| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
feat: add --replace-registry-host=<npmjs|always|never>|<hostname>
|
|
Co-authored-by: Gar <gar+gh@danger.computer>
|
|
(#5233)
by passing in the edge we can determine if the edge is overridden, and if it is the path we want to return is the project root since that's what user's will have define their overrides relative to
|
|
overrides (#5227)
when we examine override references, if we look at only `this.from.root.package` the root could actually be a virtual one. in order to ensure we resolve references from the real root, we instead need to look at `this.from.sourceReference.root.package` to get the correct value.
closes #4395
|
|
|
|
feat: add support for dependencies script
this is a new feature that will run the `dependencies` (as well as the `pre` and `post` versions) script any time an npm action makes a change to the installed dependency tree, whether it's adding a new dependency, removing one, or just shuffling things around to dedupe/optimize
|
|
|
|
|
|
* feat(arborist): added flag to omit lockfile resolved
* feat: add flag --omit-lockfile-registry-resolved
Co-authored-by: Caleb ツ Everett <calebev@amazon.com>
|
|
- Fixes running proper lifecycle scripts for linked deps and
workspaces.
- Added test to validate lifecycle scripts don't run twice
for linked deps
- Tweaked "reify workspaces bin files" test to also validate
proper lifecycle scripts ran before check for linked bins.
- Tweaked reify test running lifecycle scripts of unchanged link
nodes to also validate that the install lifecycle scripts are
also called.
Fixes: https://github.com/npm/cli/issues/4277
Fixes: https://github.com/npm/cli/issues/4552
Fixes: https://github.com/npm/statusboard/issues/439
Relates to: https://github.com/npm/cli/issues/2905
|
|
|
|
when set, installLinks instructs arborist to pack and extract a file:
dependency rather than creating a symlink to it. this has the effect of
also installing the dependencies for the linked dependency, though if
local changes are made it also requires the user to reinstall the
package
|
|
this fixes some scenarios where overrides were not being properly
applied, especially those where a node_modules or package-lock.json
already exists
|
|
|
|
.substr() is deprecated so we replace it with .slice() which works similarily but isn't deprecated
Signed-off-by: Tobias Speicher <rootcommander@gmail.com>
|
|
Fixes #3314
|
|
|
|
|
|
|
|
When declaring dependencies to workspaces the common practice is to
refer to their version numbers, currently the cli adds a link reference
instead of the proper semver range when trying to install/declare as a
direct direct dependency one of its own workspaces.
This change fixes it by adding a new condition for handling workspace
edges when saving the current ideal tree.
Relates to: https://github.com/npm/cli/issues/3403
|
|
path separators (#4261)
Co-authored-by: Salvador Jacobi <salvadorj@unity3d.com>
|
|
BREAKING CHANGE: this drops support for the `log` property
|
|
|
|
|
|
|
|
|
|
closes #3637 (#4371)
|
|
When updating dependencies we need an extra check when filtering nodes
to be updated that ensures we do not override semver ranges that are
pointing to an exact version. e.g: =1.0.0, 1.0.0
Fixes: https://github.com/npm/cli/issues/4329
|
|
permissions (#4258)
* fix(arborist): shrinkwrap throws trying to read a folder without permissions
Fix an issue where shrinkwrap throws an error when trying to read
a folder that it doesn't have permissions to, instead of returning
a correct object with an error
|
|
|
|
* feat(arborist): add named updates validation
Arborist update does not support anything other than dependency names,
that is confusing to some users that are used to provide semver ranges
when using `npm install` and other commands.
This changeset adds validation to the values provided as arguments in
`npm update` and will throw a `EUPDATEARGS` error in case the user tries
to use semver ranges, e.g: `npm update abbrev@1.0.0`
Relates to: https://github.com/npm/cli/issues/4240
|
|
Arborist was not loading the actual tree when using named updates for
global updates, that would result in removing all previously installed
deps from a global install anytime the user would try to run
`npm update <pkgname>`.
This changeset fixes the problem by allowing the load of the actual tree
if the `global` and `update.names` options are defined.
Added a few more tests to illustrate but some of the snapshots already
included were actually demonstrating the problem by having empty trees
as result, these are now also updated with the expected tree result.
Fixes: https://github.com/npm/cli/issues/3175
|
|
closes #3637
|
|
Previously `npm update` was not respecting the `save` option, it
would be impossible for users to use `npm update` and automatically
update their `package.json` files.
This fixes it by adding extra steps on `Arborist.reify._saveIdealTree`
to read direct dependencies of any `package.json` and update them as
needed when reifying using the `update` and `save` options.
- Uses config.isDefault to set a different value for the `save` config
for both the update and dedupe commands
- Tweaks arborist to make sure saveIdealTree preserves the behavior of
skipping writing to package-lock.json on save=false for install while
still writing the lockfile for `npm update` with its new default value
of save=false.
- Updated and added some new tests on arborist to cover for these tweaks
- Added `npm update --save` smoke test on cli
Fixes: https://github.com/npm/cli/issues/708
Fixes: https://github.com/npm/cli/issues/2704
Relates to: https://github.com/npm/feedback/discussions/270
|
|
It turns out that `new Arborist().buildIdealTree().meta.toString()` does
not take into account the indentation in the package.json (tabs, in my
case) the way `npm install --package-lock-only` does.
This fixes that. Also included a bonus commit that removes redundant
Promise stuff inside an `async function`.
|
|
shrinkwrap contents without saving (#4181)
|
|
Added libnpm workspaces and arborist
|
