profile
viewpoint
isaacs isaacs GitHub Oakland CA http://blog.izs.me Principal Engineer at GitHub npm inventor, founder npm, Inc. Former Node BDFL. All opinions are my own. Literally all of them. I own them all. He/him

indutny/caine 141

Friendly butler

isaacs/abbrev-js 141

Like ruby's Abbrev module

isaacs/async-cache 117

Cache your async lookups and don't fetch the same thing more than necessary.

dawsbot/config-chain 96

Handle configuration once and for all

isaacs/block-stream 48

A stream of fixed-size blocks

isaacs/.vim 44

My vim settings

dominictarr/stream-punks 40

discussion repo for streams

isaacs/back-to-markdown.css 21

Turns any markdown editor into a WYSIWYG editor

isaacs/ahyane 11

A blog engine that builds html from text files.

isaacs/blog.izs.me 9

Gatsby app that powers my blog

issue commentnpm/cli

[BUG] npm install can potentially delete .git directory

Ooh, this is a fun one. Note that it only happens if the folder is named resolve.

For some reason, it's trying to reify the published resolve version over the root node of the project. That's not supposed to happen :)

MylesBorins

comment created time in an hour

created tagnpm/cli

tagv7.0.0-beta.2

the package manager for JavaScript

created time in 2 days

delete tag npm/cli

delete tag : v7.0.0-beta.2

delete time in 2 days

created tagnpm/cli

tagv7.0.0-beta.2

the package manager for JavaScript

created time in 2 days

push eventnpm/cli

isaacs

commit sha 9caa8a2ebf0f26e8ff2aa30818839037cf9970d1

add make-fetch-happen direct dependency

view details

isaacs

commit sha 748fd915a208e73a86cce8cac55628c108ed7242

changelog for 7.0.0-beta.2

view details

isaacs

commit sha 9e8144f13ff46a50a3170dfba96a57d810bafd7f

7.0.0-beta.2

view details

push time in 2 days

push eventnpm/cli

isaacs

commit sha 53e71025695ded3fc367203b24f9238e20dccc84

remove update-notifier module PR-URL: https://github.com/npm/cli/pull/1632 Credit: @isaacs Close: #1632 Reviewed-by: @ruyadorno

view details

isaacs

commit sha eaf9ba659a2a5ec3b03d36689aea0747efef0e3c

refactor and test for installed-shallow completion

view details

isaacs

commit sha f6d468a3b4bef0b3cc134065d776969869fca51e

update doctor command Pending unit tests still, but at least it works to a rough approximation now, instead of not working at all.

view details

isaacs

commit sha 6acdf2b6f6ad7cb2ea035756fb70f71faf0ceb38

Direct users to our GitHub issues instead of npm.community

view details

push time in 2 days

push eventnpm/cli

isaacs

commit sha 302721184f15ce046bbf313f75cda50e04a3f2fd

update doctor command Pending unit tests still, but at least it works to a rough approximation now, instead of not working at all.

view details

isaacs

commit sha e31752df446c334d779a193e4e4c1d6d0d0f471c

Direct users to our GitHub issues instead of npm.community

view details

push time in 2 days

Pull request review commentnpm/cli

Isaacs/doctor

-'use strict'--const ansiTrim = require('./utils/ansi-trim')-const chain = require('slide').chain-const color = require('ansicolors')-const defaultRegistry = require('./config/defaults').defaults.registry-const log = require('npmlog')-const npm = require('./npm')-const output = require('./utils/output')-const path = require('path')-const semver = require('semver')-const styles = require('ansistyles')+const npm = require('./npm.js')++const chalk = require('chalk')+const ansiTrim = require('./utils/ansi-trim.js') const table = require('text-table')+const output = require('./utils/output.js')+const completion = require('./utils/completion/none.js')+const usageUtil = require('./utils/usage.js')+const usage = usageUtil('doctor', 'npm doctor')+const { resolve } = require('path') -// steps-const checkFilesPermission = require('./doctor/check-files-permission')-const checkPing = require('./doctor/check-ping')-const getGitPath = require('./doctor/get-git-path')-const getLatestNodejsVersion = require('./doctor/get-latest-nodejs-version')-const getLatestNpmVersion = require('./doctor/get-latest-npm-version')-const verifyCachedFiles = require('./doctor/verify-cached-files')+const ping = require('./utils/ping.js')+const checkPing = async () => {+  const tracker = npm.log.newItem('checkPing', 1)+  tracker.info('checkPing', 'Pinging registry')+  try {+    await ping(npm.flatOptions)+    return ''+  } catch (er) {+    if (/^E\d{3}$/.test(er.code || '')) {+      throw er.code.substr(1) + ' ' + er.message+    } else {+      throw er+    }+  } finally {+    tracker.finish()+  }+} -const globalNodeModules = path.join(npm.config.globalPrefix, 'lib', 'node_modules')-const localNodeModules = path.join(npm.config.localPrefix, 'node_modules')+const pacote = require('pacote')+const getLatestNpmVersion = async () => {+  const tracker = npm.log.newItem('getLatestNpmVersion', 1)+  tracker.info('getLatestNpmVersion', 'Getting npm package information')+  try {+    const latest = (await pacote.manifest('npm@latest', npm.flatOptions)).version+    if (semver.gte(npm.version, latest)) {+      return `current: v${npm.version}, latest: v${latest}`+    } else {+      throw `Use npm v${latest}`+    }+  } finally {+    tracker.finish()+  }+} -const usageUtil = require('./utils/usage.js')-const usage = usageUtil('doctor', 'npm doctor')-const completion = require('./utils/completion/none.js')+const semver = require('semver')+const fetch = require('make-fetch-happen')+const getLatestNodejsVersion = async () => {+  // XXX get the latest in the current major as well+  const current = process.version+  const currentRange = `^${current}`+  const url = 'https://nodejs.org/dist/index.json'+  const tracker = npm.log.newItem('getLatestNodejsVersion', 1)+  tracker.info('getLatestNodejsVersion', 'Getting Node.js release information')+  try {+    const res = await fetch(url, { method: 'GET', ...npm.flatOptions })+    const data = await res.json()+    let maxCurrent = '0.0.0'+    let maxLTS = '0.0.0'+    for (const { lts, version } of data) {+      if (lts && semver.gt(version, maxLTS)) {+        maxLTS = version+      }+      if (semver.satisfies(version, currentRange) && semver.gt(version, maxCurrent)) {+        maxCurrent = version+      }+    }+    const recommended = semver.gt(maxCurrent, maxLTS) ? maxCurrent : maxLTS+    if (semver.gte(process.version, recommended)) {+      return `current: ${current}, recommended: ${recommended}`+    } else {+      throw `Use node ${recommended} (current: ${current})`+    }+  } finally {+    tracker.finish()+  }+} -function doctor (args, silent, cb) {-  args = args || {}-  if (typeof cb !== 'function') {-    cb = silent-    silent = false+const { promisify } = require('util')+const fs = require('fs')+const { R_OK, W_OK, X_OK } = fs.constants+const maskLabel = mask => {+  const label = []+  if (mask & R_OK) {+    label.push('readable')+  }+  if (mask & W_OK) {+    label.push('writable')+  }+  if (mask & X_OK) {+    label.push('executable')+  }+  return label.join(', ')+}+const lstat = promisify(fs.lstat)+const readdir = promisify(fs.readdir)+const access = promisify(fs.access)+const isWindows = require('./utils/is-windows.js')+const checkFilesPermission = async (root, shouldOwn = true, mask = null) => {+  if (mask === null) {+    mask = shouldOwn ? R_OK | W_OK : R_OK   } -  const actionsToRun = [-    [checkPing],-    [getLatestNpmVersion],-    [getLatestNodejsVersion, args['node-url']],-    [getGitPath],-    [checkFilesPermission, npm.cache, 4, 6],-    [checkFilesPermission, globalNodeModules, 4, 4],-    [checkFilesPermission, localNodeModules, 6, 6],-    [verifyCachedFiles, path.join(npm.cache, '_cacache')]-  ]+  let ok = true++  const tracker = npm.log.newItem(root, 1)++  try {+    const uid = process.getuid()+    const gid = process.getgid()+    const files = new Set([root])+    for (const f of files) {+      tracker.silly('checkFilesPermission', f.substr(root.length + 1))+      const st = await lstat(f)+        .catch(er => {+          ok = false+          tracker.warn('checkFilesPermission', 'error getting info for ' + f)+        })++      tracker.completeWork(1) -  log.info('doctor', 'Running checkup')-  chain(actionsToRun, function (stderr, stdout) {-    if (stderr && stderr.message !== 'not found: git') return cb(stderr)-    const list = makePretty(stdout)-    let outHead = ['Check', 'Value', 'Recommendation']-    let outBody = list--    if (npm.color) {-      outHead = outHead.map(function (item) {-        return styles.underline(item)-      })-      outBody = outBody.map(function (item) {-        if (item[2]) {-          item[0] = color.red(item[0])-          item[2] = color.magenta(item[2])+      if (!st) {+        continue+      }++      if (shouldOwn && (uid !== st.uid || gid !== st.gid)) {+        tracker.warn('checkFilesPermission', 'should be owner of ' + f)+        ok = false+      }++      if (!st.isDirectory() && !st.isFile()) {+        continue+      }++      try {+        await access(f, mask)+      } catch (er) {+        ok = false+        const msg = `Missing permissions on ${f} (expect: ${maskLabel(mask)})`+        tracker.error('checkFilesPermission', msg)+        continue+      }++      if (st.isDirectory()) {+        const entries = await readdir(f)+          .catch(er => {+            ok = false+            tracker.warn('checkFilesPermission', 'error reading directory ' + f)+            return []+          })+        for (const entry of entries) {+          files.add(resolve(f, entry))         }-        return item-      })+      }     }--    const outTable = [outHead].concat(outBody)-    const tableOpts = {-      stringLength: function (s) { return ansiTrim(s).length }+  } finally {+    tracker.finish()+    if (!ok) {+      throw `Check the permissions of files in ${root}` ++        (shouldOwn ? ' (should be owned by current user)' : '')+    } else {+      return ''     }+  }+} -    if (!silent) output(table(outTable, tableOpts))+const which = promisify(require('which'))

Oh! So it is. It still accepts a cb, which is what threw me. I'll update and push.

isaacs

comment created time in 2 days

push eventnpm/cli

isaacs

commit sha 559faf164e37e0339f794cbaae696252767e1c28

update doctor command Pending unit tests still, but at least it works to a rough approximation now, instead of not working at all.

view details

isaacs

commit sha 310194fc5d23891ac39912439724a91336f30ad7

Direct users to our GitHub issues instead of npm.community

view details

push time in 2 days

Pull request review commentnpm/cli

new npm-specific update-notifier implementation

 module.exports = (process) => {   // this is how to use npm programmatically:   conf._exit = true   const updateNotifier = require('../lib/utils/update-notifier.js')-  npm.load(conf, er => {+  npm.load(conf, async er => {     if (er) return errorHandler(er) -    updateNotifier(npm)+    npm.updateNotification = await updateNotifier(npm)

So, the updateTimeout method would have to be split into two functions, one to check the timer and another to reset it.

isaacs

comment created time in 2 days

Pull request review commentnpm/cli

new npm-specific update-notifier implementation

 module.exports = (process) => {   // this is how to use npm programmatically:   conf._exit = true   const updateNotifier = require('../lib/utils/update-notifier.js')-  npm.load(conf, er => {+  npm.load(conf, async er => {     if (er) return errorHandler(er) -    updateNotifier(npm)+    npm.updateNotification = await updateNotifier(npm)

Hm. Yeah, we could do something like:

updateNotifier(npm).then(message => { npm.updateNotification = message })

and then it'll just get killed when the process exits if it doesn't finish in time.

But it means you won't ever get notified if you're running npm ls. Maybe that's good? Have to make sure the timer file doesn't get touched before pacote finishes though.

isaacs

comment created time in 2 days

push eventnpm/cli

isaacs

commit sha 4b5ea1de6aefaa9abd425526b6041a4a6e774ef0

update doctor command Pending unit tests still, but at least it works to a rough approximation now, instead of not working at all.

view details

isaacs

commit sha e1eec071445d9791dbfec270f73be341003cd65d

Direct users to our GitHub issues instead of npm.community

view details

push time in 2 days

push eventnpm/cli

isaacs

commit sha 290684227954a1979b34e8a5aed177d288899596

Direct users to our GitHub issues instead of npm.community

view details

push time in 2 days

PR closed npm/cli

refactor: replace lodash.without with Array#filter

The PR removes lodash.without dependency by replacing lodash.without with native JavaScript Array#filter.

+4 -1202

2 comments

9 changed files

SukkaW

pr closed time in 2 days

pull request commentnpm/cli

refactor: replace lodash.without with Array#filter

We're not able to land this in v6, because it's a breaking change, given the Node.js versions that v6 supports. But, if you'd like to send PRs against the release/v7.0.0-beta branch that replace lodash deps with native JavaScript, that'd be much appreciated!

SukkaW

comment created time in 2 days

PR closed npm/cli

refactor: replace lodash.uniq with ES6 Set

The PR drops lodash.uniq dependency.

lodash.uniq is bit too heavy. With Set we only need one line.

+5 -1042

2 comments

9 changed files

SukkaW

pr closed time in 2 days

pull request commentnpm/cli

refactor: replace lodash.uniq with ES6 Set

We're not able to land this in v6, because it's a breaking change, given the Node.js versions that v6 supports. But, if you'd like to send PRs against the release/v7.0.0-beta branch that replace lodash deps with native JavaScript, that'd be much appreciated!

SukkaW

comment created time in 2 days

PR opened npm/cli

Isaacs/doctor

Based on update-notifier refactor branch, land that first.

+787 -27988

0 comment

366 changed files

pr created time in 2 days

create barnchnpm/cli

branch : isaacs/doctor

created branch time in 2 days

pull request commentnpm/cli

new npm-specific update-notifier implementation

New styling: Screen Shot 2020-08-06 at 14 30 04

isaacs

comment created time in 3 days

push eventnpm/cli

isaacs

commit sha d062b2c02a4d6d5f1a274aa8eb9c5969ca6253db

new npm-specific update-notifier implementation This drops our usage of the update-notifier module, in favor of checking ourselves, using the modules and UX patterns that npm already has in place. - While on a prerelease version, updates are checked for every day, instead of every week, and always checks for a new beta in the current release family. Ie, ^7.0.0-beta.2 instead of latest. - Latest version is suggested if newer than current. - If current version is newer than latest, then we check again for an update in the current version family. Ie, ^7.0.0 instead of latest, if current is 7.0.0 and latest is 6.x. - Output is printed using log.notice, at the end of all other log output, so that it's both less visually disruptive, and less likely to be missed among other warnings and notices. This has the side effect of requiring that we set npm.flatOptions as soon as config is loaded, rather than waiting for a command to be run. Since the cli runs a command immediately after loading anyway, this is not a relevant change for our purposes, but worth mentioning here.

view details

isaacs

commit sha 655964d1503d7685504e7ae400e16cac7ae892b8

remove update-notifier module

view details

push time in 3 days

PR opened npm/cli

new npm-specific update-notifier implementation

This drops our usage of the update-notifier module, in favor of checking ourselves, using the modules and UX patterns that npm already has in place.

  • While on a prerelease version, updates are checked for every day, instead of every week, and always checks for a new beta in the current release family. Ie, ^7.0.0-beta.2 instead of latest.
  • Latest version is suggested if newer than current.
  • If current version is newer than latest, then we check again for an update in the current version family. Ie, ^7.0.0 instead of latest, if current is 7.0.0 and latest is 6.x.
  • Output is printed using log.notice, at the end of all other log output, so that it's both less visually disruptive, and less likely to be missed among other warnings and notices.

This has the side effect of requiring that we set npm.flatOptions as soon as config is loaded, rather than waiting for a command to be run. Since the cli runs a command immediately after loading anyway, this is not a relevant change for our purposes, but worth mentioning here.

+397 -27654

0 comment

356 changed files

pr created time in 3 days

create barnchnpm/cli

branch : isaacs/new-terse-update-notifier

created branch time in 3 days

issue openednpm/cli

Make view test snapshot deterministic

https://github.com/npm/cli/pull/1622/checks?check_run_id=951548971#step:5:469

Probably a good idea to replace any published .*? ago with a specific known string. Something like this:

t.cleanSnapshot = str => str.replace(/published .*? ago/g, 'published {TIME} ago'))

created time in 4 days

push eventnpm/cli

isaacs

commit sha ee0a256f88b67ed1681405764e902fd7a93dd6b1

update snapshots

view details

push time in 4 days

PR opened npm/cli

Improve abbrevs for install and help

The existence of 'install-test' and 'install-clean' make 'npm inst' no longer de-reference to 'npm install'. Similarly, the existence of 'help-search' prevents 'hel' from being a shorthand for 'help'.

This adds some artisanally hand-crafted abbreviations for these cases.

Fix: #1617

<!-- What / Why --> <!-- Describe the request in detail. What it does and why it's being changed. -->

References

<!-- Examples: Related to #0 Depends on #0 Blocked by #0 Fixes #0 Closes #0 -->

+30 -9

0 comment

2 changed files

pr created time in 4 days

create barnchnpm/cli

branch : isaacs/improve-abbrevs

created branch time in 4 days

issue commentnpm/cli

cli: `make docs` in clean checkout prior to v7.0.0-beta.0 doesn't build gatsby bin

The complete "fix" would be pretty costly, too. Basically, any arborist.buildIdealTree({ complete: true }) in the presence of a v1 lockfile will have to call pacote.manifest on the name@version of each item in the tree if the resolved value looks like the expected registry tarball, or on resolved if not (which means a lot more temp unpacks).

isaacs

comment created time in 4 days

issue commentnpm/cli

cli: `make docs` in clean checkout prior to v7.0.0-beta.0 doesn't build gatsby bin

Actually this only happens if you do npm i --package-lock-only ahead of doing npm install. I think we can potentially raise a warning if doing a package-lock-only install with an old lockfile, or even just WONTFIX this, but upon further investigation, it's not as high a priority as I initially thought.

isaacs

comment created time in 4 days

issue openednpm/cli

cli: `make docs` in clean checkout prior to v7.0.0-beta.0 doesn't build gatsby bin

It looks like, when we have a v6 lockfile and no node_modules folder, npm install will fail to create bins, because it does not re-check the package manifest to see that there's a bin entry, since it gets the nodes from the virtualTree.

loadVirtual will re-check the actual node_modules/.../package.json files for extra data when encountering a v6 lockfile. However, if they're not there, then we just have to deal with the incomplete data.

In this case, reify() (or buildIdealTree({ complete: true })) should fetch updated manifests from the registry, and fill in the blanks like loadVirtual would have from the node_modules/.../package.json files.

created time in 4 days

issue openednpm/arborist

memoize audit metavuln info to disk

Right now, when you have a project with a dependency p that has a lot of dependencies, all of which depend back on it, and where it also has a large number of published versions, it can send npm audit into a tailspin for quite a long time checking to see which versions of p are vulnerable by virtue of their dependence on a vulnerable module q. This is somewhat unavoidable the first time we audit something, but if nothing changes, we have to do all that work again when the user runs npm audit fix to fix the problem.

A possible approach to address this would be to cache the vulnerability->metavulnerability relationship somewhere predictable. The key should be determined such that any change to the advisory version range or available versions of q will invalidate it. Then, when we see a package p that depends on q, which is vulnerable within <range>, we can look in this cached result to see that p-q-<hash(q versions)>-<hash(range)> results in vulnerabilities in a set of versions p, and a list of the versions of p that were available at the time. Then, we only have to check any additional versions of p that we now have, and update the cached data.

This data should probably live in cacache somewhere, since it's not per-project. That would also help avoid a situation where one project already knows that some version of p is vulnerable for some other reason, by seeing any other metavulns applied against it.

created time in 4 days

issue openednpm/cli

Issues with `audit fix` in npm v5 style lockfile

The lockfile created by npm 5 puts the current version of dependencies into the requires set, rather than the intended dependency range. As a result, packages seem like they're vulnerable because they appear to be pinned to a vulnerable dep. However, when we get the packuments in the audit process, we see that they're not actually vulnerable, so it looks like npm audit fix will fix the problem. But then, when we run npm audit fix, we get an idealTree out of the package-lock.json that has the deps pinned again!

One solution might be to have audit correct the idealTree and refresh the lockfile metadata, so that the subsequent reify() call for audit({fix:true}) has the updated dependency ranges.

created time in 4 days

IssuesEvent

issue openednpm/cli

v7: exclude dev deps from `npm audit --production`

created time in 4 days

issue openednpm/cli

Handle `Could not resolve dependency tree` errors better

Arborist is putting a ton of useful info on those error objects in that case. Use it to provide a better experience. If relevant, suggest --legacy-peer-deps.

created time in 4 days

issue openednpm/cli

fix abbrevs

node insta, node insta -h, node help insta aren't working, and ought to.

created time in 4 days

issue closednpm/cli

npm init v7

npm init is currently failing in v7.0.0-beta branch.

closed time in 4 days

ruyadorno

issue closednpm/cli

reify-output error on --package-lock-only

Another error I hit while trying to clean up https://github.com/ruyadorno/eslintme

npm verb stack TypeError: Cannot read property 'action' of null
npm verb stack     at visit (/Users/ruyadorno/Documents/workspace/cli/v7.0.0-beta/lib/utils/reify-output.js:40:17)
npm verb stack     at visitNode (/Users/ruyadorno/Documents/workspace/cli/v7.0.0-beta/node_modules/treeverse/lib/depth.js:31:25)
npm verb stack     at depth (/Users/ruyadorno/Documents/workspace/cli/v7.0.0-beta/node_modules/treeverse/lib/depth.js:67:10)
npm verb stack     at reifyOutput (/Users/ruyadorno/Documents/workspace/cli/v7.0.0-beta/lib/utils/reify-output.js:37:3)
npm verb stack     at install (/Users/ruyadorno/Documents/workspace/cli/v7.0.0-beta/lib/install.js:65:5)

link ref: https://github.com/npm/cli/blob/5473bbda76fd0fbb3d8321c19bc045c71c06a44c/lib/utils/reify-output.js#L40

closed time in 4 days

ruyadorno

issue closednpm/cli

npm audit package-lock v1 error

Hit a strange error trying to do janitor work over https://github.com/ruyadorno/eslintme

npm verb stack TypeError: Cannot read property 'via' of undefined
npm verb stack     at printVuln (/Users/ruyadorno/Documents/workspace/cli/v7.0.0-beta/node_modules/npm-audit-report/lib/reporters/detail.js:73:14)
npm verb stack     at fullReport (/Users/ruyadorno/Documents/workspace/cli/v7.0.0-beta/node_modules/npm-audit-report/lib/reporters/detail.js:22:17)
npm verb stack     at Object.module.exports [as detail] (/Users/ruyadorno/Documents/workspace/cli/v7.0.0-beta/node_modules/npm-audit-report/lib/reporters/detail.js:9:27)
npm verb stack     at module.exports.Object.assign.reporters.reporters (/Users/ruyadorno/Documents/workspace/cli/v7.0.0-beta/node_modules/npm-audit-report/lib/index.js:34:32)
npm verb stack     at audit (/Users/ruyadorno/Documents/workspace/cli/v7.0.0-beta/lib/audit.js:19:20)
npm verb stack     at processTicksAndRejections (internal/process/task_queues.js:93:5)

line ref: https://github.com/npm/npm-audit-report/blob/latest/lib/reporters/detail.js#L73 problematic package-lock v1: https://github.com/ruyadorno/eslintme/blob/5797c7a7e18f7780b26e692061c71d64cd5285ed/package-lock.json

closed time in 4 days

ruyadorno

issue closednpm/cli

test and refactor lib/npm.js and bin/npm-cli.js

  • Remove some affordances that are no longer relevant (WScript messaging, onload-script support, npm.commandName instead of npm.commands['command-name'](), optional callback/args lists, etc.)
  • unit test up to 100% coverage
  • modernize code (make npm an instance of a class, const/let/arrow-functions, organize and clean up, etc.)

closed time in 4 days

isaacs

created tagnpm/cli

tagv7.0.0-beta.1

the package manager for JavaScript

created time in 4 days

push eventnpm/cli

isaacs

commit sha 0d9b1271d92271fccab086fa07b10bd18cf31cc8

7.0.0-beta.1

view details

push time in 4 days

push eventnpm/cli

isaacs

commit sha 835c1aa9fa5ae362123a0c23b0920c0e16a1bfa0

changelog for v7.0.0-beta.1

view details

push time in 4 days

push eventnpm/cli

isaacs

commit sha 81f5a05584ee0275992f8f7490d7e9ca47edb206

changelog for v7.0.0-beta.1

view details

push time in 4 days

push eventnpm/cli

isaacs

commit sha f151d72206e67160808094425dfc35c8ed86db8c

changelog for v7.0.0-beta.1

view details

push time in 4 days

push eventnpm/cli

isaacs

commit sha 57e031b8aaeca28ea0910924430ad704b0b5d495

chmod npx to 0755

view details

push time in 4 days

push eventnpm/cli

isaacs

commit sha cf27df035cfba4f859d14859229bb90841b8fda6

@npmcli/arborist@0.0.14 This makes the project installable with npm v6

view details

push time in 4 days

push eventnpm/arborist

isaacs

commit sha 9b9dabae2f2707479d6a5ea2cdadad1f141b289f

Omit peer deps from legacy lockfile requires lists

view details

isaacs

commit sha 3a475996d44159841aee4b8408a276668e094eb2

0.0.14

view details

push time in 4 days

created tagnpm/arborist

tagv0.0.14

npm's tree doctor

created time in 4 days

push eventnpm/cli

isaacs

commit sha 070139fe2d3784963002235270388582cad1bf2c

update update-notifier snapshot We really need to replace this with something lighter.

view details

push time in 5 days

push eventnpm/cli

isaacs

commit sha 0808328c93d9cd975837eeb53202ce3844e1cf70

pack: set correct filename for scoped packages This should probably be done in libnpmpack. Can be removed from here when it is.

view details

push time in 5 days

push eventnpm/cli

isaacs

commit sha 2c305e8b7bfa28b07812df74f46983fad2cb85b6

pack: output generated tarball filename Also, pass the options to `libnpmpack`, or else we end up getting invalid integrity values for remote tarballs for some reason. This fixes CITGM with npm v7.

view details

push time in 5 days

PR opened npm/cli

Reviewers
pack: output generated tarball filename

This fixes CITGM with npm v7.

cc: @MylesBorins

+67 -32

0 comment

2 changed files

pr created time in 5 days

create barnchnpm/cli

branch : isaacs/pack-output-filename

created branch time in 5 days

created tagnpm/cli

tagv7.0.0-beta.0

the package manager for JavaScript

created time in 5 days

push eventnpm/cli

isaacs

commit sha f7505572ef79b8801b408d52db1444017f5f21e9

7.0.0-beta.0

view details

isaacs

commit sha 8ac322d410fb64815525652d2b1f892c2662b733

update version in package-lock.json

view details

isaacs

commit sha d5d5adacfa7b0d49efca84c2a2e50ccf33653ae3

update docs deps

view details

push time in 5 days

push eventnpm/cli

isaacs

commit sha 9e5bac02794b263728e1a61175ec6a55a8438d7f

changelog v7.0.0-beta.0

view details

push time in 5 days

push eventnpm/cli

isaacs

commit sha a71d7f0adaaba063dd1ef4282101bf1f256edd5c

update AUTHORS

view details

Ruy Adorno

commit sha 5de4f81828f8c3c8b3b0870a62365b332afe2a6c

test: refactor dist-tag to test/lib - Refactored dist-tag tests into unit tests in test/lib - Small tweaks and fixes to dist-tag found while writing tests - Refactored lib/utils/read-local-package.js and its tests - Tweaked usage in consuming lib/owner.js PR-URL: https://github.com/npm/cli/pull/1611 Credit: @ruyadorno Close: #1611 Reviewed-by: @isaacs

view details

isaacs

commit sha 731df81640e08b2fe5387ee8c7f87b91c7089f60

@npmcli/arborist@0.0.13

view details

isaacs

commit sha 938369bf0f25810bd0769b588a37f9564f06401e

script to check that all bundled deps are actually used

view details

push time in 5 days

Pull request review commentnpm/cli

test: refactor dist-tag to test/lib

-exports = module.exports = readLocalPkg+'use strict' -var npm = require('../npm.js')-var readJson = require('read-package-json')+const { resolve } = require('path')+const readJson = require('read-package-json-fast')+const npm = require('../npm.js') -function readLocalPkg (cb) {-  if (npm.config.get('global')) return cb()-  var path = require('path')-  readJson(path.resolve(npm.prefix, 'package.json'), function (er, d) {-    return cb(er, d && d.name)-  })+async function readLocalPackageName (cb) {+  if (npm.flatOptions.global) {+    return+  }++  const filepath = resolve(npm.flatOptions.prefix, 'package.json')

return (await readJson(filePath)).name

ruyadorno

comment created time in 5 days

push eventnpm/arborist

isaacs

commit sha 31038b36977659e490bddc91d0c2df9d7a8aeff2

Avoid invalid auditReport with npm v5 lockfile npm version 5 created package-lock.json files that did not contain the full dependency spec in the 'requires' block. As a result, a node may _appear_ to be a meta-vulnerability, but when we scan for the versions that actually _are_ vulnerable, we don't find any. The AuditReport.delete() method was not removing the vuln from the 'effects' list of the vulnerabilities causing it, so this led to problems when trying to print the report, and being unable to find the missing items. There's still an issue where audit fix won't be able to fix the problem without first reifying to get a new lockfile, but since this only affects projects migrating from npm v5, the impact is more minor. cc: @ruyadorno

view details

isaacs

commit sha 1551d1a511415b93d41a88c9ae5277f15033f8a4

0.0.13

view details

push time in 5 days

created tagnpm/arborist

tagv0.0.13

npm's tree doctor

created time in 5 days

push eventnpm/cli

isaacs

commit sha 2437f651312499280f3d9eabbcca9e511db3d5ac

reify-output: do not blow up if diff is missing Fix #1595

view details

push time in 6 days

issue commentnpm/cli

npm init v7

working now, but sans tests.

ruyadorno

comment created time in 6 days

issue closednpm/cli

[BUG] loglevel is ignored by by fund and audit on `npm install`

What / Why

Currently, when you run npm install <module> --silent (or any other log filter), both fund and audit are logged. (Credit where credit is due: Tweet)

When

  • Audit: Whenever I npm install a module.
  • Fund: Whenever I npm install a module that resolves a module with a fund property in its dependency tree.

Where

  • npm/cli

Current Behavior

  • console.log()s both fund and audit no matter

Steps to Reproduce

<!-- Describe how to produce the issue -->

  • n/a

Expected Behavior

  • Both audit and fund should likely both be considered notice level logs and not appear in anything more strict than that (since notice is the default, this also makes sense with the current default behavior of both of them).

Credit where Credit is Due

closed time in 6 days

bnb

issue commentnpm/cli

[BUG] loglevel is ignored by by fund and audit on `npm install`

It's covered in v7. Closing now.

bnb

comment created time in 6 days

PR closed npm/cli

[Breaking] add "exports" field Release 7.x semver:major

Since npm v7 is imminent, it's a great opportunity to add the "exports" field, which is otherwise very hard to make nonbreaking.

I used the verbose form for ".", because node v13.0 and v13.1 require the string fallback, and if you ever want to add an ESM wrapper, this will make it trivial to add the "import" key to the object form correctly. I used the "default" key because some node versions will produce an unfortunate experimental warning if you use the "node" or "require" keys.

I also included package.json since a ton of tools rely on this information being requireable.

If there are other entry points that you'd want npm 7 to expose, please let me know and I'm happy to add them :-)

What / Why

<!-- Describe the request in detail -->

n/a

References

<!-- Examples

  • Related to #0
  • Depends on #0
  • Blocked by #0
  • Closes #0 -->
  • n/a
+9 -0

3 comments

1 changed file

ljharb

pr closed time in 6 days

pull request commentnpm/cli

[Breaking] add "exports" field

This will be in the v7 beta. Thanks!

ljharb

comment created time in 6 days

push eventnpm/cli

Jordan Harband

commit sha 9d2d604550d28420af356ec4cfa9fb5e69f794bc

[Breaking] add "exports" field Since npm v7 is imminent, it's a great opportunity to add the "exports" field, which is otherwise very hard to make nonbreaking. I used the verbose form for ".", because node v13.0 and v13.1 require the string fallback, and if you ever want to add an ESM wrapper, this will make it trivial to add the "import" key to the object form correctly. I used the "default" key because some node versions will produce an unfortunate experimental warning if you use the "node" or "require" keys. I also included package.json since a ton of tools rely on this information being requireable. PR-URL: https://github.com/npm/cli/pull/1413 Credit: @ljharb Close: #1413 Reviewed-by: @isaacs

view details

push time in 6 days

PR closed npm/cli

feat: `npm repo` support `repository.directory` field Needs Review Release 7.x semver:minor

Summary

This PR makes npm repo possible to open a given repository's full URL instead of its root URL with the new repository.directory field.

For example, npm repo react-dom opens https://github.com/facebook/react/tree/master/packages/react-dom.

Background

npm@6.8.0 shipped the new feature to support repository.field in package.json.

For example:

{
  "repository": {
    "type": "git",
    "url": "https://github.com/facebook/react.git",
    "directory": "packages/react-dom"
  }
}
  • https://docs.npmjs.com/files/package.json#repository
  • https://github.com/facebook/react/blob/v16.8.2/packages/react/package.json#L23

See also #140

+75 -2

6 comments

2 changed files

ybiquitous

pr closed time in 6 days

pull request commentnpm/cli

feat: `npm repo` support `repository.directory` field

This will be in the v7 beta. Thanks!

ybiquitous

comment created time in 6 days

push eventnpm/cli

Masafumi Koba

commit sha ebf7ac96f0bb0806b3e5ab4c86a7abea853c5714

feat: `npm repo` support `repository.directory` field Related: #140 PR-URL: https://github.com/npm/cli/pull/163 Credit: @ybiquitous Close: #163 Reviewd-By: @isaacs

view details

push time in 6 days

push eventnpm/cli

isaacs

commit sha 3aba8d62f060753a089e7108130624722d32453a

npx: add install prompt, handle options correctly - handle previous npx options that are still possible to be handled, and print a warning if any deprecated/removed options are used. - expand shorthands properly in npx command line. - take existing npm options into account when determining placement of the -- argument. - document changes from previous versions of npx. PR-URL: https://github.com/npm/cli/pull/1596 Credit: @isaacs Close: #1596 Reviewed-by: @ruyadorno

view details

Edward Thomson

commit sha f3b1d8068f8677cf0461159bba6658920c7dbfbf

GitHub Actions: add a win32 bash workflow Update the matrix to have two Windows workflows: one running PowerShell and one running bash.

view details

Ruy Adorno

commit sha 5b1f1b8bb835d41a60456f6e652e60868842fa1d

chore: removed .travis.yml file PR-URL: https://github.com/npm/cli/pull/1583 Credit: @ethomson Close: #1583 Reviewed-by: @isaacs

view details

isaacs

commit sha 7356d4a24231ff551de332ca0e8802cb39680bc1

Actions: remove v6 and v8, add v14 Accidentally landed this in the v7 branch, didn't realize it was based on v6.

view details

isaacs

commit sha 362e259c90d03d7bd0d0de3404b2ff7d810e58f3

remove unused production deps

view details

isaacs

commit sha f20e3924a4ec3efa5cef99e633b9dec908b1e160

gitignore package-lock.json files in node_modules

view details

isaacs

commit sha 05990d919852299b7858d8c899490f1d0118f340

ignore coverage and packed cli versions

view details

isaacs

commit sha 8981fc97dc89f99c6b1aa23cebd93493e14c6953

Reset dep install. Discover strange bundle dep bug The `tap` package bundles `import-jsx`, which in turn bundles `@babel/core` and a bunch of other stuff. However, even though `@babel/core` is in the bundle, it's getting placed in the tree at the root. This is a mistake. Because the node is placed, and not given the `extraneous` flag, in the ideal tree building process, when reified, it goes ahead and puts it in place. When reading the actual tree, we see a valid hidden lockfile, which contains the module, and it doens't have the extraneous flag. So everything seems fine. Remove the hidden lockfile, and the problem presents itself. Corrected here through some arduous and painstaking manual installs, so at least we have the tree in the state it *should* be for now. But this is a bug in arborist that must be fixed asap. Re: https://github.com/npm/cli/issues/1597

view details

isaacs

commit sha 4309661dd5b32a694bf5cefff99da62072055b4b

Set stdioString: true on install scripts

view details

isaacs

commit sha 53a888e64a0a912b086b26e2d1bcd5e52ae0b970

update: depth defaults to 0 now, not Infinity

view details

isaacs

commit sha e60ece34806cc5c8f94059df12344389eeccb512

@npmcli/arborist@0.0.11 Fix #1597

view details

isaacs

commit sha 3ee0870c97acf5aca969e68a7b678301c20ac81c

completion: code cleanup. still pending full unit tests

view details

isaacs

commit sha 26ea6d489f5b91d40925d1a0f523156ec5f39c38

remove unused lifecycle util

view details

isaacs

commit sha 040df40afe5cddbe14fca7872e3a6776573e6d4b

bin-links@2.1.3 @npmcli/arborist@0.0.12

view details

isaacs

commit sha d53768fc3672dca54c1ed8502e9ffa619720974f

Get 'make htmldocs' working There's still a task pending to get it actually up to date with non-conflicting peer deps and everything updated to remove deprecated and outdated packages. But at least it builds at all now.

view details

isaacs

commit sha 3c522bf70c98cea5185e2eac9874199bcca0b4cf

test: verify all commands have usage and completion

view details

isaacs

commit sha 5302cf3d24860283c6952fc6aa5611b95701cee3

refactor npm init, use npm exec instead of libnpx

view details

isaacs

commit sha 0b63d5078a5858b83dba943720c6d6dfe6eb808f

Fix lingering figgy puddy in login

view details

isaacs

commit sha 108a4fcb5da23c34690b4767a4c5f7f93ab99c0d

refactor and lint commands, make consistent Still pending test coverage for most of these, but wanted to give them a clean sweep to get the "load-all-commands" tests passing. The following changes are in here: - All commands now have a `completion()` method and a usage string that uses the same `usage` util consistently. - The `silent` argument to many commands has been removed. - All commands use the `cmd = ${cmd}(args).then(() => cb()).catch(cb)` pattern consistently. Full test coverage for all commands is still lacking, and will have to be done prior to the GA v7 release.

view details

isaacs

commit sha 5c4d19290547990949eba9ede1a15e74d93d2780

remove qw dependency Arrays of string literals are fine, and we're only using it in one place.

view details

push time in 6 days

push eventnpm/cli

isaacs

commit sha e780060b88f81f3fc84a1b712949349f413a3ea0

remove unused production deps

view details

isaacs

commit sha 80044bf7b6598a2f0a4fb76fc9cbbfc876088d0e

gitignore package-lock.json files in node_modules

view details

isaacs

commit sha 804e51e7f99e19b624b4ab0fc7675e0caac1d778

ignore coverage and packed cli versions

view details

isaacs

commit sha d9e074c18d53afed3161e1b937f1bcd52a9713ae

Reset dep install. Discover strange bundle dep bug The `tap` package bundles `import-jsx`, which in turn bundles `@babel/core` and a bunch of other stuff. However, even though `@babel/core` is in the bundle, it's getting placed in the tree at the root. This is a mistake. Because the node is placed, and not given the `extraneous` flag, in the ideal tree building process, when reified, it goes ahead and puts it in place. When reading the actual tree, we see a valid hidden lockfile, which contains the module, and it doens't have the extraneous flag. So everything seems fine. Remove the hidden lockfile, and the problem presents itself. Corrected here through some arduous and painstaking manual installs, so at least we have the tree in the state it *should* be for now. But this is a bug in arborist that must be fixed asap. Re: https://github.com/npm/cli/issues/1597

view details

isaacs

commit sha 1a75d89492d5e068323f296b730f0a698b389810

Set stdioString: true on install scripts

view details

isaacs

commit sha 411d01fbc3b0cb04cd11cd25bbaac56b0c65fd3c

update: depth defaults to 0 now, not Infinity

view details

isaacs

commit sha 6fbb97a955f44cd4f0a2f3ea7d434d12e52659bd

@npmcli/arborist@0.0.11 Fix #1597

view details

isaacs

commit sha 1aad9fd718692df693b558f65bddf35a67ebd973

completion: code cleanup. still pending full unit tests

view details

isaacs

commit sha 7e2a282a422357d1580c771bfc611d5179352dd0

remove unused lifecycle util

view details

isaacs

commit sha 7ae53ebcfdfbb20b8985fe8d5a13715f4965d64e

bin-links@2.1.3 @npmcli/arborist@0.0.12

view details

isaacs

commit sha 771ca2f61c98842f7c96859994ba94fc887b2ac7

Get 'make htmldocs' working There's still a task pending to get it actually up to date with non-conflicting peer deps and everything updated to remove deprecated and outdated packages. But at least it builds at all now.

view details

isaacs

commit sha 6f51d1b2d0fb0ccbbc96c3677418edbd8e16dbc5

test: verify all commands have usage and completion

view details

isaacs

commit sha 4824b28f5e8d6298db06628dbd4fa86753eb54f4

refactor npm init, use npm exec instead of libnpx

view details

isaacs

commit sha 0e4b706ee37484897415c60cc5ee9866466758a0

Fix lingering figgy puddy in login

view details

isaacs

commit sha 84ccf381bde67969ce6efa0d632bbd0e05cbff41

refactor and lint commands, make consistent Still pending test coverage for most of these, but wanted to give them a clean sweep to get the "load-all-commands" tests passing. The following changes are in here: - All commands now have a `completion()` method and a usage string that uses the same `usage` util consistently. - The `silent` argument to many commands has been removed. - All commands use the `cmd = ${cmd}(args).then(() => cb()).catch(cb)` pattern consistently. Full test coverage for all commands is still lacking, and will have to be done prior to the GA v7 release.

view details

isaacs

commit sha 8417d2474d31b15b4b6447883518a6df6c5fd62d

remove qw dependency Arrays of string literals are fine, and we're only using it in one place.

view details

isaacs

commit sha e37777f8475425279e2a79a70b90f73732747472

test: enforce full coverage Also, get Windows up to full coverage. PR-URL: https://github.com/npm/cli/pull/1598 Credit: @isaacs Close: #1598 Reviewed-by: @ruyadorno

view details

push time in 6 days

push eventnpm/cli

isaacs

commit sha 4b573bbd5ecfc75ae9510ddf78d2567874556f6b

test: enforce full coverage Also, get Windows up to full coverage.

view details

push time in 6 days

push eventnpm/cli

isaacs

commit sha 8ed92bf71462b576a580480b344bcb58f20fcf2d

x

view details

push time in 6 days

push eventnpm/cli

isaacs

commit sha c782ac372c6350140b3dba65f1132ffd4640522a

test: 100% coverage on Windows

view details

push time in 6 days

push eventnpm/cli

isaacs

commit sha d8137f49b5108b8b674a5c2ee77efc6761e92520

x

view details

push time in 6 days

push eventnpm/cli

isaacs

commit sha 02cf3b37dfc3189d3386b782714934210e919263

DELETEME: run coverage report on windows

view details

push time in 6 days

push eventnpm/cli

isaacs

commit sha d7ac8d932d728ae4609034dff73a318c1bb302dd

DELETEME: run coveralls report on windows

view details

push time in 6 days

push eventnpm/cli

isaacs

commit sha 84ccf381bde67969ce6efa0d632bbd0e05cbff41

refactor and lint commands, make consistent Still pending test coverage for most of these, but wanted to give them a clean sweep to get the "load-all-commands" tests passing. The following changes are in here: - All commands now have a `completion()` method and a usage string that uses the same `usage` util consistently. - The `silent` argument to many commands has been removed. - All commands use the `cmd = ${cmd}(args).then(() => cb()).catch(cb)` pattern consistently. Full test coverage for all commands is still lacking, and will have to be done prior to the GA v7 release.

view details

isaacs

commit sha 8417d2474d31b15b4b6447883518a6df6c5fd62d

remove qw dependency Arrays of string literals are fine, and we're only using it in one place.

view details

push time in 6 days

push eventnpm/cli

isaacs

commit sha 573db0d291292cb00ed1a3846a9d21fd67abeb1b

Actions: remove v6 and v8, add v14 Accidentally landed this in the v7 branch, didn't realize it was based on v6.

view details

isaacs

commit sha e780060b88f81f3fc84a1b712949349f413a3ea0

remove unused production deps

view details

isaacs

commit sha 80044bf7b6598a2f0a4fb76fc9cbbfc876088d0e

gitignore package-lock.json files in node_modules

view details

isaacs

commit sha 804e51e7f99e19b624b4ab0fc7675e0caac1d778

ignore coverage and packed cli versions

view details

isaacs

commit sha d9e074c18d53afed3161e1b937f1bcd52a9713ae

Reset dep install. Discover strange bundle dep bug The `tap` package bundles `import-jsx`, which in turn bundles `@babel/core` and a bunch of other stuff. However, even though `@babel/core` is in the bundle, it's getting placed in the tree at the root. This is a mistake. Because the node is placed, and not given the `extraneous` flag, in the ideal tree building process, when reified, it goes ahead and puts it in place. When reading the actual tree, we see a valid hidden lockfile, which contains the module, and it doens't have the extraneous flag. So everything seems fine. Remove the hidden lockfile, and the problem presents itself. Corrected here through some arduous and painstaking manual installs, so at least we have the tree in the state it *should* be for now. But this is a bug in arborist that must be fixed asap. Re: https://github.com/npm/cli/issues/1597

view details

isaacs

commit sha 1a75d89492d5e068323f296b730f0a698b389810

Set stdioString: true on install scripts

view details

isaacs

commit sha 411d01fbc3b0cb04cd11cd25bbaac56b0c65fd3c

update: depth defaults to 0 now, not Infinity

view details

isaacs

commit sha 6fbb97a955f44cd4f0a2f3ea7d434d12e52659bd

@npmcli/arborist@0.0.11 Fix #1597

view details

isaacs

commit sha 1aad9fd718692df693b558f65bddf35a67ebd973

completion: code cleanup. still pending full unit tests

view details

isaacs

commit sha 7e2a282a422357d1580c771bfc611d5179352dd0

remove unused lifecycle util

view details

isaacs

commit sha 7ae53ebcfdfbb20b8985fe8d5a13715f4965d64e

bin-links@2.1.3 @npmcli/arborist@0.0.12

view details

isaacs

commit sha 771ca2f61c98842f7c96859994ba94fc887b2ac7

Get 'make htmldocs' working There's still a task pending to get it actually up to date with non-conflicting peer deps and everything updated to remove deprecated and outdated packages. But at least it builds at all now.

view details

isaacs

commit sha 6f51d1b2d0fb0ccbbc96c3677418edbd8e16dbc5

test: verify all commands have usage and completion

view details

isaacs

commit sha 4824b28f5e8d6298db06628dbd4fa86753eb54f4

refactor npm init, use npm exec instead of libnpx

view details

isaacs

commit sha 0e4b706ee37484897415c60cc5ee9866466758a0

Fix lingering figgy puddy in login

view details

isaacs

commit sha 9b5ed994cd24511d303517ec7a46b992d064d32c

refactor and lint commands, make consistent Still pending test coverage for most of these, but wanted to give them a clean sweep to get the "load-all-commands" tests passing. The following changes are in here: - All commands now have a `completion()` method and a usage string that uses the same `usage` util consistently. - The `silent` argument to many commands has been removed. - All commands use the `cmd = ${cmd}(args).then(() => cb()).catch(cb)` pattern consistently. Full test coverage for all commands is still lacking, and will have to be done prior to the GA v7 release.

view details

isaacs

commit sha 5cd77d5a6f49e34c63be8ff7fbb6a30ed4518363

remove qw dependency Arrays of string literals are fine, and we're only using it in one place.

view details

push time in 6 days

push eventnpm/cli

isaacs

commit sha 573db0d291292cb00ed1a3846a9d21fd67abeb1b

Actions: remove v6 and v8, add v14 Accidentally landed this in the v7 branch, didn't realize it was based on v6.

view details

push time in 6 days

PR opened npm/cli

Isaacs/unit test config commands

<!-- What / Why --> <!-- Describe the request in detail. What it does and why it's being changed. -->

References

<!-- Examples: Related to #0 Depends on #0 Blocked by #0 Fixes #0 Closes #0 -->

+21024 -101560

0 comment

1475 changed files

pr created time in 6 days

push eventnpm/cli

isaacs

commit sha f1057becd161f15c0fa4f1b1f848dc0757706e1e

remove qw dependency Arrays of string literals are fine, and we're only using it in one place.

view details

isaacs

commit sha 6eef27b53f9e2e85302cf8748966946db14028a4

wip

view details

push time in 6 days

push eventnpm/cli

Ruy Adorno

commit sha 68a16d6dbc796f8f527bc28643a111c3ca2a9b1d

chore: refactor fund tests to test/lib Refactored `npm fund` tests to use new `test/lib/` unit tests structure. ref: npm/statusboard#151 PR-URL: https://github.com/npm/cli/pull/1582 Credit: @ruyadorno Close: #1582 Reviewed-by: @isaacs

view details

Ruy Adorno

commit sha 4906ee543d6d43b7b62b9e9b4c349a0c3a6101da

fix: npm fund colors :rainbow: PR-URL: https://github.com/npm/cli/pull/1593 Credit: @ruyadorno Close: #1593 Reviewed-by: @isaacs EDIT(@isaacs): Added black background to the highlighted text so that it won't disappear on light terminal settings.

view details

claudiahdz

commit sha 87d27d389065609e94ee218ab001972fc0041fe9

chore: refactor npm view, add unit tests PR-URL: https://github.com/npm/cli/pull/1606 Credit: @claudiahdz Close: #1606 Reviewed-by: @isaacs

view details

isaacs

commit sha 43eca4ac4d97d2a4cccb9af54ad703895e826031

npx: add install prompt, handle options correctly - handle previous npx options that are still possible to be handled, and print a warning if any deprecated/removed options are used. - expand shorthands properly in npx command line. - take existing npm options into account when determining placement of the -- argument. - document changes from previous versions of npx. PR-URL: https://github.com/npm/cli/pull/1596 Credit: @isaacs Close: #1596 Reviewed-by: @ruyadorno

view details

Edward Thomson

commit sha e36b55ed14fb38f33485c645475c1265e95c814d

GitHub Actions: add a win32 bash workflow Update the matrix to have two Windows workflows: one running PowerShell and one running bash.

view details

Ruy Adorno

commit sha 9146232c2a6f7e0f8181ea68f79c33c10525f825

chore: removed .travis.yml file PR-URL: https://github.com/npm/cli/pull/1583 Credit: @ethomson Close: #1583 Reviewed-by: @isaacs

view details

isaacs

commit sha 258b9cda3d3dcaad15fe2be0fc1bfee6897e0396

remove unused production deps

view details

isaacs

commit sha 596a33b6bfa77d71d1feb68a7c6df4d9259093fd

gitignore package-lock.json files in node_modules

view details

isaacs

commit sha 87fd909e5eae89e8889e01855e4f69cde71da15c

ignore coverage and packed cli versions

view details

isaacs

commit sha 0331aa1c4ddaba04856773055708bb807b499c78

Reset dep install. Discover strange bundle dep bug The `tap` package bundles `import-jsx`, which in turn bundles `@babel/core` and a bunch of other stuff. However, even though `@babel/core` is in the bundle, it's getting placed in the tree at the root. This is a mistake. Because the node is placed, and not given the `extraneous` flag, in the ideal tree building process, when reified, it goes ahead and puts it in place. When reading the actual tree, we see a valid hidden lockfile, which contains the module, and it doens't have the extraneous flag. So everything seems fine. Remove the hidden lockfile, and the problem presents itself. Corrected here through some arduous and painstaking manual installs, so at least we have the tree in the state it *should* be for now. But this is a bug in arborist that must be fixed asap. Re: https://github.com/npm/cli/issues/1597

view details

isaacs

commit sha e14d42a089ea3fa42d0cd8fb026607fab9d681cb

Set stdioString: true on install scripts

view details

isaacs

commit sha 3c34e7f27e6e2063a48c4c2318610c1734cc3a15

update: depth defaults to 0 now, not Infinity

view details

isaacs

commit sha 3450b6dcf9e1943e063fbe3dad534e5f495f4604

@npmcli/arborist@0.0.11 Fix #1597

view details

isaacs

commit sha 6096727c52db998c94fdcd512d9b29f9c7aa15eb

completion: code cleanup. still pending full unit tests

view details

isaacs

commit sha 4bd36ce36d5db0a3a205082a16b79602f3b55391

remove unused lifecycle util

view details

isaacs

commit sha 854418f82bfe71499dac3da115de55fc4cda6b81

bin-links@2.1.3 @npmcli/arborist@0.0.12

view details

isaacs

commit sha b3edd28cffea5ce922b5e3e852343d7bfa913754

Get 'make htmldocs' working There's still a task pending to get it actually up to date with non-conflicting peer deps and everything updated to remove deprecated and outdated packages. But at least it builds at all now.

view details

isaacs

commit sha 2e0b0cba380803fd159960809011118fec30a1e9

test: verify all commands have usage and completion

view details

isaacs

commit sha cc0a13d4d95549c2a01335a513d60f6ac5b3bec0

refactor npm init, use npm exec instead of libnpx

view details

isaacs

commit sha f19d1f7400178a9c1728a858bc387f1a47b04da8

Fix lingering figgy puddy in login

view details

push time in 6 days

create barnchnpm/cli

branch : isaacs/unit-test-config-commands

created branch time in 6 days

PR closed npm/cli

GitHub Actions: add a win32 bash workflow

Update the CI matrix to have two Windows workflows: one running PowerShell and one running bash.

+14 -22

1 comment

2 changed files

ethomson

pr closed time in 6 days

pull request commentnpm/cli

GitHub Actions: add a win32 bash workflow

Landed on v7 beta branch. Thanks!

ethomson

comment created time in 6 days

push eventnpm/cli

Edward Thomson

commit sha e36b55ed14fb38f33485c645475c1265e95c814d

GitHub Actions: add a win32 bash workflow Update the matrix to have two Windows workflows: one running PowerShell and one running bash.

view details

Ruy Adorno

commit sha 9146232c2a6f7e0f8181ea68f79c33c10525f825

chore: removed .travis.yml file PR-URL: https://github.com/npm/cli/pull/1583 Credit: @ethomson Close: #1583 Reviewed-by: @isaacs

view details

push time in 6 days

PR closed npm/cli

npx: add install prompt, handle options correctly
  • handle previous npx options that are still possible to be handled, and print a warning if any deprecated/removed options are used.
  • expand shorthands properly in npx command line.
  • take existing npm options into account when determining placement of the -- argument.
  • document changes from previous versions of npx.
+471 -21

0 comment

11 changed files

isaacs

pr closed time in 6 days

push eventnpm/cli

isaacs

commit sha 43eca4ac4d97d2a4cccb9af54ad703895e826031

npx: add install prompt, handle options correctly - handle previous npx options that are still possible to be handled, and print a warning if any deprecated/removed options are used. - expand shorthands properly in npx command line. - take existing npm options into account when determining placement of the -- argument. - document changes from previous versions of npx. PR-URL: https://github.com/npm/cli/pull/1596 Credit: @isaacs Close: #1596 Reviewed-by: @ruyadorno

view details

push time in 6 days

push eventnpm/cli

Ruy Adorno

commit sha 68a16d6dbc796f8f527bc28643a111c3ca2a9b1d

chore: refactor fund tests to test/lib Refactored `npm fund` tests to use new `test/lib/` unit tests structure. ref: npm/statusboard#151 PR-URL: https://github.com/npm/cli/pull/1582 Credit: @ruyadorno Close: #1582 Reviewed-by: @isaacs

view details

Ruy Adorno

commit sha 4906ee543d6d43b7b62b9e9b4c349a0c3a6101da

fix: npm fund colors :rainbow: PR-URL: https://github.com/npm/cli/pull/1593 Credit: @ruyadorno Close: #1593 Reviewed-by: @isaacs EDIT(@isaacs): Added black background to the highlighted text so that it won't disappear on light terminal settings.

view details

claudiahdz

commit sha 87d27d389065609e94ee218ab001972fc0041fe9

chore: refactor npm view, add unit tests PR-URL: https://github.com/npm/cli/pull/1606 Credit: @claudiahdz Close: #1606 Reviewed-by: @isaacs

view details

isaacs

commit sha f6a198b2c8444e207dba3e3084bc1fda9aa1f0bf

npx: add install prompt, handle options correctly - handle previous npx options that are still possible to be handled, and print a warning if any deprecated/removed options are used. - expand shorthands properly in npx command line. - take existing npm options into account when determining placement of the -- argument. - document changes from previous versions of npx.

view details

push time in 6 days

PR closed npm/cli

Reviewers
Fix fund colors Enhancement Release 7.x

⚠️ Merge #1582 first (this builds on top of that)

Colors were always missing from fund, since they were somewhat messed up on npm ls it never bothered me that much but now that they're fixed there it hurts my eye to see the raw output from npm fund - I'm adding at least the default chalk color so that it looks better with terminal color schemes.

Before

Screen Shot 2020-07-31 at 4 28 18 PM

After

Screen Shot 2020-07-31 at 4 28 28 PM

npm ls (for ref)

Screen Shot 2020-07-31 at 4 44 37 PM

+887 -638

2 comments

5 changed files

ruyadorno

pr closed time in 6 days

pull request commentnpm/cli

Fix fund colors

Landed on 4906ee543d6d43b7b62b9e9b4c349a0c3a6101da, thanks!

ruyadorno

comment created time in 6 days

PR closed npm/cli

chore: refactor fund tests to test/lib Enhancement Release 7.x

Refactored npm fund tests to use new test/lib/ unit tests structure.

ref: npm/statusboard#151

+758 -591

2 comments

4 changed files

ruyadorno

pr closed time in 6 days

pull request commentnpm/cli

chore: refactor fund tests to test/lib

Landed on 5473bbda76fd0fbb3d8321c19bc045c71c06a44c, thanks!

ruyadorno

comment created time in 6 days

PR closed npm/cli

Reviewers
v7: npm view Release 7.x

npm view refactor and unit tests

+987 -641

1 comment

4 changed files

claudiahdz

pr closed time in 6 days

pull request commentnpm/cli

v7: npm view

Landed on 87d27d389065609e94ee218ab001972fc0041fe9. Thanks!

claudiahdz

comment created time in 6 days

more