adds a new help command `npm help package-spec` that describes what
this argument is, and can be, and also updates all the commands that
interpret their args this with to refer to them as `<package-spec>`. It
also adds a link to the new help page on their docs pages.
|
|
|
|
* feat: Add --use-webauth flag
* Add docs
* Switch from a separate flag to a variation of auth-type
* Update snapshot
|
|
Adds a minimalistic reify step that updates the installed tree after
initializing a new workspace.
Moved the shared update logic from `lib/commands/version.js` to a
`lib/workspaces/update-workspaces.js` module that is reused between
both `npm version` and `npm init`.
Relates to: https://github.com/npm/rfcs/issues/556
Relates to: https://github.com/npm/cli/pull/4588
|
|
The removal of node_modules was happening in a race with the loading of
the virtualTree, and before the validation of the package-lock against
the package.json. This defers the removal till after all that
validation has happened.
It also makes the errors thrown usage errors, and refactors the tests to
be real.
|
|
|
|
All three of these commands do the same thing: open a manifest and find
a url inside to open it. The finding of that manifest was not very
consistent across these three commands. Some work with workspaces while
others don't. Some work correctly with `--prefix` while others don't.
This PR consolidates these commands so that they all are consistent in
how they find the manifest being referenced. The specifics of which url
they open are still left to each command. The util that only these
three commands were using was consolidated into their base class.
|
|
It was querying whoami once for every package you starred/unstarred, and
incorrectly trying to determine if you weren't logged in. In fact the
function throws a descriptive message if you're not logged in already.
The whoami check was also racing with the fetch of the packument for
each package you were starring/unstarring meaning you could also get a
random 401 for a private package instead of the 'you need to log in'
message.
unstar was setting an undocumented config item to get the
shared code to unstar. The command already has a name attribute that
tells us what action we are doing so we can just use that.
Finally, the duplicated (and differing) params between the two commands
were consolidated.
|
|
|
|
As of npm@7, extraneous modules are always auto pruned
|
|
|
|
|
|
|
|
Do not pass the `if-present` env config value to spawned processes.
Fixes: https://github.com/npm/cli/issues/3352
Close: https://github.com/npm/cli/pull/3589
|
|
|
|
* Removed dedupe --save documentation and attempted implementation.
* Remove some unneeded otplease mocks from test
`npm dedupe --save` didn't work in a easy to understand way. It would
only update a top level dependency that was duplicated in the tree.
Found this out rewriting the dedupe tests to be real. This is not very
intuitive and it's best if folks use update or install for saving to
package.json.
|
|
Futher --> Further
|
|
ci (#4666)
related to #4664
|
|
|
|
Adds a minimalistic reify step that updates the installed tree after a
version change within one of the configured workspaces when using any
of the workspaces config options.
It's also possible to use the `--save` config option in order to
auto update semver ranges of dependencies declarations accross dependent
`package.json` files.
Fixes: https://github.com/npm/cli/issues/3403
Relates to: https://github.com/npm/rfcs/issues/556
Relates to: https://github.com/npm/cli/issues/3757
Relates to: https://github.com/npm/cli/issues/4193
|
|
Also add explanation of what `--force` does for unpublish
|
|
|
|
|
|
I think this gets them all
|
|
Closes #4189
* docs: auto-generate synopsis sections
* feat: improve usage auto-generation'
* chore: auto-generate npm usage for each command
* docs: print default usage when usage is missing
* docs: add special case for npx
* fix: remove optional chaining
|
|
Closes: https://github.com/npm/cli/issues/3821
|
|
|
|
npm install <folder> doesn't install dependencies if <folder> is outside of root project.
Fixes #3358
|
|
Fixes https://github.com/npm/cli/issues/4136
|
|
|
|
Previously `npm update` was not respecting the `save` option, it
would be impossible for users to use `npm update` and automatically
update their `package.json` files.
This fixes it by adding extra steps on `Arborist.reify._saveIdealTree`
to read direct dependencies of any `package.json` and update them as
needed when reifying using the `update` and `save` options.
- Uses config.isDefault to set a different value for the `save` config
for both the update and dedupe commands
- Tweaks arborist to make sure saveIdealTree preserves the behavior of
skipping writing to package-lock.json on save=false for install while
still writing the lockfile for `npm update` with its new default value
of save=false.
- Updated and added some new tests on arborist to cover for these tweaks
- Added `npm update --save` smoke test on cli
Fixes: https://github.com/npm/cli/issues/708
Fixes: https://github.com/npm/cli/issues/2704
Relates to: https://github.com/npm/feedback/discussions/270
|
|
PR-URL: https://github.com/npm/cli/pull/4053
Credit: @MansurAliKoroglu
Close: #4053
Reviewed-by: @wraithgar
|
|
Adds a new config item that includes the workspace root. This also changes
--workspaces to a trinary, so that setting it to false will explicitly exclude
workspaces altogether.
PR-URL: https://github.com/npm/cli/pull/3890
Credit: @fritzy
Close: #3890
Reviewed-by: @wraithgar
|
|
This reverts commit f17dfa0ced7d8df9bb7baf378bb20d33175c8e8b.
|