Age | Commit message (Collapse) | Author |
|
|
|
fix: correct link to dependency selectors
|
|
* [dependency-selectors] fix example in docs
* Add async to the function declaration because awaits are used
|
|
|
|
|
|
Fix link syntax in `dependency-selectors.md`
|
|
Lots of bugfixes here, we properly parse ranges and versions, and we
also now work with git repos and gists, and know when they are already
installed.
|
|
feat: add --replace-registry-host=<npmjs|always|never>|<hostname>
|
|
Co-authored-by: Gar <gar+gh@danger.computer>
|
|
Use the full proper name of Travis CI
Signed-off-by: Takuya Noguchi <takninnovationresearch@gmail.com>
|
|
* docs: describe implicit workspace and prefix configuration
* Update docs/content/using-npm/workspaces.md
Co-authored-by: Gar <gar+gh@danger.computer>
Co-authored-by: Luke Karrys <luke@lukekarrys.com>
Co-authored-by: Gar <gar+gh@danger.computer>
|
|
|
|
|
|
|
|
* docs: update commit-ish default branch
To match with https://github.com/npm/cli/blob/latest/docs/content/using-npm/developers.md#what-is-a-package
|
|
arborist normalizes `bundledDependencies` to `bundleDependencies`, this change corrects the documentation to match that reality
|
|
fix: Update docs for audit signatures cmd
Update command documentation for `npm audit signatures` added in this PR:
https://github.com/npm/cli/pull/4827
|
|
Closes #4765
RFC: https://github.com/npm/rfcs/pull/591
While this doesn't directly allow top-level cert/key as credentials (per the
original issue), it's a more targeted/secure approach that accomplishes the
same end-result; the new options are scoped to a specific registry, and the
actual cert/key contents are much less likely to be exposed. See the RFC for
more context.
Depends on:
* https://github.com/npm/npm-registry-fetch/pull/125
* https://github.com/npm/config/pull/69
|
|
|
|
|
|
|
|
The use of `a` workspace have some inconsistency in terms of naming, making the doc not easy to follow.
|
|
Just refer to the spec instead.
Author describes the reason here:
https://github.com/kemitchell/spdx.js/commit/616ce611bb8ba4271cc31cbec7d11468af852808
|
|
|
|
* feat: add npm audit signatures
Implements [RFC: Improve signature verification](https://github.com/npm/rfcs/pull/550/)
Adds a new sub-command to `audit`: `npm audit signatures` (following [`npm audit licenses`](https://github.com/npm/cli/pull/3452))
This command will verify registry signatures stored in the packument against a public key on the registry.
Supporting:
- Any registry that implements `host/-/npm/v1/keys` endpoint and provides `signatures` in the packument `dist` object
- Validates public keys are not expired
- Errors when encountering packages with missing signatures when the registry returns keys at `host/-/npm/v1/keys`
- Errors when encountering invalid signatures
- Output: json/human formats
|
|
|
|
Fix typo.
|
|
Many of our commands parse their args via
[npm-package-arg](https://npm.im/npm-package-arg), which is a good
standard way of parsing a "package" argument. However the docs
surrounding these args are not very consistent. This can lead to
confusion in commands such as `npm publish` where the behavior is
slightly different than in the past due to this.
This adds a new help command `npm help package-spec` that describes what
this argument is, and can be, and also updates all the commands that
interpret their args this with to refer to them as `<package-spec>`. It
also adds a link to the new help page on their docs pages.
|
|
|
|
* docs: add `npm version` notes to scripts doc
* docs: clarify when git deps will be cloned and installed before packing
|
|
* feat: Add --use-webauth flag
* Add docs
* Switch from a separate flag to a variation of auth-type
* Update snapshot
|
|
Adds a minimalistic reify step that updates the installed tree after
initializing a new workspace.
Moved the shared update logic from `lib/commands/version.js` to a
`lib/workspaces/update-workspaces.js` module that is reused between
both `npm version` and `npm init`.
Relates to: https://github.com/npm/rfcs/issues/556
Relates to: https://github.com/npm/cli/pull/4588
|
|
The removal of node_modules was happening in a race with the loading of
the virtualTree, and before the validation of the package-lock against
the package.json. This defers the removal till after all that
validation has happened.
It also makes the errors thrown usage errors, and refactors the tests to
be real.
|
|
|
|
* feat(arborist): added flag to omit lockfile resolved
* feat: add flag --omit-lockfile-registry-resolved
Co-authored-by: Caleb ツ Everett <calebev@amazon.com>
|
|
|
|
All three of these commands do the same thing: open a manifest and find
a url inside to open it. The finding of that manifest was not very
consistent across these three commands. Some work with workspaces while
others don't. Some work correctly with `--prefix` while others don't.
This PR consolidates these commands so that they all are consistent in
how they find the manifest being referenced. The specifics of which url
they open are still left to each command. The util that only these
three commands were using was consolidated into their base class.
|
|
It was querying whoami once for every package you starred/unstarred, and
incorrectly trying to determine if you weren't logged in. In fact the
function throws a descriptive message if you're not logged in already.
The whoami check was also racing with the fetch of the packument for
each package you were starring/unstarring meaning you could also get a
random 401 for a private package instead of the 'you need to log in'
message.
unstar was setting an undocumented config item to get the
shared code to unstar. The command already has a name attribute that
tells us what action we are doing so we can just use that.
Finally, the duplicated (and differing) params between the two commands
were consolidated.
|
|
|
|
As of npm@7, extraneous modules are always auto pruned
|
|
|
|
* doc: include org instructions in scoped publish
* doc: update scope context to add user scopes
* Update docs/content/using-npm/scope.md
Co-authored-by: Gar <wraithgar@github.com>
Co-authored-by: Luke Karrys <luke@lukekarrys.com>
Co-authored-by: Gar <wraithgar@github.com>
|
|
|
|
|
|
|
|
|
|
Do not pass the `if-present` env config value to spawned processes.
Fixes: https://github.com/npm/cli/issues/3352
Close: https://github.com/npm/cli/pull/3589
|
|
|
|
* Removed dedupe --save documentation and attempted implementation.
* Remove some unneeded otplease mocks from test
`npm dedupe --save` didn't work in a easy to understand way. It would
only update a top level dependency that was duplicated in the tree.
Found this out rewriting the dedupe tests to be real. This is not very
intuitive and it's best if folks use update or install for saving to
package.json.
|
|
Futher --> Further
|