diff --git a/deps/npm/.github/issue_template.md b/deps/npm/.github/issue_template.md index 9ae90298050b6f..f3a5861866a8cc 100644 --- a/deps/npm/.github/issue_template.md +++ b/deps/npm/.github/issue_template.md @@ -40,10 +40,10 @@ before submitting your issue. - Please check if there's a solution in the troubleshooting wiki: - https://github.com/npm/npm/wiki/Troubleshooting + https://github.com/npm/npm/blob/latest/TROUBLESHOOTING.md - Also ensure that your new issue conforms to npm's contribution guidelines: - https://github.com/npm/npm/wiki/Contributing-Guidelines + https://github.com/npm/npm/blob/latest/CONTRIBUTING.md - Participation in this open source project is subject to the npm Code of Conduct: https://www.npmjs.com/policies/conduct diff --git a/deps/npm/.mailmap b/deps/npm/.mailmap index 85eed6222c7efd..7c092c41ca5ae7 100644 --- a/deps/npm/.mailmap +++ b/deps/npm/.mailmap @@ -53,6 +53,7 @@ Ryan Emery Sam Mikes Stephanie Snopek Takaya Kobayashi +Ted Yavuzkurt Thomas Reggi Timo Weiß Tony diff --git a/deps/npm/.travis.yml b/deps/npm/.travis.yml index 6e1950523bdf6a..ea6dedb5ce0eb1 100644 --- a/deps/npm/.travis.yml +++ b/deps/npm/.travis.yml @@ -28,6 +28,8 @@ notifications: cache: directories: - $HOME/.npm + - html/doc + - man - node_modules/.bin - node_modules/.cache - node_modules/deep-equal diff --git a/deps/npm/AUTHORS b/deps/npm/AUTHORS index f267e5024fd900..12e2cce6d3a056 100644 --- a/deps/npm/AUTHORS +++ b/deps/npm/AUTHORS @@ -450,3 +450,12 @@ Daijirō Wachi Dmitry Litvinchenko chocolateboy Henry Zhu +Nate Goldman +Ted Yavuzkurt +Arseniy Maximov +Joshua Bennett +Evgeny Kulikov +Сковорода Никита Андреевич +Carol (Nichols || Goulding) +Jarid Margolin +David Cook diff --git a/deps/npm/CHANGELOG.md b/deps/npm/CHANGELOG.md index 6d1ccc252bdaea..c6dc604bc94c01 100644 --- a/deps/npm/CHANGELOG.md +++ b/deps/npm/CHANGELOG.md @@ -1,3 +1,422 @@ +### v4.5.0 (2017-03-24) + +Welcome a wrinkle on npm's registry API! + +Codename: Corgi + +![corgi-meme](https://cloud.githubusercontent.com/assets/757502/24126107/64c14268-0d89-11e7-871b-d457e6d0082b.jpg) + +This release has some bug fixes, but it's mostly about bringing support for +MUCH smaller package metadata. How much smaller? Well, for npm itself it +reduces 416K of gzip compressed JSON to 24K. + +As a user, all you have to do is update to get to use the new API. If +you're interested in the details we've [documented the +changes](https://github.com/npm/registry/blob/master/docs/responses/package-metadata.md) +in detail. + +#### CORGUMENTS + +Package metadata: now smaller. This means a smaller cache and less to download. + +* [`86dad0d74`](https://github.com/npm/npm/commit/86dad0d747f288eab467d49c9635644d3d44d6f0) + Add support for filtered package metadata. + ([@iarna](https://github.com/iarna)) +* [`41789cffa`](https://github.com/npm/npm/commit/41789cffac9845603f4bdf3f5b03f412144a0e9f) + `npm-registry-client@8.1.0` + ([@iarna](https://github.com/iarna)) + +#### NO SHRINKWRAP, NO PROBLEM + +Previously we needed to extract every package's tarball to look for an +`npm-shrinkwrap.json` before we could begin working through what its +dependencies were. This was one of the things stopping npm's network +accesses from happening more concurrently. The new filtered package +metadata provides a new key, `_hasShrinkwrap`. When that's set to `false` +then we know we don't have to look for one. + +* [`4f5060eb3`](https://github.com/npm/npm/commit/4f5060eb31b9091013e1d6a34050973613a294a3) + [#15969](https://github.com/npm/npm/pull/15969) + Add support for skipping `npm-shrinkwrap.json` extraction when the + registry can affirm that one doesn't exist. + ([@iarna](https://github.com/iarna)) + +#### INTERRUPTING SCRIPTS + +* [`878aceb25`](https://github.com/npm/npm/commit/878aceb25e6d6052dac15da74639ce274c8e62c5) + [#16129](https://github.com/npm/npm/pull/16129) + Better handle Ctrl-C while running scripts. `npm` will now no longer exit + until the script it is running has exited. If you press Ctrl-C a second + time it kill the script rather than just forwarding the Ctrl-C. + ([@jaridmargolin](https://github.com/jaridmargolin)) + +#### DEPENDENCY UPDATES: + +* [`def75eebf`](https://github.com/npm/npm/commit/def75eebf1ad437bf4fd3f5e103cc2d963bd2a73) + `hosted-git-info@2.4.1`: + Preserve case of the user name part of shortcut specifiers, previously they were lowercased. + ([@iarna](https://github.com/iarna)) +* [`eb3789fd1`](https://github.com/npm/npm/commit/eb3789fd18cfb063de9e6f80c3049e314993d235) + `node-gyp@3.6.0`: Add support for VS2017 and Chakracore improvements. + ([@refack](https://github.com/refack)) + ([@kunalspathak](https://github.com/kunalspathak)) +* [`245e25315`](https://github.com/npm/npm/commit/245e25315524b95c0a71c980223a27719392ba75) + `readable-stream@2.2.6` ([@mcollina](https://github.com/mcollina)) +* [`30357ebc5`](https://github.com/npm/npm/commit/30357ebc5691d7c9e9cdc6e0fe7dc6253220c9c2) + `which@1.2.14` ([@isaacs](https://github.com/isaacs)) + +### v4.4.4 (2017-03-16) + +😩😤😅 Okay! We have another `next` +release for ya today. So, yes! With v4.4.3 we fixed the bug that made +bundled scoped modules uninstallable. But somehow I overlooked the fact +that we: A) were using these and B) that made upgrading to v4.4.3 impossible. 😭 + +So I've renamed those two scoped modules to no longer use scopes and we now +have a shiny new test to ensure that scoped modules don't creep into our +transitive deps and make it impossible to upgrade to `npm`. + +(None of our woes applies to most of you all because most of you all don't +use bundled dependencies. `npm` does because we want the published artifact to be +installable without having to already have `npm`.) + +* [`2a7409fcb`](https://github.com/npm/npm/commit/2a7409fcba6a8fab716c80f56987b255983e048e) + [#16066](https://github.com/npm/npm/pull/16066) + Ensure we aren't using any scoped modules + Because `npm`s prior 4.4.3 can't install dependencies that have bundled scoped + modules. This didn't show up sooner because they ALSO had a bug that caused + bundled scoped modules to not be included in the bundle. + ([@iarna](https://github.com/iarna)) +* [`eb4c70796`](https://github.com/npm/npm/commit/eb4c70796c38f24ee9357f5d4a0116db582cc7a9) + [#16066](https://github.com/npm/npm/pull/16066) + Switch to move-concurrently to remove scoped dependency + ([@iarna](https://github.com/iarna)) + +### v4.4.3 (2017-03-15) + +This is a small patch release, mostly because the published tarball for +v4.4.2 was missing a couple of modules, due to a bug involving scoped +modules, bundled dependencies and legacy tree layouts. + +There are a couple of other things here that happened to be ready to go. So +without further ado… + +#### BUG FIXES + +* [`3d80f8f70`](https://github.com/npm/npm/commit/3d80f8f70679ad2b8ce7227d20e8dbce257a47b9) + [npm/fs-vacuum#6](https://github.com/npm/fs-vacuum/pull/6) + `fs-vacuum@1.2.1`: Make sure we never, ever remove home directories. Previously if your + home directory was entirely empty then we might `rmdir` it. + ([@helio-frota](https://github.com/helio-frota)) +* [`1af85ca9f`](https://github.com/npm/npm/commit/1af85ca9f4d625f948e85961372de7df3f3774e2) + [#16040](https://github.com/npm/npm/pull/16040) + Fix bug where bundled transitive dependencies that happened to be + installed under bundled scoped dependencies wouldn't be included in the + tarball when building a package. + ([@iarna](https://github.com/iarna)) +* [`13c7fdc2e`](https://github.com/npm/npm/commit/13c7fdc2e87456a87b1c9385a3daeae228ed7c95) + [#16040](https://github.com/npm/npm/pull/16040) + Fix a bug where bundled scoped dependencies couldn't be extracted. + ([@iarna](https://github.com/iarna)) +* [`d6cde98c2`](https://github.com/npm/npm/commit/d6cde98c2513fe160eab41e31c3198dfde993207) + [#16040](https://github.com/npm/npm/pull/16040) + Stop printing `ENOENT` errors more than once. + ([@iarna](https://github.com/iarna)) +* [`722fbf0f6`](https://github.com/npm/npm/commit/722fbf0f6cf4413cdc24b610bbd60a7dbaf2adfe) + [#16040](https://github.com/npm/npm/pull/16040) + Rewrite the `extract` action for greater clarity. + Specifically, this involves moving things around structurally to do the same + thing [`d0c6d194`](https://github.com/npm/npm/commit/d0c6d194) did, but in a more comprehensive manner. + This also fixes a long standing bug where errors from the move step would be + eaten during this phase and as a result we would get mysterious crashes in + the finalize phase when finalize tried to act on them. + ([@iarna](https://github.com/iarna)) +* [`6754dabb6`](https://github.com/npm/npm/commit/6754dabb6bd3301504efb3b62f36d3fe70958c19) + [#16040](https://github.com/npm/npm/pull/16040) + Flatten out `@npmcorp/move`'s deps for backwards compatibility reasons. Versions prior to this + one will fail to install any package that bundles a scoped dependency. This was responsible + for `ENOENT` errors during the `finalize` phase. + ([@iarna](https://github.com/iarna)) + +#### DOC UPDATES + +* [`fba51c582`](https://github.com/npm/npm/commit/fba51c582d1d08dd4aa6eb27f9044dddba91bb18) + [#15960](https://github.com/npm/npm/pull/15960) + Update troubleshooting and contribution guide links. + ([@watilde](https://github.com/watilde)) + + +### v4.4.2 (2017-03-09): + +This week, the focus on the release was mainly going through [all of npm's deps +that we manage +ourselves](https://github.com/npm/npm/wiki/npm-maintained-dependencies), and +making sure all their PRs and versions were up to date. That means there's a few +fixes here and there. Nothing too big codewise, though. + +The most exciting part of this release is probably our [shiny new +Contributing](https://github.com/npm/npm/blob/latest/CONTRIBUTING.md) and +[Troubleshooting](https://github.com/npm/npm/blob/latest/TROUBLESHOOTING.md) +docs! [@snopeks](https://github.com/snopeks) did some ✨fantastic✨ work hashing it +out, and we're really hoping this is a nice big step towards making contributing +to npm easier. The troubleshooting doc will also hopefully solve common issues +for people! Do you think something is missing from it? File a PR and we'll add +it! The current document is just a baseline for further editing and additions. + +Also there's maybe a bit of an easter egg in this release. 'Cause those are fun and I'm a huge nerd. 😉 + +#### DOCUMENTATION AHOY + +* [`07e997a`](https://github.com/npm/npm/commit/07e997a7ecedba7b29ad76ffb2ce990d5c0200fc) + [#15756](https://github.com/npm/npm/pull/15756) + Overhaul `CONTRIBUTING.md` and add new `TROUBLESHOOTING.md` files. 🙌🏼 + ([@snopeks](https://github.com/snopeks)) +* [`2f3e4b6`](https://github.com/npm/npm/commit/2f3e4b645cdc268889cf95ba24b2aae572d722ad) + [#15833](https://github.com/npm/npm/pull/15833) + Mention the [24-hour unpublish + policy](http://blog.npmjs.org/post/141905368000/changes-to-npms-unpublish-policy) + on the main registry. + ([@carols10cents](https://github.com/carols10cents)) + +#### NOT REALLY FEATURES, NOT REALLY BUGFIXES. MORE LIKE TWEAKS? 🤔 + +* [`84be534`](https://github.com/npm/npm/commit/84be534aedb78c65cd8012427fc04871ceeccf90) + [#15888](https://github.com/npm/npm/pull/15888) + Stop flattening `ls`-tree output. From now on, deduped deps will be marked as + such in the place where they would've been before getting hoisted by the + installer. + ([@iarna](https://github.com/iarna)) +* [`e9a5dca`](https://github.com/npm/npm/commit/e9a5dca369ead646ab5922326cede1406c62bd3b) + [#15967](https://github.com/npm/npm/pull/15967) + Limit metadata fetches to 10 concurrent requests. + ([@iarna](https://github.com/iarna)) +* [`46aa9bc`](https://github.com/npm/npm/commit/46aa9bcae088740df86234fc199f7aef53b116df) + [#15967](https://github.com/npm/npm/pull/15967) + Limit concurrent installer actions to 10. + ([@iarna](https://github.com/iarna)) + +#### BUGFIXES + +* [`c3b994b`](https://github.com/npm/npm/commit/c3b994b71565eb4f943cce890bb887d810e6e2d4) + [#15901](https://github.com/npm/npm/pull/15901) + Use EXDEV aware move instead of rename. This will allow moving across devices + and moving when filesystems don't support renaming directories full of files. It might make folks using Docker a bit happier. + ([@iarna](https://github.com/iarna)) +* [`0de1a9c`](https://github.com/npm/npm/commit/0de1a9c1db90e6705c65c068df1fe82899e60d68) + [#15735](https://github.com/npm/npm/pull/15735) + Autocomplete support for npm scripts with `:` colons in the name. + ([@beyondcompute](https://github.com/beyondcompute)) +* [`84b0b92`](https://github.com/npm/npm/commit/84b0b92e7f78ec4add42e8161c555325c99b7f98) + [#15874](https://github.com/npm/npm/pull/15874) + Stop using [undocumented](https://github.com/nodejs/node/pull/11355) + `res.writeHeader` alias for `res.writeHead`. + ([@ChALkeR](https://github.com/ChALkeR)) +* [`895ffe4`](https://github.com/npm/npm/commit/895ffe4f3eecd674796395f91c30eda88aca6b36) + [#15824](https://github.com/npm/npm/pull/15824) + Fix empty versions column in `npm search` output. + ([@bcoe](https://github.com/bcoe)) +* [`38c8d7a`](https://github.com/npm/npm/commit/38c8d7adc1f43ab357d1e729ae7cd5d801a26e68) + `init-package-json@1.9.5`: [npm/init-package-json#61](https://github.com/npm/init-package-json/pull/61) Exclude existing `devDependencies` from being added to `dependencies`. Fixes [#12260](https://github.com/npm/npm/issues/12260). + ([@addaleax](https://github.com/addaleax)) + +### v4.4.1 (2017-03-06): + +This is a quick little patch release to forgo the update notification +checker if you're on an unsuported (but not otherwise broken) version of +Node.js. Right now that means 0.10 or 0.12. + +* [`56ac249`](https://github.com/npm/npm/commit/56ac249ef8ede1021f1bc62a0e4fe1e9ba556af2) + [#15864](https://github.com/npm/npm/pull/15864) + Only use `update-notifier` on supported versions. + ([@legodude17](https://github.com/legodude17)) + +### v4.4.0 (2017-02-23): + +Aaaah, [@iarna](https://github.com/iarna) here, it's been a little while +since I did one of these! This is a nice little release, we've got an +update notifier, vastly less verbose error messages, new warnings on package +metadata that will probably give you a bad day, and a sprinkling of bug +fixes. + +#### UPDATE NOTIFICATIONS + +We now have a little nudge to update your `npm`, courtesy of +[update-notifier](https://www.npmjs.com/package/update-notifier). + +* [`148ee66`](https://github.com/npm/npm/commit/148ee663740aa05877c64f16cdf18eba33fbc371) + [#15774](https://github.com/npm/npm/pull/15774) + `npm` will now check at start up to see if a newer version is available. + It will check once a day. If you want to disable this, set `optOut` to `true` in + `~/.config/configstore/update-notifier-npm.json`. + ([@ceejbot](https://github.com/ceejbot)) + +#### LESS VERBOSE ERROR MESSAGES + +`npm` has, for a long time, had very verbose error messages. There was a +lot of info in there, including the cause of the error you were seeing but +without a lot of experience reading them pulling that out was time consuming +and difficult. + +With this change the output is cut down substantially, centering the error +message. So, for example if you try to `npm run sdlkfj` then the entire +error you'll get will be: + +``` +npm ERR! missing script: sldkfj + +npm ERR! A complete log of this run can be found in: +npm ERR! /Users/rebecca/.npm/_logs/2017-02-24T00_41_36_988Z-debug.log +``` + +The CLI team has discussed cutting this down even further and stripping the +`npm ERR!` prefix off those lines too. We'd appreciate your feedback on +this! + +* [`e544124`](https://github.com/npm/npm/commit/e544124592583654f2970ec332003cfd00d04f2b) + [#15716](https://github.com/npm/npm/pull/15716) + Make error output less verbose. + ([@iarna](https://github.com/iarna)) +* [`166bda9`](https://github.com/npm/npm/commit/166bda97410d0518b42ed361020ade1887e684af) + [#15716](https://github.com/npm/npm/pull/15716) + Stop encouraging users to visit the issue tracker unless we know for + certain that it's an npm bug. + ([@iarna](https://github.com/iarna)) + +#### OTHER NEW FEATURES + +* [`53412eb`](https://github.com/npm/npm/commit/53412eb22c1c75d768e30f96d69ed620dfedabde) + [#15772](https://github.com/npm/npm/pull/15772) + We now warn if you have a module listed in both dependencies and + devDependencies. + ([@TedYav](https://github.com/TedYav)) +* [`426b180`](https://github.com/npm/npm/commit/426b1805904a13bdc5c0dd504105ba037270cbee) + [#15757](https://github.com/npm/npm/pull/15757) + Default reporting metrics to default registry. Previously it defaulted to using + `https://registry.npmjs.org`, now it will default to the result of + `npm config get registry`. For most folks this won't actually change anything, but it + means that folks who use a private registry will have metrics routed there by default. + This has the potential to be interesting because it means that in the + future private registry products ([npme](https://npme.npmjs.com/docs/)!) + will be able to report on these metrics. + ([@iarna](https://github.com/iarna)) + +#### BUG FIXES + +* [`8ea0de9`](https://github.com/npm/npm/commit/8ea0de98563648ba0db032acd4d23d27c4a50a66) + [#15716](https://github.com/npm/npm/pull/15716) + Write logs for `cb() never called` errors. +* [`c4e83dc`](https://github.com/npm/npm/commit/c4e83dca830b24305e3cb3201a42452d56d2d864) + Make it so that errors while reading the existing node_modules tree can't + result in installer crashes. + ([@iarna](https://github.com/iarna)) +* [`2690dc2`](https://github.com/npm/npm/commit/2690dc2684a975109ef44953c2cf0746dbe343bb) + Update `npm doctor` to not treat broken symlinks in your global modules as + a permission failure. This is particularly important if you link modules and your text + editor uses the convention of creating symlinks from `.#filename.js` to a + machine name and pid to lock files (eg emacs and compatible things). + ([@iarna](https://github.com/iarna)) +* [`f4c3f48`](https://github.com/npm/npm/commit/f4c3f489aa5787cf0d60e8436be2190e4b0d0ff7) + [#15777](https://github.com/npm/npm/pull/15777) + Not exactly a bug, but change a parameterless `.apply` to `.call`. + ([@notarseniy](https://github.com/notarseniy)) + +#### DEPENDENCY UPDATES + +* [`549dcff`](https://github.com/npm/npm/commit/549dcff58c7aaa1e7ba71abaa14008fdf2697297) + `rimraf@2.6.0`: + Retry EBUSY, ENOTEMPTY and EPERM on non-Windows platforms too. + More reliable `rimraf.sync` on Windows. + ([@isaacs](https://github.com/isaacs)) +* [`052dfb6`](https://github.com/npm/npm/commit/052dfb623da508f2b5f681da0258125552a18a4a) + `validate-npm-package-name@3.0.0`: + Remove ableist language in README. + Stop allowing ~'!()* in package names. + ([@tomdale](https://github.com/tomdale)) + ([@chrisdickinson](https://github.com/chrisdickinson)) +* [`6663ea6`](https://github.com/npm/npm/commit/6663ea6ac0f0ecec5a3f04a3c01a71499632f4dc) + `abbrev@1.1.0` ([@isaacs](https://github.com/isaacs)) +* [`be6de9a`](https://github.com/npm/npm/commit/be6de9aab9e20b6eac70884e8626161eebf8721a) + `opener@1.4.3` ([@dominic](https://github.com/dominic)) +* [`900a5e3`](https://github.com/npm/npm/commit/900a5e3e3411ec221306455f99b24b9ce35757c0) + `readable-stream@2.2.3` ([@RangerMauve](https://github.com/RangerMauve)) ([@mcollina](https://github.com/mcollina)) +* [`c972a8b`](https://github.com/npm/npm/commit/c972a8b0f20a61a79c45b6642f870bea8c55c7e4) + `tacks@1.2.6` + ([@iarna](https://github.com/iarna)) +* [`85a36ef`](https://github.com/npm/npm/commit/85a36efdac0c24501876875cb9ad40292024e0b0) + [`7ac9265`](https://github.com/npm/npm/commit/7ac9265c56b4d9eeaca6fcfb29513f301713e7bb) + `tap@10.2.0` + ([@isaacs](https://github.com/saacs)) + +### v4.3.0 (2017-02-09): + +Yay! Release time! It's a rainy day, and we have another smallish release for +y'all. These things are not necessarily related. Or are they 🌧🤔 + +As far as news go, you may have noticed that the CLI team dropped support for +`node@0.12` when that version went out of maintenance. Still, we've avoided +explicitly breaking it and `node@0.10` so far -- but not much longer. + +Sometime soon, the CLI team plans on switching over to language features only +available as of `node@4 LTS`, and will likely start dropping old versions of node +as they go out of maintenance. The new features are exciting! We're really +looking forward to using them in the core CLI (and its dependencies) as we keep up +with our current feature work. + +And speaking of features, this release is a minor bump due to a small change in +how `npm login` works for the sake of supporting OAuth-based login for npm +Enterprise users. But we won't leave the rest of y'all out -- we're working on a +larger version of this feature. Soon enough, you'll be able to log in to npm +with, say, GitHub -- and use some shiny features that come from the integration. +Or turn on 2FA and other such security features. Keep your eyes peeled for new +on this in the next few releases and our weekly newsletter! + +#### NEW AUTH TYPES + +There's a new command line option: `--auth-type`, which can be used to log in to +a supporting registry with OAuth2 or SAML. The current implementation is mainly +meant to support npmE customers, so if you're one of those: ask us about using +it! If not, just hold off cause we'll have a much more complete version of this +feature out soon. + +* [`ac8595e`](https://github.com/npm/npm/commit/ac8595e3c9b615ff95abc3301fac1262c434792c) [`bcf2dd8`](https://github.com/npm/npm/commit/bcf2dd8a165843255c06515fa044c6e4d3b71ca4) [`9298d20`](https://github.com/npm/npm/commit/9298d20af58b92572515bfa9cf7377bd4221dc7d) [`66b61bc`](https://github.com/npm/npm/commit/66b61bc42e81ee8a1ee00fc63517f62284140688) [`dc85de7`](https://github.com/npm/npm/commit/dc85de7df6bb61f7788611813ee82ae695a18f1f) + [#13389](https://github.com/npm/npm/pull/13389) + Implement single-sign-on support with `--auth-type` option. + ([@zkat](https://github.com/zkat)) + +#### FASTER STARTUP. SOMETIMES! + +`request` is pretty heavy. And it loads a bunch of things. It's actually a +pretty big chunk of npm's load time. This small patch by Rebecca will make it so +npm only loads that module when we're actually intending to make network +requests. Those of you who use npm commands that run offline might see a small +speedup in startup time. + +* [`ac73568`](https://github.com/npm/npm/commit/ac735682e666e8724549d56146821f3b8b018e25) + [#15631](https://github.com/npm/npm/pull/15631) + Lazy load `caching-registry-client`. + ([@iarna](https://github.com/iarna)) + +#### DOCUMENTATION + +* [`4ad9247`](https://github.com/npm/npm/commit/4ad9247aa82f7553c9667ee93c74ec7399d6ceec) + [#15630](https://github.com/npm/npm/pull/15630) + Fix formatting/rendering for root npm README. + ([@ungoldman](https://github.com/ungoldman)) + +#### DEPENDENCY UPDATES + +* [`8cc1112`](https://github.com/npm/npm/commit/8cc1112958638ff88ac2c24c4a065acacb93d64b) + [npm/hosted-git-info#21](https://github.com/npm/hosted-git-info/pull/21) + `hosted-git-info@2.2.0`: + Add support for `.tarball()` URLs. + ([@zkat](https://github.com/zkat)) +* [`6eacc1b`](https://github.com/npm/npm/commit/6eacc1bc1925fe3cc79fc97bdc3194d944fce55e) + `npm-registry-mock@1.1.0` + ([@addaleax](https://github.com/addaleax)) +* [`a9b6d77`](https://github.com/npm/npm/commit/a9b6d775e61cf090df0e13514c624f99bf31d1e7) + `aproba@1.1.1` + ([@iarna](https://github.com/iarna)) + ### v4.2.0 (2017-01-26): Hi all! I'm Kat, and I'm currently sitting in a train traveling at ~300km/h diff --git a/deps/npm/CONTRIBUTING.md b/deps/npm/CONTRIBUTING.md index 73049a495e1f7a..9fb7853af86ea3 100644 --- a/deps/npm/CONTRIBUTING.md +++ b/deps/npm/CONTRIBUTING.md @@ -1,12 +1,82 @@ -## Before you submit a new issue - -* Check if there's a simple solution in the - [Troubleshooting](https://github.com/npm/npm/wiki/Troubleshooting) - wiki. -* [Search for similar - issues](https://github.com/npm/npm/search?q=Similar%20issues&type=Issues). -* Ensure your new issue conforms to the [Contributing - Guidelines](https://github.com/npm/npm/wiki/Contributing-Guidelines). - -Participation in this open source project is subject to the [npm Code -of Conduct](http://www.npmjs.com/policies/conduct). +# npm CLI Contributor Roles and Responsibilities + +## Table of Contents + +* [Introduction](#introduction) +* [Roles](#roles) + * [Community Members](#community-members) + * [Collaborators](#collaborators) + * [npm, Inc Employeees](#npm-inc-employees) + + +## Introduction + +Welcome to the npm CLI Contributor Guide! This document outlines the npm CLI repository's process for community interaction and contribution. This includes the issue tracker, pull requests, wiki pages, and, to a certain extent, outside communication in the context of the npm CLI. It defines roles, responsibilities, and procedures, and is an entry point for anyone wishing to contribute their time and effort to making npm a better tool for the JavaScript community! + +All interactions in the npm repository are covered by the [npm Code of Conduct](https://www.npmjs.com/policies/conduct) + +## Roles + +There are three main roles for people participating in the npm issue tracker. Each has a specific set of abilities and responsibilities: [Community members](#community-members), [Collaborators](#collaborators), and [npm, Inc employees](#npm-inc-employees). + +Failure to comply with the expected responsibilities of each role, or violating the Code of Conduct will result in punitive action relative to the transgression, ranging from a warning to full removal from the project, at the discretion of npm employees. + +### Community Members + +This includes anyone who may show up to the npm/npm repo with issues, PRs, comments etc. They may not have any other involvement with npm. + +#### Abilities + +* Open issues and PRs +* Comment on issues and PRs + +#### Responsibilities + +* Comment on issues when they have a reference to the answer. +* If community members aren't sure they are correct and don't have a reference to the answer, please leave the issue and try another one. +* Defer to collaborators and npm employees for answers. +* Make sure to search for [the troubleshooting doc](./TROUBLESHOOTING.md) and search on the issue tracker for similar issues before opening a new one. +* Any users with urgent support needs are welcome to email support@npmjs.com, and our dedicated support team will be happy to help. + +PLEASE don't @ collaborators or npm employees on issues. The CLI team is small, and has many outstanding commitments to fulfill. + +### Collaborators + +These are folks who have the ability to label and close issues. The role of collaborators may expand over time, but for now it is a limited (& important) role. This is an excellent way to contribute to npm without writing code. + +Community members may become collaborators by showing consistent, proven track record of quality contributions to the project, a reasonable level of proficiency with the CLI, and regular participation through the tracker and other related mediums, including regular contact with the CLI team itself. This role entails a higher level of responsibility than community member, so we ask for a higher level of understanding and commitment. + +Collaborators who become inactive for 3 months or longer may have their collaborator privileges removed until they are ready to return. + +#### Abilities + +* Label/triage new issues +* Respond to ongoing issues +* Close resolved issues. + +#### Responsibilities + +* Only answer questions when they know the answer, and provide a reference to the answer. +* If collaborators aren't totally confident about their answer, please leave the issue and try another one. +* If they've responded to an issue, it becomes their responsibility to see it to resolution. +* Close issues if there's no response within a month. +* Defer to fellow Collaborators & npm employees for answers (Again, please don't @ collaborators or npm employees, thank you!) +* Make sure to search for [the troubleshooting doc](./TROUBLESHOOTING.md) and search on the issue tracker for similar issues before opening a new one. + +### npm, Inc Employees + +Folks who work at npm, Inc, who have a responsibility to ensure the stability and functionality of the tools npm offers. + +#### Abilities +* Label/triage new issues +* Respond to ongoing issues +* Close resolved issues +* Land PRs + +Please note that this is a living document, and the CLI team will put up PRs to it as needed. + +#### Responsibilities + +* Preserve and promote the health of the CLI, the registry, the website, etc. + +In special cases, [Collaborators](#collaborators) may request time to speak with an npm employee directly, by contacting them and coordinating a time/place. diff --git a/deps/npm/README.md b/deps/npm/README.md index 2237414a5457f0..1ba66e46ae59ec 100644 --- a/deps/npm/README.md +++ b/deps/npm/README.md @@ -1,6 +1,8 @@ npm(1) -- a JavaScript package manager ============================== + [![Build Status](https://img.shields.io/travis/npm/npm/latest.svg)](https://travis-ci.org/npm/npm) + ## SYNOPSIS This is just enough info to get you up and running. @@ -86,7 +88,7 @@ experience if you run a recent version of npm. To upgrade, either use [Microsoft upgrade tool](https://github.com/felixrieseberg/npm-windows-upgrade), [download a new version of Node](https://nodejs.org/en/download/), or follow the Windows upgrade instructions in the -[npm Troubleshooting Guide](https://github.com/npm/npm/wiki/Troubleshooting#upgrading-on-windows). +[npm Troubleshooting Guide](./TROUBLESHOOTING.md). If that's not fancy enough for you, then you can fetch the code with git, and mess with it directly. diff --git a/deps/npm/TROUBLESHOOTING.md b/deps/npm/TROUBLESHOOTING.md new file mode 100644 index 00000000000000..0320075c512a21 --- /dev/null +++ b/deps/npm/TROUBLESHOOTING.md @@ -0,0 +1,192 @@ +# Troubleshooting Common Issues + +## Using this Document + +Search for the error message you're getting and see if there's a match, or skim the [table of contents](#table-of-contents) below for topics that seem relevant to the issue you're having. Each issue section has steps to work around or fix the particular issue, and have examples of common error messages. + +If you do not find the issue below, try searching the issue tracker itself for potential duplicates before opening a new issue. + +If you're reading this document because you noticed an issue with npm's web site, please let the [web team](https://github.com/npm/www/issues) know. + +### Updating this Document + +If you think something should be added here, make a PR that includes the following: + +0. a summary +0. one or more example errors +0. steps to debug and fix +0. links to at least one related issue from the tracker + +For more details of the content and formatting of these entries, refer to examples below. + +## Table of Contents + +* [Upgrading npm](#upgrading-npm) +* [Proxies and Networking](#proxy-and-networking-issues) +* [Cannot find module](#cannot-find-module) +* [Shasum Check Fails](#shasum-check-fails) +* [No Git](#no-git) + +## Upgrading npm + +Whenever you get npm errors, it's a good idea to first check your npm version and upgrade to latest whenever possible. We still see people running npm@1 (!) and in those cases, installing the latest version of npm usually solves the problem. + +You can check your npm version by running `npm -v`. + +### Steps to Fix +* Upgrading on \*nix (OSX, Linux, etc.) + +(You may need to prefix these commands with sudo, especially on Linux, or OS X if you installed Node using its default installer.) +You can upgrade to the latest version of npm using: +`npm install -g npm@latest` +Or upgrade to the most recent LTS release: +`npm install -g npm@lts` + +* Upgrading on Windows + +We have a [detailed guide](https://github.com/npm/npm/wiki/Troubleshooting#upgrading-on-windows) for upgrading on windows on our wiki. + +## Proxy and Networking Issues + +npm might not be able to connect to the registry for various reasons. Perhaps your machine is behind a firewall that needs to be opened, or you require a corporate proxy to access the npm registry. This issue can manifest in a wide number of different ways. Usually, strange network errors are an instance of this specific problem. + +Sometimes, users may have install failures due to Git/Github access issues. Git/GitHub access is separate from npm registry access. For users in some locations (India in particular), problems installing packages may be due to connectivity problems reaching GitHub and not the npm registry. + +If you believe your network is configured and working correctly, and you're still having problems installing, please let the [registry team](https://github.com/npm/registry/issues) know you're having trouble. + +### Steps to Fix + +0. Make sure you have a working internet connection. Can you reach https://registry.npmjs.org? Can you reach other sites? If other sites are unreachable, this is not a problem with npm. + +0. Check http://status.npmjs.org/ for any potential current service outages. + +0. If your company has a process for domain whitelisting for developers, make sure https://registry.npmjs.org is a whitelisted domain. + +0. If you're in China, consider using https://npm.taobao.org/ as a registry, which sits behind the Firewall. + +0. On Windows, npm does not access proxies configured at the system level, so you need to configure them manually in order for npm to access them. Make sure [you have added the appropriate proxy configuration to `.npmrc`](https://docs.npmjs.com/misc/config#https-proxy). + +0. If you already have a proxy configured, it might be configured incorrectly or use the wrong credentials. Verify your credentials, test the specific credentials with a separate application. + +0. The proxy itself, on the server, might also have a configuration error. In this case, you'll need to work with your system administrator to verify that the proxy, and HTTPS, are configured correctly. You may test it by running regular HTTPS requests. + +### Example Errors + +This error can manifest in a wide range of different ways: + +``` +npm ERR! code UNABLE_TO_VERIFY_LEAF_SIGNATURE +npm ERR! unable to verify the first certificate +``` +``` +npm ERR! code UNABLE_TO_GET_ISSUER_CERT_LOCALLY +npm ERR! unable to get local issuer certificate +``` +``` +npm ERR! code DEPTH_ZERO_SELF_SIGNED_CERT +npm ERR! self signed certificate +``` +``` +124 error code ECONNREFUSED +125 error errno ECONNREFUSED +126 error syscall connect +``` +``` +136 error Unexpected token < +136 error +136 error +136 error ERROR: Cache Access Denied +``` +``` +31 verbose stack Error: connect ETIMEDOUT 123.123.123.123:443 +``` +``` +108 error code EAI_AGAIN +109 error errno EAI_AGAIN +110 error syscall getaddrinfo +111 error getaddrinfo EAI_AGAIN proxy.yourcorp.com:811 +``` +``` +npm ERR! Error: getaddrinfo ESRCH +npm ERR! at errnoException (dns.js:37:11) +npm ERR! at Object.onanswer as oncomplete +``` +``` +35 error Unexpected token u +35 error function FindProxyForURL(url, host) { +``` + +### Related issues +* [#14318](https://github.com/npm/npm/issues/14318) +* [#15059](https://github.com/npm/npm/issues/15059) +* [#14336](https://github.com/npm/npm/issues/14336) + +## Cannot find module + +If *when running npm* (not your application), you get an error about a module not being found, this almost certainly means that there's something wrong with your npm installation. + +If this happens when trying to start your application, you might not have installed your package's dependencies yet. + +### Steps to Fix + +0. If this happens when you try to start your application, try running `npm install` to install the app's dependencies. Make sure all its actual dependencies are listed in `package.json` + +0. If this happens on any npm command, please reinstall. + +### Examples + +``` +module.js:338 + throw err; + ^ +Error: Cannot find module +``` +### Related Issues + +* [#14699](https://github.com/npm/npm/issues/14699) + +## Shasum Check Fails + +This is a common issue which used to be caused by caching issues. Nowadays, the cache has been improved, so it's likely to be an install issue, which can be caused by network problems (sometimes even [proxy issues](#proxy-and-networking-issues)), a node bug, or possibly some sort of npm bug. + +### Steps to Fix + +0. Try running `npm install` again. It may have been a momentary hiccup or corruption during package download. + +0. Check http://status.npmjs.org/ for any potential current service outages. + +0. If the shasum error specifically has `Actual: da39a3ee5e6b4b0d3255bfef95601890afd80709`, with this exact shasum, it means the package download was empty, which is certainly a networking issue. + +0. Make sure your [network connection and proxy settings](#proxy-and-networking-issues) are ok. + +0. Update your node version to the latest stable version. + +### Examples + +``` +npm ERR! shasum check failed for C:\Users\some-user\AppData\Local\Temp\npm-9356-7 +d74e411\registry.npmjs.org\some-package\-\some-package-1.0.0.tgz +npm ERR! Expected: 652294c14651db29fa93bd2d5ff2983a4f08c636 +npm ERR! Actual: c45474b40e6a7474633ec6f2b0315feaf15c61f2 +npm ERR! From: https://registry.npmjs.org/some-package/-/some-package-1.0.0.tgz +``` + +### Related Issues +* [#14720](https://github.com/npm/npm/issues/14720) +* [#13405](https://github.com/npm/npm/issues/13405) + +## No Git +If your install fails and you see a message saying you don't have git installed, it should be resolved by installing git. + +### Steps to Fix + +0. [Install git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git) following the instructions for your machine. + +### Examples + +npm ERR! not found: git +ENOGIT + +### Related Issues + +* [#11095](https://github.com/npm/npm/issues/11095) diff --git a/deps/npm/bin/npm-cli.js b/deps/npm/bin/npm-cli.js index 8c8fa8031efe3b..14937d64f2bc02 100755 --- a/deps/npm/bin/npm-cli.js +++ b/deps/npm/bin/npm-cli.js @@ -25,10 +25,17 @@ unsupported.checkForUnsupportedNode() + if (!unsupported.checkVersion(process.version).unsupported) { + var updater = require('update-notifier') + var pkg = require('../package.json') + updater({pkg: pkg}).notify({defer: true}) + } + var path = require('path') var npm = require('../lib/npm.js') var npmconf = require('../lib/config/core.js') var errorHandler = require('../lib/utils/error-handler.js') + var output = require('../lib/utils/output.js') var configDefs = npmconf.defs var shorthands = configDefs.shorthands @@ -74,6 +81,12 @@ conf._exit = true npm.load(conf, function (er) { if (er) return errorHandler(er) - npm.commands[npm.command](npm.argv, errorHandler) + npm.commands[npm.command](npm.argv, function (err) { + // https://www.youtube.com/watch?v=7nfPu8qTiQU + if (!err && npm.config.get('ham-it-up')) { + output('\n 🎵 I Have the Honour to Be Your Obedient Servant,🎵 ~ npm 📜🖋\n') + } + errorHandler.apply(this, arguments) + }) }) })() diff --git a/deps/npm/doc/cli/npm-adduser.md b/deps/npm/doc/cli/npm-adduser.md index 5a53bdd8e2e2ca..72433e00f74832 100644 --- a/deps/npm/doc/cli/npm-adduser.md +++ b/deps/npm/doc/cli/npm-adduser.md @@ -3,7 +3,7 @@ npm-adduser(1) -- Add a registry user account ## SYNOPSIS - npm adduser [--registry=url] [--scope=@orgname] [--always-auth] + npm adduser [--registry=url] [--scope=@orgname] [--always-auth] [--auth-type=legacy] aliases: login, add-user @@ -66,6 +66,15 @@ different hostnames. See `always-auth` in `npm-config(7)` for more details on always-auth. Registry-specific configuration of `always-auth` takes precedence over any global configuration. +### auth-type + +* Default: `'legacy'` +* Type: `'legacy'`, `'sso'`, `'saml'`, `'oauth'` + +What authentication strategy to use with `adduser`/`login`. Some npm registries +(for example, npmE) might support alternative auth strategies besides classic +username/password entry in legacy npm. + ## SEE ALSO * npm-registry(7) diff --git a/deps/npm/doc/cli/npm-unpublish.md b/deps/npm/doc/cli/npm-unpublish.md index 0a5731ee1dbc24..8ee07dfd812f63 100644 --- a/deps/npm/doc/cli/npm-unpublish.md +++ b/deps/npm/doc/cli/npm-unpublish.md @@ -27,6 +27,11 @@ Even if a package version is unpublished, that specific name and version combination can never be reused. In order to publish the package again, a new version number must be used. +With the default registry (`registry.npmjs.org`), unpublish is +only allowed with versions published in the last 24 hours. If you +are trying to unpublish a version published longer ago than that, +contact support@npmjs.com. + The scope is optional and follows the usual rules for `npm-scope(7)`. ## SEE ALSO diff --git a/deps/npm/doc/misc/npm-config.md b/deps/npm/doc/misc/npm-config.md index cafbedf53210a0..463e6f192f53b2 100644 --- a/deps/npm/doc/misc/npm-config.md +++ b/deps/npm/doc/misc/npm-config.md @@ -137,6 +137,13 @@ even for `GET` requests. When "dev" or "development" and running local `npm shrinkwrap`, `npm outdated`, or `npm update`, is an alias for `--dev`. +### auth-type + +* Default: `'legacy'` +* Type: `'legacy'`, `'sso'`, `'saml'`, `'oauth'` + +What authentication strategy to use with `adduser`/`login`. + ### bin-links * Default: `true` @@ -609,7 +616,7 @@ Any "%s" in the message will be replaced with the version number. ### metrics-registry -* Default: "https://registry.npmjs.org/" +* Default: The value of `registry` (which defaults to "https://registry.npmjs.org/") * Type: String The registry you want to send cli metrics to if `send-metrics` is true. @@ -904,6 +911,21 @@ using `-s` to add a signature. Note that git requires you to have set up GPG keys in your git configs for this to work properly. +### sso-poll-frequency + +* Default: 500 +* Type: Number + +When used with SSO-enabled `auth-type`s, configures how regularly the registry +should be polled while the user is completing authentication. + +### sso-type + +* Default: 'oauth' +* Type: 'oauth', 'saml', or null + +If `--auth-type=sso`, the type of SSO type to use. + ### strict-ssl * Default: true diff --git a/deps/npm/html/doc/README.html b/deps/npm/html/doc/README.html index c471072b8cfe2b..d735088d4756c0 100644 --- a/deps/npm/html/doc/README.html +++ b/deps/npm/html/doc/README.html @@ -62,7 +62,7 @@

Windows Install or Upgrade

upgrade tool, download a new version of Node, or follow the Windows upgrade instructions in the -npm Troubleshooting Guide.

+npm Troubleshooting Guide.

If that's not fancy enough for you, then you can fetch the code with git, and mess with it directly.

Installing on Cygwin

@@ -126,5 +126,5 @@

SEE ALSO

       - + diff --git a/deps/npm/html/doc/cli/npm-access.html b/deps/npm/html/doc/cli/npm-access.html index 178d8d462db276..31fee57e6e0733 100644 --- a/deps/npm/html/doc/cli/npm-access.html +++ b/deps/npm/html/doc/cli/npm-access.html @@ -84,5 +84,5 @@

SEE ALSO

       - + diff --git a/deps/npm/html/doc/cli/npm-adduser.html b/deps/npm/html/doc/cli/npm-adduser.html index 381f3512965b40..5870752a625988 100644 --- a/deps/npm/html/doc/cli/npm-adduser.html +++ b/deps/npm/html/doc/cli/npm-adduser.html @@ -11,7 +11,7 @@

npm-adduser

Add a registry user account

SYNOPSIS

-
npm adduser [--registry=url] [--scope=@orgname] [--always-auth]
+
npm adduser [--registry=url] [--scope=@orgname] [--always-auth] [--auth-type=legacy]
 
 aliases: login, add-user
 
DESCRIPTION

@@ -52,6 +52,14 @@ 
always-auth

 different hostnames. See always-auth in npm-config(7) for more details on
 always-auth. Registry-specific configuration of always-auth takes precedence
 over any global configuration.

+
auth-type

+
    
+
  • Default: 'legacy'
    • 
+
  • Type: 'legacy', 'sso', 'saml', 'oauth'
    • 
+

+
What authentication strategy to use with adduser/login. Some npm registries
+(for example, npmE) might support alternative auth strategies besides classic
+username/password entry in legacy npm.

 
SEE ALSO