feat: improve npm authentication and plugin health checks during CLI updates

[eablack]

Summary

This PR improves the user experience when updating the Heroku CLI by adding better handling for npm authentication and plugin installation issues. Users previously encountered cryptic npm errors when updating while logged out of npm with private plugins installed. This change proactively detects and handles these scenarios with clear messaging and interactive prompts.

Key Changes

1. Pre-update npm authentication check (hooks/preupdate/check-npm-auth.ts)

• New preupdate hook that runs before the CLI update begins
• Detects private npm plugins by checking package privacy via npm API
• Parallelizes npm API calls in batches of 5 for better performance
• Prompts users to authenticate with npm if private plugins are detected and user is not authenticated
• Provides clear warning messages and recovery instructions if authentication is declined

2. Post-update plugin health check (hooks/update/check-plugin-health.ts)

• New update hook that runs after plugin installation
• Verifies all configured plugins exist in node_modules
• Detects missing plugins that failed to install during update
• Provides detailed recovery instructions with specific commands to reinstall or uninstall affected plugins

3. Reusable npm authentication library (lib/npm-auth.ts)

• Centralized authentication logic with functions: isNpmAvailable(), isAuthenticated(), isPrivatePackage(), login()
• Handles npm's 404 responses for private packages (to avoid leaking package existence)
• Designed for testability with extracted exec/spawn methods

4. Cleanup

• Removed deprecated v6 plugin migration code (hooks/update/plugin-migrate.ts)
• Fixed missing await in hooks/init/terms-of-service.ts
• Fixed resource leak in lib/repl.ts (missing historyStream.close())

Type of Change

Feature Additions (minor semver update)

• feat: Introduces a new feature to the codebase

Testing

Notes:
The hooks integrate into the existing oclif update lifecycle. The check-npm-auth hook runs before the update starts (preupdate), while check-plugin-health runs after plugin installation (update). Both hooks are non-blocking - errors won't prevent updates from completing. Since this is part of the lifecycle, we'll test this once this gets into the beta release.

Steps:

1. Install a private npm plugin: heroku plugins:install @private/some-plugin
2. Log out of npm: npm logout
3. Attempt to update CLI: heroku update
4. Verify the check-npm-auth hook prompts for authentication
5. Choose to authenticate and verify update proceeds successfully
6. Alternatively, choose not to authenticate and verify clear warning message is displayed

To test plugin health check:

1. Manually corrupt a plugin installation (delete from node_modules but leave in package.json)
2. Run heroku update
3. Verify warning message with specific recovery instructions for affected plugins

Related Issues

https://gus.lightning.force.com/lightning/r/ADM_Work__c/a07EE00002VgjNJYAZ/view

[k80bowman]

I'm excited about using hooks for this, I think that's a great idea. And I love the idea of adding the plugin health check as well, that's awesome. I do have a few implementation comments, but this is great. I appreciate you figuring this out.

[k80bowman]

This looks awesome, thank you for all of the fixes!