[pull] latest from npm:latest #7
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![pull[bot]](https://avatars.githubusercontent.com/in/12910?s=60&v=4){kind=small}
lukekarrys
force-pushed
the
latest
branch
2 times, most recently
from
591d1d1
to
9e74d3e
Compare
Correct capitalization for URL
Adds a note to the `audit` docs discussing the verification of provenance attestations. Per: npm/documentation#1010 Signed-off-by: Brian DeHamer <bdehamer@github.com>
Fixes #7072 deps: agent-base@7.1.1 chore: add smoke-test for large prod installs
deps: init-package-json@6.0.2 deps: promzard@1.0.1
The ISO 8601 references is broken broken due to `"` appended at the end.
…ier (#7346) There are a bunch of places were we load `semver`, I'm trying to see if I can remove the full import for `semver` and only import the specific functions. Currently, I didn't have any perf improvement since we still load the entire `semver`, once we have removed all the package loads, then we could see some improvement (a little bit).
This PR addresses an issue where CLI flags were not taking precedence over publishConfig settings. To ensure CLI flags have higher priority, properties from the publishConfig object that also exist in CLI flags are filtered out. Related to #6400
Invalid scripts warnings are gone that should not be there
…#7582) Small doc fix. Reviewing the section on `funding` on docs.npmjs.com, I noticed some odd code-block formatting, as well as some opportunities to clarify. The current weirdness:  Glad to see string-or-object worked out.
…bally (#7587) When multiple version of the same package is exist globally either at top level or at any level as a sub dependency, even though the version specified does not exist at top level it was running top level bin since it matches the bin name. This fixes checks for depth of the found node along with already existing specs checks. Fixes: #7486
- closes #7614 ## Issue Examples in the [repository](https://docs.npmjs.com/cli/v10/configuring-npm/package-json#repository) section of the [npm CI > Configuring npm > package.json](https://docs.npmjs.com/cli/v10/configuring-npm/package-json) reference page use the protocol `https`. The examples are: ```json "url": "https://github.com/npm/cli.git" ``` ```json "url": "https://github.com/facebook/react.git" ``` Executing `npm pkg fix` in a repo with a `url` definition and `protocol` using `https` normalizes the protocol to `git+https`. Examples should be aligned with what `npm pkg fix` considers correct and should also be aligned to the list of valid protocols in the [Git URLs as Dependencies](https://docs.npmjs.com/cli/v10/configuring-npm/package-json#git-urls-as-dependencies) section, which states: > `<protocol>` is one of `git`, `git+ssh`, `git+http`, `git+https`, or `git+file`. ## Change 1. `npm/cli.git` Change to ```json "url": "git+https://github.com/npm/cli.git" ``` 2. `facebook/react.git` Since the source example of https://github.com/facebook/react/blob/main/packages/react-dom/package.json does not use the correct `git+https` protocol, use instead ```json "url": "git+https://github.com/npm/cli.git", "directory": "workspaces/libnpmpublish" ```
…7602) When metadata is committed for the first time when there is no package-lock, when target node has the same name field value as target package name and link node also share the same name field, name field is omitted from lock file, in subsequent times when there is already a lock file, it reads target node with name field derived from realpath value of the node and included in lock file. this creates mismatch of lock file between installs. This PR adds additional condition to check if name derived from realpath is the same name as package and adds the name property. Fixes: #7166
It has historically not worked very consistently and we don't have the bandwidth to keep fixing it.
…#7579) <!-- What / Why --> If a node represents a symbolic link or a file dep (node.isLink is true), its target is expected to reference another node in the dependency tree. If the linking is not done correctly or is incomplete, node.target might be null. <!-- Describe the request in detail. What it does and why it's being changed. --> in this PR, a null check is added to ensure node.target is not null or before proceeding, which will prevent causing errors like: `npm error Cannot set properties of null (setting 'peer')` ## References Related to #7065, Fixes #6622, #5007, Closes #6622, #5007
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )