From 235ed1d2838ef302bb995e183980209d16c51b9b Mon Sep 17 00:00:00 2001 From: Gareth Jones Date: Sun, 25 Aug 2019 19:37:13 +1200 Subject: [PATCH 1/9] Don't override user specified depth in outdated Restores ability to update packages using `--depth` as suggested by `npm audit`. i.e `npm update eslint-utils --depth 2`. PR-URL: https://github.com/npm/cli/pull/239 Credit: @G-Rath Close: #239 Reviewed-by: @claudiahdz --- lib/outdated.js | 2 +- test/tap/outdated-depth.js | 17 ++++++++++++++--- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/lib/outdated.js b/lib/outdated.js index 794197cfc6a69..5b84ae35587c8 100644 --- a/lib/outdated.js +++ b/lib/outdated.js @@ -91,7 +91,7 @@ function outdated (args, silent, cb) { var dir = path.resolve(npm.dir, '..') // default depth for `outdated` is 0 (cf. `ls`) - if (opts.depth) opts = opts.concat({depth: 0}) + if (opts.depth === Infinity) opts = opts.concat({depth: 0}) readPackageTree(dir, andComputeMetadata(function (er, tree) { if (!tree) return cb(er) diff --git a/test/tap/outdated-depth.js b/test/tap/outdated-depth.js index 5cf7c7edac9c4..c3d87c64ce0e4 100644 --- a/test/tap/outdated-depth.js +++ b/test/tap/outdated-depth.js @@ -47,6 +47,7 @@ test('outdated depth zero', function (t) { mr({ port: common.port }, function (er, s) { npm.load( { + depth: 0, loglevel: 'silent', registry: common.registry }, @@ -54,12 +55,22 @@ test('outdated depth zero', function (t) { npm.install('.', function (er) { if (er) throw new Error(er) npm.outdated(function (err, d) { - t.ifError(err, 'npm outdated ran without error') + if (err) { + throw err + } t.is(process.exitCode, 1, 'exit code set to 1') process.exitCode = 0 t.deepEqual(d[0], expected) - s.close() - t.end() + t.equal(d.length, 1) + npm.config.set('depth', 1) + npm.outdated(function (err, d) { + t.equal(d.length, 2) + if (err) { + throw err + } + s.close() + t.end() + }) }) }) } From 1fafb51513466cd793866b576dfea9a8963a3335 Mon Sep 17 00:00:00 2001 From: isaacs Date: Wed, 28 Aug 2019 16:07:30 -0700 Subject: [PATCH 2/9] Revert "install: do not descend into directory deps' child modules" This reverts commit 45772af0ddca54b658cb2ba2182eec26d0a4729d Fix: https://npm.community/t/6-11-1-some-dependencies-are-no-longer-being-installed/9586/4 Also adds 2 tests to verify regression behavior. PR-URL: https://github.com/npm/cli/pull/242 Credit: @isaacs Close: #242 Reviewed-by: @claudiahdz --- lib/install/inflate-shrinkwrap.js | 20 +-- test/tap/install-from-local-multipath.js | 6 +- test/tap/install-link-metadeps-locally.js | 52 +++++++ test/tap/install-link-metadeps-subfolders.js | 68 ++++++++++ .../install-symlink-leave-children-alone.js | 127 ------------------ 5 files changed, 127 insertions(+), 146 deletions(-) create mode 100644 test/tap/install-link-metadeps-locally.js create mode 100644 test/tap/install-link-metadeps-subfolders.js delete mode 100644 test/tap/install-symlink-leave-children-alone.js diff --git a/lib/install/inflate-shrinkwrap.js b/lib/install/inflate-shrinkwrap.js index 9fb38167b84aa..b0b71ef6b1323 100644 --- a/lib/install/inflate-shrinkwrap.js +++ b/lib/install/inflate-shrinkwrap.js @@ -50,12 +50,8 @@ function inflateShrinkwrap (topPath, tree, swdeps, opts) { return BB.each(Object.keys(swdeps), (name) => { const sw = swdeps[name] + const dependencies = sw.dependencies || {} const requested = realizeShrinkwrapSpecifier(name, sw, topPath) - // We should not muck about in the node_modules folder of - // symlinked packages. Treat its dependencies as if they - // were empty, since it's none of our business. - const dependencies = requested.type === 'directory' ? {} - : sw.dependencies || {} return inflatableChild( onDisk[name], name, topPath, tree, sw, requested, opts ).then((child) => { @@ -145,10 +141,6 @@ function isGit (sw) { } function makeFakeChild (name, topPath, tree, sw, requested) { - // We should not muck about in the node_modules folder of - // symlinked packages. Treat its dependencies as if they - // were empty, since it's none of our business. - const isDirectory = requested.type === 'directory' const from = sw.from || requested.raw const pkg = { name: name, @@ -164,7 +156,7 @@ function makeFakeChild (name, topPath, tree, sw, requested) { _spec: requested.rawSpec, _where: topPath, _args: [[requested.toString(), topPath]], - dependencies: isDirectory ? {} : sw.requires + dependencies: sw.requires } if (!sw.bundled) { @@ -175,16 +167,16 @@ function makeFakeChild (name, topPath, tree, sw, requested) { } const child = createChild({ package: pkg, - loaded: isDirectory, + loaded: true, parent: tree, children: [], fromShrinkwrap: requested, fakeChild: sw, fromBundle: sw.bundled ? tree.fromBundle || tree : null, path: childPath(tree.path, pkg), - realpath: isDirectory ? requested.fetchSpec : childPath(tree.realpath, pkg), + realpath: requested.type === 'directory' ? requested.fetchSpec : childPath(tree.realpath, pkg), location: (tree.location === '/' ? '' : tree.location + '/') + pkg.name, - isLink: isDirectory, + isLink: requested.type === 'directory', isInLink: tree.isLink || tree.isInLink, swRequires: sw.requires }) @@ -203,7 +195,7 @@ function fetchChild (topPath, tree, sw, requested) { var isLink = pkg._requested.type === 'directory' const child = createChild({ package: pkg, - loaded: isLink, + loaded: false, parent: tree, fromShrinkwrap: requested, path: childPath(tree.path, pkg), diff --git a/test/tap/install-from-local-multipath.js b/test/tap/install-from-local-multipath.js index d2b3df4415346..83dbdadde9e55 100644 --- a/test/tap/install-from-local-multipath.js +++ b/test/tap/install-from-local-multipath.js @@ -167,13 +167,9 @@ test('\'npm install\' should install local packages', function (t) { 'install', '.' ], EXEC_OPTS, - function (err, code, stdout, stderr) { + function (err, code) { t.ifError(err, 'error should not exist') t.notOk(code, 'npm install exited with code 0') - // if the test fails, let's see why - if (err || code) { - console.error({code, stdout, stderr}) - } t.end() } ) diff --git a/test/tap/install-link-metadeps-locally.js b/test/tap/install-link-metadeps-locally.js new file mode 100644 index 0000000000000..136fd46d10bbf --- /dev/null +++ b/test/tap/install-link-metadeps-locally.js @@ -0,0 +1,52 @@ +// XXX Remove in npm v7, when this is no longer how we do things +const t = require('tap') +const common = require('../common-tap.js') +const pkg = common.pkg +const mkdirp = require('mkdirp') +const { writeFileSync, statSync } = require('fs') +const { resolve } = require('path') +const mr = require('npm-registry-mock') +const rimraf = require('rimraf') + +t.test('setup', t => { + mkdirp.sync(resolve(pkg, 'node_modules')) + mkdirp.sync(resolve(pkg, 'foo')) + writeFileSync(resolve(pkg, 'foo', 'package.json'), JSON.stringify({ + name: 'foo', + version: '1.2.3', + dependencies: { + underscore: '*' + } + })) + + writeFileSync(resolve(pkg, 'package.json'), JSON.stringify({ + name: 'root', + version: '1.2.3', + dependencies: { + foo: 'file:foo' + } + })) + + mr({ port: common.port }, (er, s) => { + if (er) { + throw er + } + t.parent.teardown(() => s.close()) + t.end() + }) +}) + +t.test('initial install to create package-lock', + t => common.npm(['install', '--registry', common.registry], { cwd: pkg }) + .then(([code]) => t.equal(code, 0, 'command worked'))) + +t.test('remove node_modules', t => + rimraf(resolve(pkg, 'node_modules'), t.end)) + +t.test('install again from package-lock', t => + common.npm(['install', '--registry', common.registry], { cwd: pkg }) + .then(([code]) => { + t.equal(code, 0, 'command worked') + const underscore = resolve(pkg, 'node_modules', 'underscore') + t.equal(statSync(underscore).isDirectory(), true, 'underscore installed') + })) diff --git a/test/tap/install-link-metadeps-subfolders.js b/test/tap/install-link-metadeps-subfolders.js new file mode 100644 index 0000000000000..7544c8a4ebe84 --- /dev/null +++ b/test/tap/install-link-metadeps-subfolders.js @@ -0,0 +1,68 @@ +const t = require('tap') +const common = require('../common-tap.js') +const mkdirp = require('mkdirp') +const { writeFileSync, readFileSync } = require('fs') +const { resolve } = require('path') +const pkg = common.pkg +const app = resolve(pkg, 'app') +const lib = resolve(pkg, 'lib') +const moda = resolve(lib, 'module-a') +const modb = resolve(lib, 'module-b') + +const rimraf = require('rimraf') + +t.test('setup', t => { + mkdirp.sync(app) + mkdirp.sync(moda) + mkdirp.sync(modb) + + writeFileSync(resolve(app, 'package.json'), JSON.stringify({ + name: 'app', + version: '1.2.3', + dependencies: { + moda: 'file:../lib/module-a' + } + })) + + writeFileSync(resolve(moda, 'package.json'), JSON.stringify({ + name: 'moda', + version: '1.2.3', + dependencies: { + modb: 'file:../module-b' + } + })) + + writeFileSync(resolve(modb, 'package.json'), JSON.stringify({ + name: 'modb', + version: '1.2.3' + })) + + t.end() +}) + +t.test('initial install to create package-lock', + t => common.npm(['install'], { cwd: app }) + .then(([code]) => t.equal(code, 0, 'command worked'))) + +t.test('remove node_modules', t => + rimraf(resolve(pkg, 'node_modules'), t.end)) + +t.test('install again from package-lock', t => + common.npm(['install'], { cwd: app }) + .then(([code]) => { + t.equal(code, 0, 'command worked') + // verify that module-b is linked under module-a + const depPkg = resolve( + app, + 'node_modules', + 'moda', + 'node_modules', + 'modb', + 'package.json' + ) + const data = JSON.parse(readFileSync(depPkg, 'utf8')) + t.strictSame(data, { + name: 'modb', + version: '1.2.3' + }) + })) diff --git a/test/tap/install-symlink-leave-children-alone.js b/test/tap/install-symlink-leave-children-alone.js deleted file mode 100644 index cb7a4f3433775..0000000000000 --- a/test/tap/install-symlink-leave-children-alone.js +++ /dev/null @@ -1,127 +0,0 @@ -const common = require('../common-tap.js') -const Tacks = require('tacks') -const {File, Dir} = Tacks -const pkg = common.pkg -const t = require('tap') - -// via https://github.com/chhetrisushil/npm-update-test -const goodPackage2Entry = { - version: 'file:../package2', - dev: true -} - -const badPackage2Entry = { - version: 'file:../package2', - dev: true, - dependencies: { - '@test/package3': { - version: '1.0.0' - } - } -} - -const goodPackage1Deps = { - '@test/package2': goodPackage2Entry, - '@test/package3': { - version: 'file:../package3', - dev: true - } -} - -const badPackage1Deps = { - '@test/package2': badPackage2Entry, - '@test/package3': { - version: 'file:../package3', - dev: true - } -} - -const badPackage1Lock = { - name: 'package1', - version: '1.0.0', - lockfileVersion: 1, - requires: true, - dependencies: badPackage1Deps -} - -const goodPackage1Lock = { - name: 'package1', - version: '1.0.0', - lockfileVersion: 1, - requires: true, - dependencies: goodPackage1Deps -} - -const package2Lock = { - name: 'package2', - version: '1.0.0', - lockfileVersion: 1, - requires: true, - dependencies: { - '@test/package3': { - version: 'file:../package3', - dev: true - } - } -} - -const package3Lock = { - name: 'package3', - version: '1.0.0', - lockfileVersion: 1 -} - -t.test('setup fixture', t => { - const fixture = new Tacks(new Dir({ - package1: new Dir({ - 'package-lock.json': new File(badPackage1Lock), - 'package.json': new File({ - name: 'package1', - version: '1.0.0', - devDependencies: { - '@test/package2': 'file:../package2', - '@test/package3': 'file:../package3' - } - }) - }), - package2: new Dir({ - 'package-lock.json': new File(package2Lock), - 'package.json': new File({ - name: 'package2', - version: '1.0.0', - devDependencies: { - '@test/package3': 'file:../package3' - } - }) - }), - package3: new Dir({ - 'package-lock.json': new File(package3Lock), - 'package.json': new File({ - name: 'package3', - version: '1.0.0' - }) - }) - })) - fixture.create(pkg) - t.end() -}) - -t.test('install does not error', t => - common.npm(['install', '--no-registry'], { cwd: pkg + '/package1' }) - .then(([code, out, err]) => { - t.equal(code, 0) - console.error({out, err}) - })) - -t.test('updated package-lock.json to good state, left others alone', t => { - const fs = require('fs') - const getlock = n => { - const file = pkg + '/package' + n + '/package-lock.json' - const lockdata = fs.readFileSync(file, 'utf8') - return JSON.parse(lockdata) - } - t.strictSame(getlock(1), goodPackage1Lock) - t.strictSame(getlock(2), package2Lock) - t.strictSame(getlock(3), package3Lock) - t.end() -}) From e5fbb7ed1fc7ef5c6ca4790e2d0dc441e0ac1596 Mon Sep 17 00:00:00 2001 From: claudiahdz Date: Fri, 30 Aug 2019 17:28:17 -0500 Subject: [PATCH 3/9] read-cmd-shim@1.0.4 --- node_modules/read-cmd-shim/package.json | 25 ++-- .../read-cmd-shim/test/integration.js | 139 ------------------ package-lock.json | 6 +- package.json | 2 +- 4 files changed, 18 insertions(+), 154 deletions(-) delete mode 100644 node_modules/read-cmd-shim/test/integration.js diff --git a/node_modules/read-cmd-shim/package.json b/node_modules/read-cmd-shim/package.json index d706e652c1a16..df2fe27e7b170 100644 --- a/node_modules/read-cmd-shim/package.json +++ b/node_modules/read-cmd-shim/package.json @@ -1,29 +1,29 @@ { - "_from": "read-cmd-shim@1.0.3", - "_id": "read-cmd-shim@1.0.3", + "_from": "read-cmd-shim@1.0.4", + "_id": "read-cmd-shim@1.0.4", "_inBundle": false, - "_integrity": "sha512-HUHb2imlZ8xBJjiZZRx0Ag9JfZ3jxQRfORMQXWCDeHE6PCCnpQrMq6LhyNqEPnMXhMDDIyq/BK7pBbhNy9zDDA==", + "_integrity": "sha512-Pqpl3qJ/QdOIjRYA0q5DND/gLvGOfpIz/fYVDGYpOXfW/lFrIttmLsBnd6IkyK10+JHU9zhsaudfvrQTBB9YFQ==", "_location": "/read-cmd-shim", "_phantomChildren": {}, "_requested": { "type": "version", "registry": true, - "raw": "read-cmd-shim@1.0.3", + "raw": "read-cmd-shim@1.0.4", "name": "read-cmd-shim", "escapedName": "read-cmd-shim", - "rawSpec": "1.0.3", + "rawSpec": "1.0.4", "saveSpec": null, - "fetchSpec": "1.0.3" + "fetchSpec": "1.0.4" }, "_requiredBy": [ "#USER", "/", "/gentle-fs" ], - "_resolved": "https://registry.npmjs.org/read-cmd-shim/-/read-cmd-shim-1.0.3.tgz", - "_shasum": "b246608c8e76e332a99be7811c096a4baf60015a", - "_spec": "read-cmd-shim@1.0.3", - "_where": "/Users/isaacs/dev/npm/cli", + "_resolved": "https://registry.npmjs.org/read-cmd-shim/-/read-cmd-shim-1.0.4.tgz", + "_shasum": "b4a53d43376211b45243f0072b6e603a8e37640d", + "_spec": "read-cmd-shim@1.0.4", + "_where": "/Users/claudiahdz/npm/cli", "author": { "name": "Rebecca Turner", "email": "me@re-becca.org", @@ -44,6 +44,9 @@ "standard": "^5.2.2", "tap": "^12.7.0" }, + "files": [ + "index.js" + ], "homepage": "https://github.com/npm/read-cmd-shim#readme", "license": "ISC", "main": "index.js", @@ -56,5 +59,5 @@ "pretest": "standard", "test": "tap test/*.js --100" }, - "version": "1.0.3" + "version": "1.0.4" } diff --git a/node_modules/read-cmd-shim/test/integration.js b/node_modules/read-cmd-shim/test/integration.js deleted file mode 100644 index 0cfa84bf6b25e..0000000000000 --- a/node_modules/read-cmd-shim/test/integration.js +++ /dev/null @@ -1,139 +0,0 @@ -'use strict' -var path = require('path') -var fs = require('graceful-fs') -var test = require('tap').test -var rimraf = require('rimraf') -var cmdShim = require('cmd-shim') -var readCmdShim = require('../index.js') -var workDir = path.join(__dirname, path.basename(__filename, '.js')) -var testShbang = path.join(workDir, 'test-shbang') -var testShbangCmd = testShbang + '.cmd' -var testShim = path.join(workDir, 'test') -var testShimCmd = testShim + '.cmd' - -test('setup', function (t) { - rimraf.sync(workDir) - fs.mkdirSync(workDir) - fs.writeFileSync(testShbang + '.js', '#!/usr/bin/env node\ntrue') - cmdShim(__filename, testShim, function (er) { - t.error(er) - cmdShim(testShbang + '.js', testShbang, function (er) { - t.error(er) - t.done() - }) - }) -}) - -test('async-read-no-shbang', function (t) { - t.plan(2) - readCmdShim(testShimCmd, function (er, dest) { - t.error(er) - t.is(dest, '..\\integration.js') - t.done() - }) -}) - -test('sync-read-no-shbang', function (t) { - t.plan(1) - var dest = readCmdShim.sync(testShimCmd) - t.is(dest, '..\\integration.js') - t.done() -}) - -test('async-read-shbang', function (t) { - t.plan(2) - readCmdShim(testShbangCmd, function (er, dest) { - t.error(er) - t.is(dest, 'test-shbang.js') - t.done() - }) -}) - -test('sync-read-shbang', function (t) { - t.plan(1) - var dest = readCmdShim.sync(testShbangCmd) - t.is(dest, 'test-shbang.js') - t.done() -}) - -test('async-read-no-shbang-cygwin', function (t) { - t.plan(2) - readCmdShim(testShim, function (er, dest) { - t.error(er) - t.is(dest, '../integration.js') - t.done() - }) -}) - -test('sync-read-no-shbang-cygwin', function (t) { - t.plan(1) - var dest = readCmdShim.sync(testShim) - t.is(dest, '../integration.js') - t.done() -}) - -test('async-read-shbang-cygwin', function (t) { - t.plan(2) - readCmdShim(testShbang, function (er, dest) { - t.error(er) - t.is(dest, 'test-shbang.js') - t.done() - }) -}) - -test('sync-read-shbang-cygwin', function (t) { - t.plan(1) - var dest = readCmdShim.sync(testShbang) - t.is(dest, 'test-shbang.js') - t.done() -}) - -test('async-read-dir', function (t) { - t.plan(2) - readCmdShim(workDir, function (er) { - t.ok(er) - t.is(er.code, 'EISDIR', "cmd-shims can't be directories") - t.done() - }) -}) - -test('sync-read-dir', function (t) { - t.plan(1) - t.throws(function () { readCmdShim.sync(workDir) }, "cmd-shims can't be directories") - t.done() -}) - -test('async-read-not-there', function (t) { - t.plan(2) - readCmdShim('/path/to/nowhere', function (er, dest) { - t.ok(er, 'missing files throw errors') - t.is(er.code, 'ENOENT', "cmd-shim file doesn't exist") - t.done() - }) -}) - -test('sync-read-not-there', function (t) { - t.plan(1) - t.throws(function () { readCmdShim.sync('/path/to/nowhere') }, "cmd-shim file doesn't exist") - t.done() -}) - -test('async-read-not-shim', function (t) { - t.plan(2) - readCmdShim(__filename, function (er, dest) { - t.ok(er) - t.is(er.code, 'ENOTASHIM', 'shim file specified is not a shim') - t.done() - }) -}) - -test('sync-read-not-shim', function (t) { - t.plan(1) - t.throws(function () { readCmdShim.sync(__filename) }, 'shim file specified is not a shim') - t.done() -}) - -test('cleanup', function (t) { - rimraf.sync(workDir) - t.done() -}) diff --git a/package-lock.json b/package-lock.json index f370a80f8353c..c4c3b714d279e 100644 --- a/package-lock.json +++ b/package-lock.json @@ -4816,9 +4816,9 @@ } }, "read-cmd-shim": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/read-cmd-shim/-/read-cmd-shim-1.0.3.tgz", - "integrity": "sha512-HUHb2imlZ8xBJjiZZRx0Ag9JfZ3jxQRfORMQXWCDeHE6PCCnpQrMq6LhyNqEPnMXhMDDIyq/BK7pBbhNy9zDDA==", + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/read-cmd-shim/-/read-cmd-shim-1.0.4.tgz", + "integrity": "sha512-Pqpl3qJ/QdOIjRYA0q5DND/gLvGOfpIz/fYVDGYpOXfW/lFrIttmLsBnd6IkyK10+JHU9zhsaudfvrQTBB9YFQ==", "requires": { "graceful-fs": "^4.1.2" } diff --git a/package.json b/package.json index e60eafee37ab6..c48d987fe616c 100644 --- a/package.json +++ b/package.json @@ -117,7 +117,7 @@ "query-string": "^6.8.2", "qw": "~1.0.1", "read": "~1.0.7", - "read-cmd-shim": "^1.0.3", + "read-cmd-shim": "^1.0.4", "read-installed": "~4.0.3", "read-package-json": "^2.1.0", "read-package-tree": "^5.3.1", From 23ce65616c550647c586f7babc3c2f60115af2aa Mon Sep 17 00:00:00 2001 From: claudiahdz Date: Fri, 30 Aug 2019 17:29:03 -0500 Subject: [PATCH 4/9] npm-pick-manifest@3.0.2 --- node_modules/npm-pick-manifest/CHANGELOG.md | 67 +++++++++++++-------- node_modules/npm-pick-manifest/README.md | 4 +- node_modules/npm-pick-manifest/index.js | 4 ++ node_modules/npm-pick-manifest/package.json | 31 +++++----- package-lock.json | 6 +- package.json | 2 +- 6 files changed, 67 insertions(+), 47 deletions(-) diff --git a/node_modules/npm-pick-manifest/CHANGELOG.md b/node_modules/npm-pick-manifest/CHANGELOG.md index abea7dacbefb2..c594ba140f72b 100644 --- a/node_modules/npm-pick-manifest/CHANGELOG.md +++ b/node_modules/npm-pick-manifest/CHANGELOG.md @@ -2,13 +2,28 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. + +## [3.0.2](https://github.com/npm/npm-pick-manifest/compare/v3.0.1...v3.0.2) (2019-08-30) + + + + +## [3.0.1](https://github.com/npm/npm-pick-manifest/compare/v3.0.0...v3.0.1) (2019-08-28) + + +### Bug Fixes + +* throw 403 for forbidden major/minor versions ([003286e](https://github.com/npm/npm-pick-manifest/commit/003286e)), closes [#2](https://github.com/npm/npm-pick-manifest/issues/2) + + + -# [3.0.0](https://github.com/zkat/npm-pick-manifest/compare/v2.2.3...v3.0.0) (2019-08-20) +# [3.0.0](https://github.com/npm/npm-pick-manifest/compare/v2.2.3...v3.0.0) (2019-08-20) ### Features -* throw forbidden error when package is blocked by policy ([ad2a962](https://github.com/zkat/npm-pick-manifest/commit/ad2a962)), closes [#1](https://github.com/zkat/npm-pick-manifest/issues/1) +* throw forbidden error when package is blocked by policy ([ad2a962](https://github.com/npm/npm-pick-manifest/commit/ad2a962)), closes [#1](https://github.com/npm/npm-pick-manifest/issues/1) ### BREAKING CHANGES @@ -22,72 +37,72 @@ Credit: @claudiahdz -## [2.2.3](https://github.com/zkat/npm-pick-manifest/compare/v2.2.2...v2.2.3) (2018-10-31) +## [2.2.3](https://github.com/npm/npm-pick-manifest/compare/v2.2.2...v2.2.3) (2018-10-31) ### Bug Fixes -* **enjoyBy:** rework semantics for enjoyBy again ([5e89b62](https://github.com/zkat/npm-pick-manifest/commit/5e89b62)) +* **enjoyBy:** rework semantics for enjoyBy again ([5e89b62](https://github.com/npm/npm-pick-manifest/commit/5e89b62)) -## [2.2.2](https://github.com/zkat/npm-pick-manifest/compare/v2.2.1...v2.2.2) (2018-10-31) +## [2.2.2](https://github.com/npm/npm-pick-manifest/compare/v2.2.1...v2.2.2) (2018-10-31) ### Bug Fixes -* **enjoyBy:** rework semantics for enjoyBy ([5684f45](https://github.com/zkat/npm-pick-manifest/commit/5684f45)) +* **enjoyBy:** rework semantics for enjoyBy ([5684f45](https://github.com/npm/npm-pick-manifest/commit/5684f45)) -## [2.2.1](https://github.com/zkat/npm-pick-manifest/compare/v2.2.0...v2.2.1) (2018-10-30) +## [2.2.1](https://github.com/npm/npm-pick-manifest/compare/v2.2.0...v2.2.1) (2018-10-30) -# [2.2.0](https://github.com/zkat/npm-pick-manifest/compare/v2.1.0...v2.2.0) (2018-10-30) +# [2.2.0](https://github.com/npm/npm-pick-manifest/compare/v2.1.0...v2.2.0) (2018-10-30) ### Bug Fixes -* **audit:** npm audit fix --force ([d5ae6c4](https://github.com/zkat/npm-pick-manifest/commit/d5ae6c4)) +* **audit:** npm audit fix --force ([d5ae6c4](https://github.com/npm/npm-pick-manifest/commit/d5ae6c4)) ### Features -* **enjoyBy:** add opts.enjoyBy option to filter versions by date ([0b8a790](https://github.com/zkat/npm-pick-manifest/commit/0b8a790)) +* **enjoyBy:** add opts.enjoyBy option to filter versions by date ([0b8a790](https://github.com/npm/npm-pick-manifest/commit/0b8a790)) -# [2.1.0](https://github.com/zkat/npm-pick-manifest/compare/v2.0.1...v2.1.0) (2017-10-18) +# [2.1.0](https://github.com/npm/npm-pick-manifest/compare/v2.0.1...v2.1.0) (2017-10-18) ### Features -* **selection:** allow manually disabling deprecation skipping ([0d239d3](https://github.com/zkat/npm-pick-manifest/commit/0d239d3)) +* **selection:** allow manually disabling deprecation skipping ([0d239d3](https://github.com/npm/npm-pick-manifest/commit/0d239d3)) -## [2.0.1](https://github.com/zkat/npm-pick-manifest/compare/v2.0.0...v2.0.1) (2017-10-18) +## [2.0.1](https://github.com/npm/npm-pick-manifest/compare/v2.0.0...v2.0.1) (2017-10-18) -# [2.0.0](https://github.com/zkat/npm-pick-manifest/compare/v1.0.4...v2.0.0) (2017-10-03) +# [2.0.0](https://github.com/npm/npm-pick-manifest/compare/v1.0.4...v2.0.0) (2017-10-03) ### Bug Fixes -* **license:** relicense project according to npm policy (#3) ([ed743a0](https://github.com/zkat/npm-pick-manifest/commit/ed743a0)) +* **license:** relicense project according to npm policy (#3) ([ed743a0](https://github.com/npm/npm-pick-manifest/commit/ed743a0)) ### Features -* **selection:** Avoid matching deprecated packages if possible ([3fc6c3a](https://github.com/zkat/npm-pick-manifest/commit/3fc6c3a)) +* **selection:** Avoid matching deprecated packages if possible ([3fc6c3a](https://github.com/npm/npm-pick-manifest/commit/3fc6c3a)) ### BREAKING CHANGES @@ -98,43 +113,43 @@ Credit: @claudiahdz -## [1.0.4](https://github.com/zkat/npm-pick-manifest/compare/v1.0.3...v1.0.4) (2017-06-29) +## [1.0.4](https://github.com/npm/npm-pick-manifest/compare/v1.0.3...v1.0.4) (2017-06-29) ### Bug Fixes -* **npa:** bump npa version for bugfixes ([7cdaca7](https://github.com/zkat/npm-pick-manifest/commit/7cdaca7)) -* **semver:** use loose semver parsing for *all* ops ([bbc0daa](https://github.com/zkat/npm-pick-manifest/commit/bbc0daa)) +* **npa:** bump npa version for bugfixes ([7cdaca7](https://github.com/npm/npm-pick-manifest/commit/7cdaca7)) +* **semver:** use loose semver parsing for *all* ops ([bbc0daa](https://github.com/npm/npm-pick-manifest/commit/bbc0daa)) -## [1.0.3](https://github.com/zkat/npm-pick-manifest/compare/v1.0.2...v1.0.3) (2017-05-04) +## [1.0.3](https://github.com/npm/npm-pick-manifest/compare/v1.0.2...v1.0.3) (2017-05-04) ### Bug Fixes -* **semver:** use semver.clean() instead ([f4133b5](https://github.com/zkat/npm-pick-manifest/commit/f4133b5)) +* **semver:** use semver.clean() instead ([f4133b5](https://github.com/npm/npm-pick-manifest/commit/f4133b5)) -## [1.0.2](https://github.com/zkat/npm-pick-manifest/compare/v1.0.1...v1.0.2) (2017-05-04) +## [1.0.2](https://github.com/npm/npm-pick-manifest/compare/v1.0.1...v1.0.2) (2017-05-04) ### Bug Fixes -* **picker:** spaces in `wanted` prevented match ([97a7d0a](https://github.com/zkat/npm-pick-manifest/commit/97a7d0a)) +* **picker:** spaces in `wanted` prevented match ([97a7d0a](https://github.com/npm/npm-pick-manifest/commit/97a7d0a)) -## [1.0.1](https://github.com/zkat/npm-pick-manifest/compare/v1.0.0...v1.0.1) (2017-04-24) +## [1.0.1](https://github.com/npm/npm-pick-manifest/compare/v1.0.0...v1.0.1) (2017-04-24) ### Bug Fixes -* **deps:** forgot to add semver ([1876f4f](https://github.com/zkat/npm-pick-manifest/commit/1876f4f)) +* **deps:** forgot to add semver ([1876f4f](https://github.com/npm/npm-pick-manifest/commit/1876f4f)) @@ -144,7 +159,7 @@ Credit: @claudiahdz ### Features -* **api:** initial implementation. ([b086912](https://github.com/zkat/npm-pick-manifest/commit/b086912)) +* **api:** initial implementation. ([b086912](https://github.com/npm/npm-pick-manifest/commit/b086912)) ### BREAKING CHANGES diff --git a/node_modules/npm-pick-manifest/README.md b/node_modules/npm-pick-manifest/README.md index a9a027bfcb460..d32d47af1997b 100644 --- a/node_modules/npm-pick-manifest/README.md +++ b/node_modules/npm-pick-manifest/README.md @@ -1,6 +1,6 @@ -# npm-pick-manifest [![npm version](https://img.shields.io/npm/v/npm-pick-manifest.svg)](https://npm.im/npm-pick-manifest) [![license](https://img.shields.io/npm/l/npm-pick-manifest.svg)](https://npm.im/npm-pick-manifest) [![Travis](https://img.shields.io/travis/zkat/npm-pick-manifest.svg)](https://travis-ci.org/zkat/npm-pick-manifest) [![AppVeyor](https://ci.appveyor.com/api/projects/status/github/zkat/npm-pick-manifest?svg=true)](https://ci.appveyor.com/project/zkat/npm-pick-manifest) [![Coverage Status](https://coveralls.io/repos/github/zkat/npm-pick-manifest/badge.svg?branch=latest)](https://coveralls.io/github/zkat/npm-pick-manifest?branch=latest) +# npm-pick-manifest [![npm version](https://img.shields.io/npm/v/npm-pick-manifest.svg)](https://npm.im/npm-pick-manifest) [![license](https://img.shields.io/npm/l/npm-pick-manifest.svg)](https://npm.im/npm-pick-manifest) [![Travis](https://img.shields.io/travis/npm/npm-pick-manifest.svg)](https://travis-ci.org/npm/npm-pick-manifest) [![AppVeyor](https://ci.appveyor.com/api/projects/status/github/npm/npm-pick-manifest?svg=true)](https://ci.appveyor.com/project/npm/npm-pick-manifest) [![Coverage Status](https://coveralls.io/repos/github/npm/npm-pick-manifest/badge.svg?branch=latest)](https://coveralls.io/github/npm/npm-pick-manifest?branch=latest) -[`npm-pick-manifest`](https://github.com/zkat/npm-pick-manifest) is a standalone +[`npm-pick-manifest`](https://github.com/npm/npm-pick-manifest) is a standalone implementation of [npm](https://npmjs.com)'s semver range resolution algorithm. ## Install diff --git a/node_modules/npm-pick-manifest/index.js b/node_modules/npm-pick-manifest/index.js index cf37696e82c21..9eb2d82d10024 100644 --- a/node_modules/npm-pick-manifest/index.js +++ b/node_modules/npm-pick-manifest/index.js @@ -96,6 +96,10 @@ function pickManifest (packument, wanted, opts) { target = stillFresh[0] } + if (!target && restrictedVersions) { + target = semver.maxSatisfying(restrictedVersions, wanted, true) + } + const manifest = ( target && packument.versions[target] diff --git a/node_modules/npm-pick-manifest/package.json b/node_modules/npm-pick-manifest/package.json index c3ec09488a393..5adbc26957485 100644 --- a/node_modules/npm-pick-manifest/package.json +++ b/node_modules/npm-pick-manifest/package.json @@ -1,34 +1,35 @@ { - "_from": "npm-pick-manifest@3.0.0", - "_id": "npm-pick-manifest@3.0.0", + "_from": "npm-pick-manifest@3.0.2", + "_id": "npm-pick-manifest@3.0.2", "_inBundle": false, - "_integrity": "sha512-H+OnFudiq38Qj8P8xcesD/1Xa0Kvr2QRn1DTlephIwNfJg3P30Szc1wtpGEgdPXfAyKZKT2ajIM2X8YtCrbXrA==", + "_integrity": "sha512-wNprTNg+X5nf+tDi+hbjdHhM4bX+mKqv6XmPh7B5eG+QY9VARfQPfCEH013H5GqfNj6ee8Ij2fg8yk0mzps1Vw==", "_location": "/npm-pick-manifest", "_phantomChildren": {}, "_requested": { "type": "version", "registry": true, - "raw": "npm-pick-manifest@3.0.0", + "raw": "npm-pick-manifest@3.0.2", "name": "npm-pick-manifest", "escapedName": "npm-pick-manifest", - "rawSpec": "3.0.0", + "rawSpec": "3.0.2", "saveSpec": null, - "fetchSpec": "3.0.0" + "fetchSpec": "3.0.2" }, "_requiredBy": [ "#USER", - "/" + "/", + "/pacote" ], - "_resolved": "https://registry.npmjs.org/npm-pick-manifest/-/npm-pick-manifest-3.0.0.tgz", - "_shasum": "c94cab52d201a85875e45198fffe1a8a348e7af7", - "_spec": "npm-pick-manifest@3.0.0", - "_where": "/Users/isaacs/dev/npm/cli", + "_resolved": "https://registry.npmjs.org/npm-pick-manifest/-/npm-pick-manifest-3.0.2.tgz", + "_shasum": "f4d9e5fd4be2153e5f4e5f9b7be8dc419a99abb7", + "_spec": "npm-pick-manifest@3.0.2", + "_where": "/Users/claudiahdz/npm/cli", "author": { "name": "Kat Marchán", "email": "kzm@sykosomatic.org" }, "bugs": { - "url": "https://github.com/zkat/npm-pick-manifest/issues" + "url": "https://github.com/npm/npm-pick-manifest/issues" }, "bundleDependencies": false, "config": { @@ -57,7 +58,7 @@ "files": [ "*.js" ], - "homepage": "https://github.com/zkat/npm-pick-manifest#readme", + "homepage": "https://github.com/npm/npm-pick-manifest#readme", "keywords": [ "npm", "semver", @@ -68,7 +69,7 @@ "name": "npm-pick-manifest", "repository": { "type": "git", - "url": "git+https://github.com/zkat/npm-pick-manifest.git" + "url": "git+https://github.com/npm/npm-pick-manifest.git" }, "scripts": { "postrelease": "npm publish && git push --follow-tags", @@ -79,5 +80,5 @@ "update-coc": "weallbehave -o . && git add CODE_OF_CONDUCT.md && git commit -m 'docs(coc): updated CODE_OF_CONDUCT.md'", "update-contrib": "weallcontribute -o . && git add CONTRIBUTING.md && git commit -m 'docs(contributing): updated CONTRIBUTING.md'" }, - "version": "3.0.0" + "version": "3.0.2" } diff --git a/package-lock.json b/package-lock.json index c4c3b714d279e..e42455f99d98f 100644 --- a/package-lock.json +++ b/package-lock.json @@ -3820,9 +3820,9 @@ } }, "npm-pick-manifest": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/npm-pick-manifest/-/npm-pick-manifest-3.0.0.tgz", - "integrity": "sha512-H+OnFudiq38Qj8P8xcesD/1Xa0Kvr2QRn1DTlephIwNfJg3P30Szc1wtpGEgdPXfAyKZKT2ajIM2X8YtCrbXrA==", + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/npm-pick-manifest/-/npm-pick-manifest-3.0.2.tgz", + "integrity": "sha512-wNprTNg+X5nf+tDi+hbjdHhM4bX+mKqv6XmPh7B5eG+QY9VARfQPfCEH013H5GqfNj6ee8Ij2fg8yk0mzps1Vw==", "requires": { "figgy-pudding": "^3.5.1", "npm-package-arg": "^6.0.0", diff --git a/package.json b/package.json index c48d987fe616c..d76d5218782f4 100644 --- a/package.json +++ b/package.json @@ -102,7 +102,7 @@ "npm-lifecycle": "^3.1.3", "npm-package-arg": "^6.1.1", "npm-packlist": "^1.4.4", - "npm-pick-manifest": "^3.0.0", + "npm-pick-manifest": "^3.0.2", "npm-profile": "^4.0.2", "npm-registry-fetch": "^4.0.0", "npm-user-validate": "~1.0.0", From cebf542e61dcabdd2bd3b876272bf8eebf7d01cc Mon Sep 17 00:00:00 2001 From: isaacs Date: Fri, 30 Aug 2019 13:55:17 -0700 Subject: [PATCH 5/9] ci: pass appropriate configs for file/dir modes Re: https://npm.community/t/6-11-2-npm-ci-installs-package-with-wrong-permissions/9720 Still passing a plain old (non-Figgy Pudding) object into libcipm, duplicating the extra keys added in figgy-config.js. This is not a clean or nice or elegant solution, but it works, without regressing the config env var issue. Pairing with @claudiahdz PR-URL: https://github.com/npm/cli/pull/243 Credit: @isaacs Close: #243 Reviewed-by: @claudiahdz --- lib/ci.js | 26 ++++++++++++++++--- lib/config/figgy-config.js | 2 +- test/tap/ci-permissions.js | 53 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 77 insertions(+), 4 deletions(-) create mode 100644 test/tap/ci-permissions.js diff --git a/lib/ci.js b/lib/ci.js index 375c1448a1ea1..309ad2f784ec0 100644 --- a/lib/ci.js +++ b/lib/ci.js @@ -2,7 +2,8 @@ const npm = require('./npm.js') const Installer = require('libcipm') -const npmlog = require('npmlog') +const log = require('npmlog') +const path = require('path') ci.usage = 'npm ci' @@ -10,14 +11,33 @@ ci.completion = (cb) => cb(null, []) module.exports = ci function ci (args, cb) { - const opts = Object.create({ log: npmlog }) + const opts = { + // Add some non-npm-config opts by hand. + cache: path.join(npm.config.get('cache'), '_cacache'), + // NOTE: npm has some magic logic around color distinct from the config + // value, so we have to override it here + color: !!npm.color, + hashAlgorithm: 'sha1', + includeDeprecated: false, + log, + 'npm-session': npm.session, + 'project-scope': npm.projectScope, + refer: npm.referer, + dmode: npm.modes.exec, + fmode: npm.modes.file, + umask: npm.modes.umask, + npmVersion: npm.version, + tmp: npm.tmp + } + for (const key in npm.config.list[0]) { if (key !== 'log') { opts[key] = npm.config.list[0][key] } } + return new Installer(opts).run().then(details => { - npmlog.disableProgress() + log.disableProgress() console.log(`added ${details.pkgCount} packages in ${ details.runTime / 1000 }s`) diff --git a/lib/config/figgy-config.js b/lib/config/figgy-config.js index 9e9ca0ba561ef..d704d1502cb44 100644 --- a/lib/config/figgy-config.js +++ b/lib/config/figgy-config.js @@ -9,7 +9,7 @@ const npm = require('../npm.js') const pack = require('../pack.js') const path = require('path') -const npmSession = crypto.randomBytes(8).toString('hex') +const npmSession = npm.session = crypto.randomBytes(8).toString('hex') log.verbose('npm-session', npmSession) const SCOPE_REGISTRY_REGEX = /@.*:registry$/gi diff --git a/test/tap/ci-permissions.js b/test/tap/ci-permissions.js new file mode 100644 index 0000000000000..c73d464236540 --- /dev/null +++ b/test/tap/ci-permissions.js @@ -0,0 +1,53 @@ +const t = require('tap') +const tar = require('tar') +const common = require('../common-tap.js') +const pkg = common.pkg +const rimraf = require('rimraf') +const { writeFileSync, statSync, chmodSync } = require('fs') +const { resolve } = require('path') +const mkdirp = require('mkdirp') + +t.test('setup', t => { + mkdirp.sync(resolve(pkg, 'package')) + const pj = resolve(pkg, 'package', 'package.json') + writeFileSync(pj, JSON.stringify({ + name: 'foo', + version: '1.2.3' + })) + chmodSync(pj, 0o640) + tar.c({ + sync: true, + file: resolve(pkg, 'foo.tgz'), + gzip: true, + cwd: pkg + }, ['package']) + writeFileSync(resolve(pkg, 'package.json'), JSON.stringify({ + name: 'root', + version: '1.2.3', + dependencies: { + foo: 'file:foo.tgz' + } + })) + t.end() +}) + +t.test('run install to generate package-lock', t => + common.npm(['install'], { cwd: pkg }).then(([code]) => t.equal(code, 0))) + +t.test('remove node_modules', t => rimraf(resolve(pkg, 'node_modules'), t.end)) + +t.test('run ci and check modes', t => + common.npm(['ci'], { cwd: pkg, stdio: 'inherit' }).then(([code]) => { + t.equal(code, 0) + const file = resolve(pkg, 'node_modules', 'foo', 'package.json') + // bitwise AND against 0o705 so that we can detect whether + // the file is world-readable. + // Typical unix systems would leave the file 0o644 + // Travis-ci and some other Linux systems will be 0o664 + // Windows is 0o666 + // The regression this is detecting (ie, the default in the tarball) + // leaves the file as 0o640. + // Bitwise-AND 0o705 should always result in 0o604, and never 0o600 + const mode = statSync(file).mode & 0o705 + t.equal(mode, 0o604) + })) From fc5fc76182c0746433c84a7208877fb70ef62352 Mon Sep 17 00:00:00 2001 From: claudiahdz Date: Fri, 30 Aug 2019 17:45:46 -0500 Subject: [PATCH 6/9] docs: change log for 6.11.3 --- CHANGELOG.md | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index ba141546d7ad4..a9b73d7a230d1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,34 @@ +## 6.11.3 (2019-09-03): + +Fix npm ci regressions and npm outdated depth. + +### BUG FIXES + +* [`235ed1d28`](https://github.com/npm/cli/commit/235ed1d2838ef302bb995e183980209d16c51b9b) + [#239](https://github.com/npm/cli/pull/239) + Don't override user specified depth in outdated + Restores ability to update packages using `--depth` as suggested by `npm audit`. + ([@G-Rath](https://github.com/G-Rath)) +* [`1fafb5151`](https://github.com/npm/cli/commit/1fafb51513466cd793866b576dfea9a8963a3335) + [#242](https://github.com/npm/cli/pull/242) + [npm.community#9586](https://npm.community/t/6-11-1-some-dependencies-are-no-longer-being-installed/9586/4) + Revert "install: do not descend into directory deps' child modules" + ([@isaacs](https://github.com/isaacs)) +* [`cebf542e6`](https://github.com/npm/cli/commit/cebf542e61dcabdd2bd3b876272bf8eebf7d01cc) + [#243](https://github.com/npm/cli/pull/243) + [npm.community#9720](https://npm.community/t/6-11-2-npm-ci-installs-package-with-wrong-permissions/9720) + ci: pass appropriate configs for file/dir modes + ([@isaacs](https://github.com/isaacs)) + +### DEPENDENCIES + +* [`e5fbb7ed1`](https://github.com/npm/cli/commit/e5fbb7ed1fc7ef5c6ca4790e2d0dc441e0ac1596) + `read-cmd-shim@1.0.4` + ([@claudiahdz](https://github.com/claudiahdz)) +* [`23ce65616`](https://github.com/npm/cli/commit/23ce65616c550647c586f7babc3c2f60115af2aa) + `npm-pick-manifest@3.0.2` + ([@claudiahdz](https://github.com/claudiahdz)) + ## 6.11.2 (2019-08-22): Fix a recent Windows regression, and two long-standing Windows bugs. Also, From 5d3aaf093bc9af344bc558e0028d132cd7fd45cd Mon Sep 17 00:00:00 2001 From: isaacs Date: Fri, 30 Aug 2019 23:18:33 -0700 Subject: [PATCH 7/9] test: fix outdated-depth test --- test/tap/outdated-depth.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/test/tap/outdated-depth.js b/test/tap/outdated-depth.js index c3d87c64ce0e4..8e272e60027b1 100644 --- a/test/tap/outdated-depth.js +++ b/test/tap/outdated-depth.js @@ -68,6 +68,8 @@ test('outdated depth zero', function (t) { if (err) { throw err } + t.is(process.exitCode, 1, 'exit code set to 1') + process.exitCode = 0 s.close() t.end() }) From 8d738b4cc10fa63be5e87b5d87386a08ab537792 Mon Sep 17 00:00:00 2001 From: claudiahdz Date: Tue, 3 Sep 2019 17:09:41 -0500 Subject: [PATCH 8/9] update AUTHORS --- AUTHORS | 1 + 1 file changed, 1 insertion(+) diff --git a/AUTHORS b/AUTHORS index 95f7e9e7e7122..bed059c08e193 100644 --- a/AUTHORS +++ b/AUTHORS @@ -655,3 +655,4 @@ gall0ws Olivier Chevet Maël Nison Sara Ahbabou +Gareth Jones From b4ff454dd590d9ea0879a30c0816ec3fea31db5b Mon Sep 17 00:00:00 2001 From: claudiahdz Date: Tue, 3 Sep 2019 17:10:16 -0500 Subject: [PATCH 9/9] 6.11.3 --- package-lock.json | 2 +- package.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package-lock.json b/package-lock.json index e42455f99d98f..37297b2f6bad4 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "npm", - "version": "6.11.2", + "version": "6.11.3", "lockfileVersion": 1, "requires": true, "dependencies": { diff --git a/package.json b/package.json index d76d5218782f4..9b64923c418bd 100644 --- a/package.json +++ b/package.json @@ -1,5 +1,5 @@ { - "version": "6.11.2", + "version": "6.11.3", "name": "npm", "description": "a package manager for JavaScript", "keywords": [