| Age | Commit message (Collapse) | Author |
|---|
|
Fixes `npm outdated` to properly parse and display info on aliased
packages.
Fixes: https://github.com/npm/cli/issues/2800
|
|
`npm ci` should never be affected by the `package-lock` config.
Fixes: https://github.com/npm/cli/issues/4185
|
|
Make sure to validate any lock file (either package-lock.json or
npm-shrinkwrap.json) against the current install. This will properly
throw an error in case any of the dependencies being installed don't
match the dependencies that are currently listed in the lock file.
Fixes: https://github.com/npm/cli/issues/2701
Fixes: https://github.com/npm/cli/issues/3947
|
|
Previously `npm update` was not respecting the `save` option, it
would be impossible for users to use `npm update` and automatically
update their `package.json` files.
This fixes it by adding extra steps on `Arborist.reify._saveIdealTree`
to read direct dependencies of any `package.json` and update them as
needed when reifying using the `update` and `save` options.
- Uses config.isDefault to set a different value for the `save` config
for both the update and dedupe commands
- Tweaks arborist to make sure saveIdealTree preserves the behavior of
skipping writing to package-lock.json on save=false for install while
still writing the lockfile for `npm update` with its new default value
of save=false.
- Updated and added some new tests on arborist to cover for these tweaks
- Added `npm update --save` smoke test on cli
Fixes: https://github.com/npm/cli/issues/708
Fixes: https://github.com/npm/cli/issues/2704
Relates to: https://github.com/npm/feedback/discussions/270
|
|
Closes: npm/statusboard#417
If the file at `$NPM_CONFIG_PREFIX/package.json` contains a
`publishConfig`, the key/value pairs will be printed along with the rest
of the output from `npm config ls`.
PR-URL: https://github.com/npm/cli/pull/4146
Credit: @lukekarrys
Close: #4146
Reviewed-by: @nlf
|
|
PR-URL: https://github.com/npm/cli/pull/4114
Credit: @lukekarrys
Close: #4114
Reviewed-by: @wraithgar
|
|
This decouples the log file writing from the terminal logging. We now
open an append only file at the start of the process and stream logs to
it. We still only display the log file message in timing mode or if
there is an error, but the file is still written regardless.
All logging now goes through `proc-log` and this is the first step to
removing `npmlog`. For now `npmlog` is still used for the terminal
logging but with a shim in front of it to make it easier to test and
use in conjunction with `proc-log`. Ref: npm/statusboard#366
This also refactors many of the tests to always use an explicit
`t.testdir` for their cache since the file is opened on each `new Npm()`.
Tests are also refactored to use more of `MockNpm` with behavior to
add config items and load `npm` if necessary. A new fixture `mockGlobals`
was also added to make much of this more ergonomic. Ref: npm/statusboard#410
Closes npm/statusboard#411
Closes npm/statusboard#367
PR-URL: https://github.com/npm/cli/pull/4062
Credit: @lukekarrys
Close: #4062
Reviewed-by: @wraithgar
|
|
PR-URL: https://github.com/npm/cli/pull/4072
Credit: @chalkygames123
Close: #4072
Reviewed-by: @wraithgar
|
|
The fake npm object in the tests wasn't returning an async function
Fixes: https://github.com/npm/cli/issues/4020
PR-URL: https://github.com/npm/cli/pull/4032
Credit: @wraithgar
Close: #4032
Reviewed-by: @lukekarrys
|
|
Looks like tests were removed but the snapshots still have them.
PR-URL: https://github.com/npm/cli/pull/4019
Credit: @wraithgar
Close: #4019
Reviewed-by: @lukekarrys
|
|
Uses the real npm object and doesn't mock anything.
PR-URL: https://github.com/npm/cli/pull/4018
Credit: @wraithgar
Close: #4018
Reviewed-by: @lukekarrys
|
|
Fix: #3962
When created from a hidden lockfile, shrinkwrap was always setting the
lockfileVersion to 3. The shrinkwrap command also needed to be updated
to log the correct message based on the lockfileVersion config instead
of the static lockfileVersion.
With these fixes, it was possible to log a better message whenever we
are changing the lockfileVersion, either from a config or any existing
lockfile.
Lastly, the tests for shrinkwrap were completely refactored to use the
real npm and test all conceivable scenarios, as well as removing usage
of `util.promisify` in favor of `fs.promises` now that we've dropped
support for Node 10.
PR-URL: https://github.com/npm/cli/pull/3978
Credit: @lukekarrys
Close: #3978
Reviewed-by: @wraithgar
|
|
This is the first phase of refactoring the internal structure of the npm
commands to set us up for future changes. This iteration changes the
function signature of `exec` for all the commands to be a async (no more
callbacks), and also groups all the commands into their own
subdirectory.
It also removes the Proxy `npm.commands` object, in favor of an
`npm.cmd` and `npm.exec` function that breaks up the two things that
proxy was doing. Namely, getting to the attributes of a given command
(`npm.cmd` now does this), and actually running the command `npm.exec`
does this.
PR-URL: https://github.com/npm/cli/pull/3959
Credit: @wraithgar
Close: #3959
Reviewed-by: @lukekarrys
|
|
As all CLI input is considered to be string, eg. a
"npm install --lockfile-version 3" would fail with the error messages:
```
npm WARN invalid config lockfile-version="3" set in command line options
npm WARN invalid config Must be one of: null, 1, 2, 3
```
Until we have a config system that supports setting type and possible values
of configs, we have to specify all string and number values for the
`lockfile-version`, but we coerce all values to numbers in the flattener.
Co-authored-by: @voxpelli
Co-authored-by: @isaacs
PR-URL: https://github.com/npm/cli/pull/3949
Credit: @lukekarrys
Close: #3949
Reviewed-by: @isaacs
|
|
Adds a new config item that includes the workspace root. This also changes
--workspaces to a trinary, so that setting it to false will explicitly exclude
workspaces altogether.
PR-URL: https://github.com/npm/cli/pull/3890
Credit: @fritzy
Close: #3890
Reviewed-by: @wraithgar
|
|
Depends on @npmcli/arborist@4.0.0
Re: https://github.com/npm/rfcs/pull/434
PR-URL: https://github.com/npm/cli/pull/3880
Credit: @isaacs
Close: #3880
Reviewed-by: @wraithgar
|
|
When the tests are run but the code is not inside a git repo, the
results are different. This removes the `gitHead` altogether from the
publish results so it works in all environments
PR-URL: https://github.com/npm/cli/pull/3845
Credit: @wraithgar
Close: #3845
Reviewed-by: @fritzy
|
|
This reverts commit f17dfa0ced7d8df9bb7baf378bb20d33175c8e8b.
|
|
Adds a new config item that includes the workspace root when running
non-arborist commands (i.e. repo, version, publish). Arborist will need
to be udpated to look for this flag to change its behavior to include
the workspace root for its functions.
This also changes --workspaces to a trinary, so that setting it to false
will explicitly exclude workspaces altogether. This is also going to
require an arborist change so that it ignores workspaces altogether.
Co-author: @fritzy
PR-URL: https://github.com/npm/cli/pull/3816
Credit: @isaacs
Close: #3816
Reviewed-by: @wraithgar
|
|
PR-URL: https://github.com/npm/cli/pull/3761
Credit: @wraithgar
Close: #3761
Reviewed-by: @lukekarrys
|
|
The way we were flattening user-agent back into itself meant that any
values that were dependent on other config items would never be seen,
since we have to re-flatten the item for each one it depends on.
We also weren't re-flattening the user-agent when setting workspaces or
workspace, which were things that affected the final result.
This does change the main config value of `user-agent` but not the
flattened one. We are not using the main config value anywhere (which
is correct).
PR-URL: https://github.com/npm/cli/pull/3754
Credit: @wraithgar
Close: #3754
Reviewed-by: @nlf
|
|
Before, `npm view npm@^6` would incorrectly report “published over a
year from now” for every entry. Now it reports the correct dates.
PR-URL: https://github.com/npm/cli/pull/3739
Credit: @andersk
Close: #3739
Reviewed-by: @wraithgar
|
|
If the package being installed is a url it needs to be cleaned before
logging so passwords aren't potentially logged.
PR-URL: https://github.com/npm/cli/pull/3732
Credit: @wraithgar
Close: #3732
Reviewed-by: @nlf
|
|
This corrects two things,
`--global` implies `--location=global` and `--package-lock-only` implies
`--package-lock`
It also introduces a new sandbox runner for testing purposes. it's not
the prettiest thing i've ever written, but it seems to do the job pretty
nicely and doesn't require keeping track of wild shenanigans everywhere.
Fixes #2747
Fixes #3572
PR-URL: https://github.com/npm/cli/pull/3684
Credit: @nlf
Close: #3684
Reviewed-by: @wraithgar
|
|
Somehow the last one didn't take?
|
|
|
|
* fix: Add gitHead in subdirectories too
* fix(man): don't resolve paths to man files
|
|
|
|
PR-URL: https://github.com/npm/cli/pull/3592
Credit: @fritzy
Close: #3592
Reviewed-by: @nlf
|
|
Wraps logged process.argv in `replaceInfo`
Removes logged process.argv from EJSONPARSE warning for top level
package.json merge conflicts. It is currently not even working (er.file
is not being populated by the parsing library right now), and
process.argv contains fullly resolved paths which isn't very nice
looking. The user knows what they typed, it's enough to tell them to
retry.
PR-URL: https://github.com/npm/cli/pull/3658
Credit: @wraithgar
Close: #3658
Reviewed-by: @nlf
|
|
This should prevent the kind of thing we've seen where people edit the
generated docs, as in #3654 and #3630, and provide them with a helpful
pointer so they put the config documentation changes in the right place.
|
|
Name is always now set on the root node
See: https://github.com/npm/arborist/pull/310
|
|
In its latest release, byte-size dropped support for node versions lower
than 14. The cli currently supports node 10 and up.
The actual functionality we needed and was using was extremely limited
in scope, and didn't warrant an external module. It's just pretty
printing a file size, and the files we are dealing with are limited in
size so we don't need to support so many suffixes.
PR-URL: https://github.com/npm/cli/pull/3569
Credit: @wraithgar
Close: #3569
Reviewed-by: @isaacs
|
|
Fix: #3138
PR-URL: https://github.com/npm/cli/pull/3588
Credit: @isaacs
Close: #3588
Reviewed-by: @wraithgar
|
|
PR-URL: https://github.com/npm/cli/pull/3471
Credit: @nlf
Close: #3471
Reviewed-by: @wraithgar
|
|
* npm mock logger writes to npm.log.record too now
* No more extra process.exit from within the process `exit` event handle.
* No more `exit()` function. Logic is rolled up into the exit handler.
* Now there is only an exit handler and an exit event listener.
`lib/utils/perf.js` was rolled up into npm.js itself.
Unfortunately the tests were written in such a way that any further
refactoring of the exit handler was going to require also rewriting the
tests. Fortunately NOW the tests are interacting with the exit handler
in a way that shouldn't require them to be rewritten AGAIN if we change
the internals of the exit handler.
PR-URL: https://github.com/npm/cli/pull/3482
Credit: @wraithgar
Close: #3482
Reviewed-by: @nlf
|
|
This adds the `audit` config item to the usage output of `npm ci`, and
also tweaks how usage flags are shown for boolean options that do not
default to false. Their usage is shown as the `--no-x` form of the flag
to better communicate that the flag is needed to turn that normally true
option OFF.
The description of `audit` was also updated to reflect that it runs on
many different npm commands, not just install. Because this flag is
included in the usage of those commands it's best to let the assocation
happen there instead of trying to be comprehensive in the description
itself.
A small fix to make `install-ci-test` not try to redefine its own
usage, but to inherit from `ci` was also included.
PR-URL: https://github.com/npm/cli/pull/3497
Credit: @wraithgar
Close: #3497
Reviewed-by: @nlf
|
|
This looks very wrong on white terminals.
npmlog still makes its `notice` logs do this but that will have to be
fixed in the npmlog repo.
PR-URL: https://github.com/npm/cli/pull/3499
Credit: @wraithgar
Close: #3499
Reviewed-by: @nlf
|
|
Implements `npm pkg get|set|delete` support. It enables retrieving and
modifying values in a `package.json` file of any given project.
Included are the implementation based on https://github.com/npm/rfcs/pull/402
along with extensive tests and user documentation.
Relates to: https://github.com/npm/rfcs/pull/402
Fixes: https://github.com/npm/statusboard/issues/368
PR-URL: https://github.com/npm/cli/pull/3487
Credit: @ruyadorno
Close: #3487
Reviewed-by: @wraithgar
|
|
PR-URL: https://github.com/npm/cli/pull/3498
Credit: @nlf
Close: #3498
Reviewed-by: @wraithgar
|
|
Closes https://github.com/npm/cli/issues/1623
PR-URL: https://github.com/npm/cli/pull/3483
Credit: @wraithgar
Close: #3483
Reviewed-by: @isaacs
|
|
This moves the logging of the exit code to before the logfile is
written, when the exit handler was not called. This will ensure that
the code shows up in the debug logs.
PR-URL: https://github.com/npm/cli/pull/3469
Credit: @wraithgar
Close: #3469
Reviewed-by: @isaacs
|
|
This is a papercut that has been driving me crazy when debugging
ERESOLVE issues. It's not particularly useful to just say something is
"invalid", without showing which module's dependency is not being met.
With this commit, it prints all the packages that depend on that
dependency and do not have their required version met.
This does print multiple times for deduped deps that are invalid, but
if we skip the printing of the `invalid` label for deduped deps, we end
up losing information that is only detected later in the tree walk.
PR-URL: https://github.com/npm/cli/pull/3460
Credit: @isaacs
Close: #3460
Reviewed-by: @nlf
|
|
We had tied the usage of commands to snapshots, but not the full config
descriptions. This will prevent us from landing changes to the config
descriptions that don't also result in rebuilt `.md` help docs.
Closes https://github.com/npm/statusboard/issues/374
PR-URL: https://github.com/npm/cli/pull/3459
Credit: @wraithgar
Close: #3459
Reviewed-by: @nlf
|
|
Cleaned the code up too
PR-URL: https://github.com/npm/cli/pull/3416
Credit: @wraithgar
Close: #3416
Reviewed-by: @nlf
|
|
This will allow users to specify a folder in which to save their
tarballs.
PR-URL: https://github.com/npm/cli/pull/3420
Credit: @wraithgar
Close: #3420
Reviewed-by: @ruyadorno
|
|
`npm ls --prod` is currently not omitting devDependencies for configured
workspaces, this changes it by properly checking for the tweaked
`currentDepth` value instead of root check that was in place.
Fixes: https://github.com/npm/cli/issues/3382
PR-URL: https://github.com/npm/cli/pull/3429
Credit: @ruyadorno
Close: #3429
Reviewed-by: @wraithgar
|
|
The behavior for installing global versions if found has never been part
of npm@7.
PR-URL: https://github.com/npm/cli/pull/3418
Credit: @wraithgar
Close: #3418
Reviewed-by: @lukekarrys
|
|
This enables using the virtual tree instead of node_modules.
PR-URL: https://github.com/npm/cli/pull/3408
Credit: @G-Rath
Close: #3408
Reviewed-by: @isaacs
|
|
PR-URL: https://github.com/npm/cli/pull/3423
Credit: @gurdiga
Close: #3423
Reviewed-by: @ruyadorno
|
