Skip to content
Permalink
Browse files
deps: upgrade npm to 8.19.1
PR-URL: #44486
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
  • Loading branch information
npm-cli-bot authored and RafaelGSS committed Sep 7, 2022
1 parent 807b1e5 commit cf19a79dfc8c299fbcce739e1cdb3b9bc94d7a22
Show file tree
Hide file tree
Showing 188 changed files with 1,890 additions and 1,304 deletions.
@@ -35,29 +35,28 @@ For all of the subcommands, `npm access` will perform actions on the packages
in the current working directory if no package name is passed to the
subcommand.
* public / restricted:
* public / restricted (deprecated):
Set a package to be either publicly accessible or restricted.
* grant / revoke:
* grant / revoke (deprecated):
Add or remove the ability of users and teams to have read-only or read-write
access to a package.
* 2fa-required / 2fa-not-required:
* 2fa-required / 2fa-not-required (deprecated):
Configure whether a package requires that anyone publishing it have two-factor
authentication enabled on their account.
* ls-packages:
* ls-packages (deprecated):
Show all of the packages a user or a team is able to access, along with the
access level, except for read-only public packages (it won't print the whole
registry listing)
* ls-collaborators:
* ls-collaborators (deprecated):
Show all of the access privileges for a package. Will only show permissions
for packages to which you have at least read access. If `<user>` is passed in,
the list is filtered only to teams _that_ user happens to belong to.
* edit:
Set the access privileges for a package at once using `$EDITOR`.
* edit (not implemented)
### Details
@@ -232,4 +232,4 @@ This value is not exported to the environment for child processes.
<!-- AUTOGENERATED CONFIG DESCRIPTIONS END -->
## See Also
* [dependency selector](/using-npm/dependency-selector)
* [dependency selectors](/using-npm/dependency-selectors)
@@ -91,6 +91,34 @@ consistent across updates. Set fields in here using the `./configure`
script that comes with npm. This is primarily for distribution maintainers
to override default configs in a standard and consistent manner.

### Auth related configuration

The settings `_auth`, `_authToken`, `username` and `_password` must all be
scoped to a specific registry. This ensures that `npm` will never send
credentials to the wrong host.

In order to scope these values, they must be prefixed by a URI fragment.
If the credential is meant for any request to a registry on a single host,
the scope may look like `//registry.npmjs.org/:`. If it must be scoped to a
specific path on the host that path may also be provided, such as
`//my-custom-registry.org/unique/path:`.

```
; bad config
_authToken=MYTOKEN
; good config
@myorg:registry=https://somewhere-else.com/myorg
@another:registry=https://somewhere-else.com/another
//registry.npmjs.org/:_authToken=MYTOKEN
; would apply to both @myorg and @another
; //somewhere-else.com/:_authToken=MYTOKEN
; would apply only to @myorg
//somewhere-else.com/myorg/:_authToken=MYTOKEN1
; would apply only to @another
//somewhere-else.com/another/:_authToken=MYTOKEN2
```

### See also

* [npm folders](/configuring-npm/folders)
@@ -144,7 +144,7 @@ const arb = new Arborist({})

```js
// root-level
arb.loadActual((tree) => {
arb.loadActual().then(async (tree) => {
// query all production dependencies
const results = await tree.querySelectorAll('.prod')
console.log(results)
@@ -153,7 +153,7 @@ arb.loadActual((tree) => {

```js
// iterative
arb.loadActual((tree) => {
arb.loadActual().then(async (tree) => {
// query for the deduped version of react
const results = await tree.querySelectorAll('#react:not(:deduped)')
// query the deduped react for git deps
@@ -169,34 +169,33 @@ <h3 id="description">Description</h3>
subcommand.</p>
<ul>
<li>
<p>public / restricted:
<p>public / restricted (deprecated):
Set a package to be either publicly accessible or restricted.</p>
</li>
<li>
<p>grant / revoke:
<p>grant / revoke (deprecated):
Add or remove the ability of users and teams to have read-only or read-write
access to a package.</p>
</li>
<li>
<p>2fa-required / 2fa-not-required:
<p>2fa-required / 2fa-not-required (deprecated):
Configure whether a package requires that anyone publishing it have two-factor
authentication enabled on their account.</p>
</li>
<li>
<p>ls-packages:
<p>ls-packages (deprecated):
Show all of the packages a user or a team is able to access, along with the
access level, except for read-only public packages (it won't print the whole
registry listing)</p>
</li>
<li>
<p>ls-collaborators:
<p>ls-collaborators (deprecated):
Show all of the access privileges for a package. Will only show permissions
for packages to which you have at least read access. If <code>&lt;user&gt;</code> is passed in,
the list is filtered only to teams <em>that</em> user happens to belong to.</p>
</li>
<li>
<p>edit:
Set the access privileges for a package at once using <code>$EDITOR</code>.</p>
<p>edit (not implemented)</p>
</li>
</ul>
<h3 id="details">Details</h3>
@@ -166,7 +166,7 @@ <h3 id="description">Description</h3>
the results to only the paths to the packages named. Note that nested
packages will <em>also</em> show the paths to the specified packages. For
example, running <code>npm ls promzard</code> in npm's source tree will show:</p>
<pre lang="bash"><code>npm@8.18.0 /path/to/npm
<pre lang="bash"><code>npm@8.19.1 /path/to/npm
└─┬ init-package-json@0.0.4
└── promzard@0.1.5
</code></pre>
@@ -344,7 +344,7 @@ <h4 id="include-workspace-root"><code>include-workspace-root</code></h4>
<!-- raw HTML omitted -->
<h2 id="see-also">See Also</h2>
<ul>
<li><a href="../using-npm/dependency-selector.html">dependency selector</a></li>
<li><a href="../using-npm/dependency-selectors.html">dependency selectors</a></li>
</ul>
</div>

@@ -149,7 +149,7 @@ <h2 id="table-of-contents">Table of contents</h2>
<!-- raw HTML omitted -->
<!-- raw HTML omitted -->
<h3 id="version">Version</h3>
<p>8.18.0</p>
<p>8.19.1</p>
<h3 id="description">Description</h3>
<p>npm is the package manager for the Node JavaScript platform. It puts
modules in place so that node can find them, and manages dependency
@@ -142,7 +142,7 @@ <h1 id="npmrc">npmrc</h1>

<section id="table_of_contents">
<h2 id="table-of-contents">Table of contents</h2>
<div id="_table_of_contents"><ul><li><a href="#description">Description</a></li><li><a href="#files">Files</a></li><ul><li><a href="#comments">Comments</a></li><li><a href="#per-project-config-file">Per-project config file</a></li><li><a href="#per-user-config-file">Per-user config file</a></li><li><a href="#global-config-file">Global config file</a></li><li><a href="#built-in-config-file">Built-in config file</a></li></ul><li><a href="#see-also">See also</a></li></ul></div>
<div id="_table_of_contents"><ul><li><a href="#description">Description</a></li><li><a href="#files">Files</a></li><ul><li><a href="#comments">Comments</a></li><li><a href="#per-project-config-file">Per-project config file</a></li><li><a href="#per-user-config-file">Per-user config file</a></li><li><a href="#global-config-file">Global config file</a></li><li><a href="#built-in-config-file">Built-in config file</a></li></ul><li><a href="#auth-related-configuration">Auth related configuration</a></li><li><a href="#see-also">See also</a></li></ul></div>
</section>

<div id="_content"><h3 id="description">Description</h3>
@@ -204,6 +204,29 @@ <h4 id="built-in-config-file">Built-in config file</h4>
consistent across updates. Set fields in here using the <code>./configure</code>
script that comes with npm. This is primarily for distribution maintainers
to override default configs in a standard and consistent manner.</p>
<h3 id="auth-related-configuration">Auth related configuration</h3>
<p>The settings <code>_auth</code>, <code>_authToken</code>, <code>username</code> and <code>_password</code> must all be
scoped to a specific registry. This ensures that <code>npm</code> will never send
credentials to the wrong host.</p>
<p>In order to scope these values, they must be prefixed by a URI fragment.
If the credential is meant for any request to a registry on a single host,
the scope may look like <code>//registry.npmjs.org/:</code>. If it must be scoped to a
specific path on the host that path may also be provided, such as
<code>//my-custom-registry.org/unique/path:</code>.</p>
<pre><code>; bad config
_authToken=MYTOKEN

; good config
@myorg:registry=https://somewhere-else.com/myorg
@another:registry=https://somewhere-else.com/another
//registry.npmjs.org/:_authToken=MYTOKEN
; would apply to both @myorg and @another
; //somewhere-else.com/:_authToken=MYTOKEN
; would apply only to @myorg
//somewhere-else.com/myorg/:_authToken=MYTOKEN1
; would apply only to @another
//somewhere-else.com/another/:_authToken=MYTOKEN2
</code></pre>
<h3 id="see-also">See also</h3>
<ul>
<li><a href="../configuring-npm/folders.html">npm folders</a></li>
@@ -264,14 +264,14 @@ <h3 id="programmatic-usage">Programmatic Usage</h3>
const arb = new Arborist({})
</code></pre>
<pre lang="js"><code>// root-level
arb.loadActual((tree) =&gt; {
arb.loadActual().then(async (tree) =&gt; {
// query all production dependencies
const results = await tree.querySelectorAll('.prod')
console.log(results)
})
</code></pre>
<pre lang="js"><code>// iterative
arb.loadActual((tree) =&gt; {
arb.loadActual().then(async (tree) =&gt; {
// query for the deduped version of react
const results = await tree.querySelectorAll('#react:not(:deduped)')
// query the deduped react for git deps
@@ -5,6 +5,7 @@ const readPackageJson = require('read-package-json-fast')

const otplease = require('../utils/otplease.js')
const getIdentity = require('../utils/get-identity.js')
const log = require('../utils/log-shim.js')
const BaseCommand = require('../base-command.js')

const subcommands = [
@@ -19,6 +20,15 @@ const subcommands = [
'2fa-not-required',
]

const deprecated = [
'2fa-not-required',
'2fa-required',
'ls-collaborators',
'ls-packages',
'public',
'restricted',
]

class Access extends BaseCommand {
static description = 'Set access level on published packages'
static name = 'access'
@@ -78,6 +88,10 @@ class Access extends BaseCommand {
throw this.usageError(`${cmd} is not a recognized subcommand.`)
}

if (deprecated.includes(cmd)) {
log.warn('access', `${cmd} subcommand will be removed in the next version of npm`)
}

return this[cmd](args, {
...this.npm.flatOptions,
})
@@ -175,7 +189,7 @@ class Access extends BaseCommand {
}

async edit () {
throw new Error('edit subcommand is not implemented yet')
throw new Error('edit subcommand is not implemented')
}

modifyPackage (pkg, opts, fn, requireScope = true) {