| Age | Commit message (Collapse) | Author |
|---|
|
The difference between `adduser` and `login` depends on the `auth-type`.
- `web`: the POST to `/-/v1/login` contains a `{ create: true }` value
in its payload for `adduser`
- `legacy` the `PUT` request to `/-/user/org.couchdb.user:${username}`
contains an `email` value in its payload for `adduser`.
BREAKING CHANGE: `login`, `adduser`, and `auth-type` changes
- This removes all `auth-type` configs except `web` and `legacy`.
- `login` and `adduser` are now separate commands that send different data to the registry.
- `auth-type` config values `web` and `legacy` only try
their respective methods, npm no longer tries them all and waits to see
which one doesn't fail.
|
|
BREAKING CHANGE: renames most of the `npm access` subcommands
- `edit`, having never been implemented, is removed
- `public` is now `set status=public`
- `restricted` is now `set status=private`
- `ls-packages` is now `list packages`
- `ls-collaborators` is now `list collaborators`
- `2fa-required` is now `set mfa=publish`
- `2fa-not-required` is now `set mfa=none`
- `set mfa=automation` is added
- output is no longer in json by default
Usage:
npm access list packages [<user>|<scope>|<scope:team> [<package>]
npm access list collaborators [<package> [<user>]]
npm access get status [<package>]
npm access set status=public|private [<package>]
npm access set mfa=false|publish|automation [<package>]
npm access grant <read-only|read-write> <scope:team> [<package>]
npm access revoke <scope:team> [<package>]
Options:
[--json] [--otp <otp>] [--registry <registry>]
|
|
BREAKING CHANGE: this removes `npm set-script`
Folks should use `npm pkg set` to set the `scripts` field in their
`package.json`
Closes https://github.com/npm/statusboard/issues/449
|
|
BREAKING CHANGE: this changes the default value of `install-links` to
true
Closes https://github.com/npm/statusboard/issues/510
|
|
BREAKING CHANGE: this removes the `npm bin` command
The output of this command is misleading and incomplete. The `.bin`
resolution of npm is much more nuanced than this command implies, and
the output of `npm bin` is not something end users should be dealing
with. `npm` itself is responsible for running the `bin` entries of
modules, with the exception of global bins, which end up in the same
folder as `node` itself, presumably already in a user's path since they
can run node.
Closes https://github.com/npm/statusboard/issues/537
|
|
Co-authored-by: Gar <gar+gh@danger.computer>
|
|
|
|
|
|
* feat: add npm audit signatures
Implements [RFC: Improve signature verification](https://github.com/npm/rfcs/pull/550/)
Adds a new sub-command to `audit`: `npm audit signatures` (following [`npm audit licenses`](https://github.com/npm/cli/pull/3452))
This command will verify registry signatures stored in the packument against a public key on the registry.
Supporting:
- Any registry that implements `host/-/npm/v1/keys` endpoint and provides `signatures` in the packument `dist` object
- Validates public keys are not expired
- Errors when encountering packages with missing signatures when the registry returns keys at `host/-/npm/v1/keys`
- Errors when encountering invalid signatures
- Output: json/human formats
|
|
|
|
Many of our commands parse their args via
[npm-package-arg](https://npm.im/npm-package-arg), which is a good
standard way of parsing a "package" argument. However the docs
surrounding these args are not very consistent. This can lead to
confusion in commands such as `npm publish` where the behavior is
slightly different than in the past due to this.
This adds a new help command `npm help package-spec` that describes what
this argument is, and can be, and also updates all the commands that
interpret their args this with to refer to them as `<package-spec>`. It
also adds a link to the new help page on their docs pages.
|
|
* feat: Add --use-webauth flag
* Add docs
* Switch from a separate flag to a variation of auth-type
* Update snapshot
|
|
Adds a minimalistic reify step that updates the installed tree after
initializing a new workspace.
Moved the shared update logic from `lib/commands/version.js` to a
`lib/workspaces/update-workspaces.js` module that is reused between
both `npm version` and `npm init`.
Relates to: https://github.com/npm/rfcs/issues/556
Relates to: https://github.com/npm/cli/pull/4588
|
|
|
