Age | Commit message (Collapse) | Author |
|
|
|
|
|
This also adds a new output method `outputBuffer()` which will buffer
all output until it is flushed in the exit handler. This allows the exit
handler to catch any errors and append them to the output when in json
mode. This was necessary to not introduce a regression in the case of
npm/cli#2150.
BREAKING CHANGE: `npm` now outputs some json errors on stdout.
Previously `npm` would output all json formatted errors on stderr,
making it difficult to parse as the stderr stream usually has logs
already written to it. In the future, `npm` will differentiate between
errors and crashes. Errors, such as `E404` and `ERESOLVE`, will be
handled and will continue to be output on stdout. In the case of a
crash, `npm` will log the error as usual but will not attempt to display
it as json, even in `--json` mode. Moving a case from the category of an
error to a crash will not be considered a breaking change. For more
information see npm/rfcs#482.
Closes #2740
Closes https://github.com/npm/statusboard/issues/589
|
|
BREAKING CHANGE: `timing` and `loglevel` changes
- `timing` has been removed as a value for `--loglevel`
- `--timing` will show timing information regardless of
`--loglevel`, except when `--silent`
Closes https://github.com/npm/statusboard/issues/455
Closes https://github.com/npm/statusboard/issues/454
|
|
auth docs
|
|
--global-style, --legacy-bundling (#5709)
BREAKING CHANGE: deprecate boolean install flags in favor of `--install-strategy`
* deprecate --global-style, --global now sets --install-strategy=shallow
* deprecate --legacy-bundling, now sets --install-strategy=nested
|
|
- @npmcli/config@6.0.1
- @npmcli/disparity-colors@3.0.0
- @npmcli/git@4.0.1
- @npmcli/installed-package-contents@2.0.0
- @npmcli/map-workspaces@3.0.0
- @npmcli/metavuln-calculator@5.0.0
- @npmcli/move-file@3.0.0
- @npmcli/node-gyp@3.0.0
- @npmcli/package-json@3.0.0
- @npmcli/promise-spawn@4.0.0
- @npmcli/query@3.0.0
- @npmcli/run-script@5.0.0
- bin-links@4.0.1
- cacache@17.0.1
- ignore-walk@6.0.0
- init-package-json@4.0.1
- json-parse-even-better-errors@3.0.0
- make-fetch-happen@11.0.1
- normalize-package-data@5.0.0
- npm-audit-report@4.0.0
- npm-install-checks@6.0.0
- npm-packlist@7.0.1
- npm-pick-manifest@8.0.1
- npm-profile@7.0.1
- npm-registry-fetch@14.0.2
- npmlog@7.0.0
- pacote@15.0.1
- parse-conflict-json@3.0.0
- proc-log@3.0.0
- read-package-json-fast@3.0.1
- read-package-json@6.0.0
- ssri@10.0.0
- treeverse@3.0.0
- validate-npm-package-name@5.0.0
- write-file-atomic@5.0.0
Removed dependencies:
- `@npmcli/fs`
|
|
BREAKING CHANGE: the `node-version` and `npm-version` configs have been
removed.
These are only used sparingly by arborist to determine if optional
dependencies should be installed, and during engines checks (which
are only warnings unless `engine-strict` is true.
|
|
High level overview of the changes here:
- The source for the docs content has moved from `docs/content/` to
`docs/lib/content/`. The generated markdown is still written to
`docs/content/` but that directory is now ignored from git.
- All generated content sections of the docs have been removed and
replaced with single placeholder html comments such as `<!--
AUTOGENERATED CONFIG DESCRIPTIONS -->`
- Placeholders are replaced with generated content only as part of the
`prepack` step, so generated markdown is no longer checked in to
source and all docs related `make` commands have been removed
- All docs (and docs related) snapshots have been moved to a single test
file that outputs command usage and formats it with functions imported
from `docs/lib/index.js`. So tests will fail if docs content changes
until `npm run snap` is run.
|
|
|
|
|
|
The cache command itself contains this config making it a circular reference
|
|
|
|
Also refactor all files written to the logs directory to use the same
code path for file name creation.
|
|
BREAKING CHANGE: `--timing` file changes:
- When run with the `--timing` flag, `npm` now writes timing data to a
file alongside the debug log data, respecting the `logs-dir` option and
falling back to `<CACHE>/_logs/` dir, instead of directly inside the
cache directory.
- The timing file data is no longer newline delimited JSON, and instead
each run will create a uniquely named `<ID>-timing.json` file, with the
`<ID>` portion being the same as the debug log.
- Finally, the data inside the file now has three top level keys,
`metadata`, `timers, and `unfinishedTimers` instead of everything being
a top level key.
Closes https://github.com/npm/statusboard/issues/456
|
|
BREAKING CHANGE: the default `auth-type` config value is now `web`
|
|
The difference between `adduser` and `login` depends on the `auth-type`.
- `web`: the POST to `/-/v1/login` contains a `{ create: true }` value
in its payload for `adduser`
- `legacy` the `PUT` request to `/-/user/org.couchdb.user:${username}`
contains an `email` value in its payload for `adduser`.
BREAKING CHANGE: `login`, `adduser`, and `auth-type` changes
- This removes all `auth-type` configs except `web` and `legacy`.
- `login` and `adduser` are now separate commands that send different data to the registry.
- `auth-type` config values `web` and `legacy` only try
their respective methods, npm no longer tries them all and waits to see
which one doesn't fail.
|
|
BREAKING CHANGE: this removes the `npm birthday` command
|
|
BREAKING CHANGE: this removes `npm set-script`
Folks should use `npm pkg set` to set the `scripts` field in their
`package.json`
Closes https://github.com/npm/statusboard/issues/449
|
|
BREAKING CHANGE: this changes the default value of `install-links` to
true
Closes https://github.com/npm/statusboard/issues/510
|
|
BREAKING CHANGE: this removes the `npm bin` command
The output of this command is misleading and incomplete. The `.bin`
resolution of npm is much more nuanced than this command implies, and
the output of `npm bin` is not something end users should be dealing
with. `npm` itself is responsible for running the `bin` entries of
modules, with the exception of global bins, which end up in the same
folder as `node` itself, presumably already in a user's path since they
can run node.
Closes https://github.com/npm/statusboard/issues/537
|
|
|
|
In preparation for @npmcli/eslint-config@3.1.0
|
|
|
|
Lots of bugfixes here, we properly parse ranges and versions, and we
also now work with git repos and gists, and know when they are already
installed.
|
|
feat: add --replace-registry-host=<npmjs|always|never>|<hostname>
|
|
new webAuthn flow (#5243)
|
|
Co-authored-by: Gar <gar+gh@danger.computer>
|
|
This also changes all the log messages about not being able to create
initial directories and files to `log.verbose` since we know run those
commands on init. There are a lot of valid reasons why those might fail,
and we don't want to show a warning for them every time.
Fixes: #4769
Fixes: #4838
Fixes: #4996
|
|
* feat: Add support for web auth, utilizing code from npm-profile
Co-authored-by: Jordan Harband <ljharb@gmail.com>
Co-authored-by: Hayden Faulds <fauldsh@gmail.com>
Co-authored-by: Sandeep Meduru <sandeepmeduru@github.com>
|
|
Closes #4765
RFC: https://github.com/npm/rfcs/pull/591
While this doesn't directly allow top-level cert/key as credentials (per the
original issue), it's a more targeted/secure approach that accomplishes the
same end-result; the new options are scoped to a specific registry, and the
actual cert/key contents are much less likely to be exposed. See the RFC for
more context.
Depends on:
* https://github.com/npm/npm-registry-fetch/pull/125
* https://github.com/npm/config/pull/69
|
|
|
|
|
|
|
|
(#4960)
Prompt before opening web-login URL when performing login/adduser
|
|
Many of our commands parse their args via
[npm-package-arg](https://npm.im/npm-package-arg), which is a good
standard way of parsing a "package" argument. However the docs
surrounding these args are not very consistent. This can lead to
confusion in commands such as `npm publish` where the behavior is
slightly different than in the past due to this.
This adds a new help command `npm help package-spec` that describes what
this argument is, and can be, and also updates all the commands that
interpret their args this with to refer to them as `<package-spec>`. It
also adds a link to the new help page on their docs pages.
|
|
|
|
* feat: Add --use-webauth flag
* Add docs
* Switch from a separate flag to a variation of auth-type
* Update snapshot
|
|
|
|
|
|
* feat(arborist): added flag to omit lockfile resolved
* feat: add flag --omit-lockfile-registry-resolved
Co-authored-by: Caleb ツ Everett <calebev@amazon.com>
|
|
|
|
All three of these commands do the same thing: open a manifest and find
a url inside to open it. The finding of that manifest was not very
consistent across these three commands. Some work with workspaces while
others don't. Some work correctly with `--prefix` while others don't.
This PR consolidates these commands so that they all are consistent in
how they find the manifest being referenced. The specifics of which url
they open are still left to each command. The util that only these
three commands were using was consolidated into their base class.
|
|
Turns out there were three files that still had no test coverage because
of the combination of the mocks in tests and the coverage map. Removing
the map altogether exposed them.
This PR removes the coverage map and fixes test to cover all lines that
were being missed.
While adding coverage to the `npm search` codebase multiple unneeded
guards and at least one bug was found (it was impossible to exclude
searches based on username). These were fixed.
The `npm view` tests were also refactored to use the real npm object.
Finally, a small inlining of lib/utils/file-exists.js was done.
|
|
As of npm@7, extraneous modules are always auto pruned
|
|
|
|
|
|
|
|
|
|
Do not pass the `if-present` env config value to spawned processes.
Fixes: https://github.com/npm/cli/issues/3352
Close: https://github.com/npm/cli/pull/3589
|