diff options
| author | Kat Marchán <kzm@sykosomatic.org> | 2017-05-28 21:04:08 -0700 |
|---|---|---|
| committer | Anna Henningsen <anna@addaleax.net> | 2017-05-29 18:06:04 +0200 |
| commit | c58cea5a163cd5d7133e00fdf257325ce3807c09 (patch) | |
| tree | 1b7f97c0474f1990450a54e82b4432ec37de1956 /deps/npm | |
| parent | 88fe7e84e56e44a727169c07ee040cbf67f9c0a8 (diff) | |
| download | android-node-v8-c58cea5a163cd5d7133e00fdf257325ce3807c09.tar.gz android-node-v8-c58cea5a163cd5d7133e00fdf257325ce3807c09.tar.bz2 android-node-v8-c58cea5a163cd5d7133e00fdf257325ce3807c09.zip | |
deps: upgrade npm to 5.0.0
PR-URL: https://github.com/nodejs/node/pull/13276
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Diffstat (limited to 'deps/npm')
230 files changed, 7639 insertions, 3413 deletions
diff --git a/deps/npm/CHANGELOG.md b/deps/npm/CHANGELOG.md index e55bcab3da..e2a8004b8d 100644 --- a/deps/npm/CHANGELOG.md +++ b/deps/npm/CHANGELOG.md @@ -1,1566 +1,125 @@ -## v4.6.1 (2017-04-21) +## v5.0.0 (2017-05-25) -A little release to tide you over while we hammer out the last bits for npm@5. +Wowowowowow npm@5! -### FEATURES +This release marks months of hard work for the young, scrappy, and hungry CLI +team, and includes some changes we've been hoping to do for literally years. +npm@5 takes npm a pretty big step forward, significantly improving its +performance in almost all common situations, fixing a bunch of old errors due to +the architecture, and just generally making it more robust and fault-tolerant. +It comes with changes to make life easier for people doing monorepos, for users +who want consistency/security guarantees, and brings semver support to git +dependencies. See below for all the deets! -* [`d13c9b2f2`](https://github.com/npm/npm/commit/d13c9b2f24b6380427f359b6e430b149ac8aaa79) - `init-package-json@1.10.0`: - The `name:` prompt is now `package name:` to make this less ambiguous for new users. +### Breaking Changes - The default package name is now a valid package name. For example: If your package directory - has mixed case, the default package name will be all lower case. -* [`f08c66323`](https://github.com/npm/npm/commit/f08c663231099f7036eb82b92770806a3a79cdf1) - [#16213](https://github.com/npm/npm/pull/16213) - Add `--allow-same-version` option to `npm version` so that you can use `npm version` to run - your version lifecycles and tag your git repo without actually changing the version number in - your `package.json`. - ([@lucastheisen](https://github.com/lucastheisen)) -* [`f5e8becd0`](https://github.com/npm/npm/commit/f5e8becd05e0426379eb0c999abdbc8e87a7f6f2) - Timing has been added throughout the install implementation. You can see it by running - a command with `--loglevel=timing`. You can also run commands with `--timing` which will write - an `npm-debug.log` even on success and add an entry to `_timing.json` in your cache with - the timing information from that run. - ([@iarna](https://github.com/iarna)) +* Existing npm caches will no longer be used: you will have to redownload any cached packages. There is no tool or intention to reuse old caches. ([#15666](https://github.com/npm/npm/pull/15666)) -### BUG FIXES +* `npm install ./packages/subdir` will now create a symlink instead of a regular installation. `file://path/to/tarball.tgz` will not change -- only directories are symlinked. ([#15900](https://github.com/npm/npm/pull/15900)) -* [`9c860f2ed`](https://github.com/npm/npm/commit/9c860f2ed3bdea1417ed059b019371cd253db2ad) - [#16021](https://github.com/npm/npm/pull/16021) - Fix a crash in `npm doctor` when used with a registry that does not support - the `ping` API endpoint. - ([@watilde](https://github.com/watilde)) -* [`65b9943e9`](https://github.com/npm/npm/commit/65b9943e9424c67547b0029f02b0258e35ba7d26) - [#16364](https://github.com/npm/npm/pull/16364) - Shorten the ELIFECYCLE error message. The shorter error message should make it much - easier to discern the actual cause of the error. - ([@j-f1](https://github.com/j-f1)) -* [`a87a4a835`](https://github.com/npm/npm/commit/a87a4a8359693518ee41dfeb13c5a8929136772a) - `npmlog@4.0.2`: - Fix flashing of the progress bar when your terminal is very narrow. - ([@iarna](https://github.com/iarna)) -* [`41c10974f`](https://github.com/npm/npm/commit/41c10974fe95a2e520e33e37725570c75f6126ea) - `write-file-atomic@1.3.2`: - Wait for `fsync` to complete before considering our file written to disk. - This will improve certain sorts of Windows diagnostic problems. -* [`2afa9240c`](https://github.com/npm/npm/commit/2afa9240ce5b391671ed5416464f2882d18a94bc) - [#16336](https://github.com/npm/npm/pull/16336) - Don't ham-it-up when expecting JSON. - ([@bdukes](https://github.com/bdukes)) +* npm will now scold you if you capitalize its name. seriously it will fight you. -### DOCUMENTATION FIXES +* [npm will `--save` by default now](https://twitter.com/maybekatz/status/859229741676625920). Additionally, `package-lock.json` will be automatically created unless an `npm-shrinkwrap.json` exists. ([#15666](https://github.com/npm/npm/pull/15666)) -* [`566f3eebe`](https://github.com/npm/npm/commit/566f3eebe741f935b7c1e004bebf19b8625a1413) - [#16296](https://github.com/npm/npm/pull/16296) - Use a single convention when referring to the `<command>` you're running. - ([@desfero](https://github.com/desfero)) -* [`ccbb94934`](https://github.com/npm/npm/commit/ccbb94934d4f677f680c3e2284df3d0ae0e65758) - [#16267](https://github.com/npm/npm/pull/16267) - Fix a missing space in the example package.json. - ([@famousgarkin](https://github.com/famousgarkin)) +* Git dependencies support semver through `user/repo#semver:^1.2.3` ([#15308](https://github.com/npm/npm/pull/15308)) ([#15666](https://github.com/npm/npm/pull/15666)) ([@sankethkatta](https://github.com/sankethkatta)) -### DEPENDENCY UPDATES +* Git dependencies with `prepare` scripts will have their `devDependencies` installed, and `npm install` run in their directory before being packed. -* [`ebde4ea33`](https://github.com/npm/npm/commit/ebde4ea3363dfc154c53bd537189503863c9b3a4) - `hosted-git-info@2.4.2` -* [`c46ad71bb`](https://github.com/npm/npm/commit/c46ad71bbe27aaa9ee10e107d8bcd665d98544d7) - `init-package-json@1.9.6` -* [`d856d570d`](https://github.com/npm/npm/commit/d856d570d2df602767c039cf03439d647bba2e3d) - `npm-registry-client@8.1.1` -* [`4a2e14436`](https://github.com/npm/npm/commit/4a2e1443613a199665e7adbda034d5b9d10391a2) - `readable-stream@2.2.9` -* [`f0399138e`](https://github.com/npm/npm/commit/f0399138e6d6f1cd7f807d523787a3b129996301) - `normalize-package-data@2.3.8` +* `npm cache` commands have been rewritten and don't really work anything like they did before. ([#15666](https://github.com/npm/npm/pull/15666)) -### v4.5.0 (2017-03-24) +* `--cache-min` and `--cache-max` have been deprecated. ([#15666](https://github.com/npm/npm/pull/15666)) -Welcome a wrinkle on npm's registry API! +* Running npm while offline will no longer insist on retrying network requests. npm will now immediately fall back to cache if possible, or fail. ([#15666](https://github.com/npm/npm/pull/15666)) -Codename: Corgi +* package locks no longer exclude `optionalDependencies` that failed to build. This means package-lock.json and npm-shrinkwrap.json should now be cross-platform. ([#15900](https://github.com/npm/npm/pull/15900)) - +* If you generated your package lock against registry A, and you switch to registry B, npm will now try to [install the packages from registry B, instead of A](https://twitter.com/maybekatz/status/862834964932435969). If you want to use different registries for different packages, use scope-specific registries (`npm config set @myscope:registry=https://myownregist.ry/packages/`). Different registries for different unscoped packages are not supported anymore. -This release has some bug fixes, but it's mostly about bringing support for -MUCH smaller package metadata. How much smaller? Well, for npm itself it -reduces 416K of gzip compressed JSON to 24K. +* Shrinkwrap and package-lock no longer warn and exit without saving the lockfile. -As a user, all you have to do is update to get to use the new API. If -you're interested in the details we've [documented the -changes](https://github.com/npm/registry/blob/master/docs/responses/package-metadata.md) -in detail. +* Local tarballs can now only be installed if they have a file extensions `.tar`, `.tar.gz`, or `.tgz`. -#### CORGUMENTS +* A new loglevel, `notice`, has been added and set as default. -Package metadata: now smaller. This means a smaller cache and less to download. +* One binary to rule them all: `./cli.js` has been removed in favor of `./bin/npm-cli.js`. In case you were doing something with `./cli.js` itself. ([#12096](https://github.com/npm/npm/pull/12096)) ([@watilde](https://github.com/watilde)) -* [`86dad0d74`](https://github.com/npm/npm/commit/86dad0d747f288eab467d49c9635644d3d44d6f0) - Add support for filtered package metadata. - ([@iarna](https://github.com/iarna)) -* [`41789cffa`](https://github.com/npm/npm/commit/41789cffac9845603f4bdf3f5b03f412144a0e9f) - `npm-registry-client@8.1.0` - ([@iarna](https://github.com/iarna)) +* Stub file removed ([#16204](https://github.com/npm/npm/pull/16204)) ([@watilde](https://github.com/watilde)) -#### NO SHRINKWRAP, NO PROBLEM +* The "extremely legacy" `_token` couchToken has been removed. ([#12986](https://github.com/npm/npm/pull/12986)) -Previously we needed to extract every package's tarball to look for an -`npm-shrinkwrap.json` before we could begin working through what its -dependencies were. This was one of the things stopping npm's network -accesses from happening more concurrently. The new filtered package -metadata provides a new key, `_hasShrinkwrap`. When that's set to `false` -then we know we don't have to look for one. +### Feature Summary -* [`4f5060eb3`](https://github.com/npm/npm/commit/4f5060eb31b9091013e1d6a34050973613a294a3) - [#15969](https://github.com/npm/npm/pull/15969) - Add support for skipping `npm-shrinkwrap.json` extraction when the - registry can affirm that one doesn't exist. - ([@iarna](https://github.com/iarna)) +#### Installer changes -#### INTERRUPTING SCRIPTS +* A new, standardised lockfile feature meant for cross-package-manager compatibility (`package-lock.json`), and a new format and semantics for shrinkwrap. ([#16441](https://github.com/npm/npm/pull/16441)) -* [`878aceb25`](https://github.com/npm/npm/commit/878aceb25e6d6052dac15da74639ce274c8e62c5) - [#16129](https://github.com/npm/npm/pull/16129) - Better handle Ctrl-C while running scripts. `npm` will now no longer exit - until the script it is running has exited. If you press Ctrl-C a second - time it kill the script rather than just forwarding the Ctrl-C. - ([@jaridmargolin](https://github.com/jaridmargolin)) +* `--save` is no longer necessary. All installs will be saved by default. You can prevent saving with `--no-save`. Installing optional and dev deps is unchanged: use `-D/--save-dev` and `-O/--save-optional` if you want them saved into those fields instead. Note that since npm@3, npm will automatically update npm-shrinkwrap.json when you save: this will also be true for `package-lock.json`. ([#15666](https://github.com/npm/npm/pull/15666)) -#### DEPENDENCY UPDATES: +* Installing a package directory now ends up creating a symlink and does the Right Thing™ as far as saving to and installing from the package lock goes. If you have a monorepo, this might make things much easier to work with, and probably a lot faster too. 😁 ([#15900](https://github.com/npm/npm/pull/15900)) -* [`def75eebf`](https://github.com/npm/npm/commit/def75eebf1ad437bf4fd3f5e103cc2d963bd2a73) - `hosted-git-info@2.4.1`: - Preserve case of the user name part of shortcut specifiers, previously they were lowercased. - ([@iarna](https://github.com/iarna)) -* [`eb3789fd1`](https://github.com/npm/npm/commit/eb3789fd18cfb063de9e6f80c3049e314993d235) - `node-gyp@3.6.0`: Add support for VS2017 and Chakracore improvements. - ([@refack](https://github.com/refack)) - ([@kunalspathak](https://github.com/kunalspathak)) -* [`245e25315`](https://github.com/npm/npm/commit/245e25315524b95c0a71c980223a27719392ba75) - `readable-stream@2.2.6` ([@mcollina](https://github.com/mcollina)) -* [`30357ebc5`](https://github.com/npm/npm/commit/30357ebc5691d7c9e9cdc6e0fe7dc6253220c9c2) - `which@1.2.14` ([@isaacs](https://github.com/isaacs)) +* Project-level (toplevel) `preinstall` scripts now run before anything else, and can modify `node_modules` before the CLI reads it. -### v4.4.4 (2017-03-16) +* Two new scripts have been added, `prepack` and `postpack`, which will run on both `npm pack` and `npm publish`, but NOT on `npm install` (without arguments). Combined with the fact that `prepublishOnly` is run before the tarball is generated, this should round out the general story as far as putzing around with your code before publication. -😩😤😅 Okay! We have another `next` -release for ya today. So, yes! With v4.4.3 we fixed the bug that made -bundled scoped modules uninstallable. But somehow I overlooked the fact -that we: A) were using these and B) that made upgrading to v4.4.3 impossible. 😭 +* Git dependencies with `prepare` scripts will now [have their devDependencies installed, and their prepare script executed](https://twitter.com/maybekatz/status/860363896443371520) as if under `npm pack`. -So I've renamed those two scoped modules to no longer use scopes and we now -have a shiny new test to ensure that scoped modules don't creep into our -transitive deps and make it impossible to upgrade to `npm`. +* Git dependencies now support semver-based matching: `npm install git://github.com/npm/npm#semver:^5` (#15308, #15666) -(None of our woes applies to most of you all because most of you all don't -use bundled dependencies. `npm` does because we want the published artifact to be -installable without having to already have `npm`.) - -* [`2a7409fcb`](https://github.com/npm/npm/commit/2a7409fcba6a8fab716c80f56987b255983e048e) - [#16066](https://github.com/npm/npm/pull/16066) - Ensure we aren't using any scoped modules - Because `npm`s prior 4.4.3 can't install dependencies that have bundled scoped - modules. This didn't show up sooner because they ALSO had a bug that caused - bundled scoped modules to not be included in the bundle. - ([@iarna](https://github.com/iarna)) -* [`eb4c70796`](https://github.com/npm/npm/commit/eb4c70796c38f24ee9357f5d4a0116db582cc7a9) - [#16066](https://github.com/npm/npm/pull/16066) - Switch to move-concurrently to remove scoped dependency - ([@iarna](https://github.com/iarna)) - -### v4.4.3 (2017-03-15) - -This is a small patch release, mostly because the published tarball for -v4.4.2 was missing a couple of modules, due to a bug involving scoped -modules, bundled dependencies and legacy tree layouts. - -There are a couple of other things here that happened to be ready to go. So -without further ado… - -#### BUG FIXES - -* [`3d80f8f70`](https://github.com/npm/npm/commit/3d80f8f70679ad2b8ce7227d20e8dbce257a47b9) - [npm/fs-vacuum#6](https://github.com/npm/fs-vacuum/pull/6) - `fs-vacuum@1.2.1`: Make sure we never, ever remove home directories. Previously if your - home directory was entirely empty then we might `rmdir` it. - ([@helio-frota](https://github.com/helio-frota)) -* [`1af85ca9f`](https://github.com/npm/npm/commit/1af85ca9f4d625f948e85961372de7df3f3774e2) - [#16040](https://github.com/npm/npm/pull/16040) - Fix bug where bundled transitive dependencies that happened to be - installed under bundled scoped dependencies wouldn't be included in the - tarball when building a package. - ([@iarna](https://github.com/iarna)) -* [`13c7fdc2e`](https://github.com/npm/npm/commit/13c7fdc2e87456a87b1c9385a3daeae228ed7c95) - [#16040](https://github.com/npm/npm/pull/16040) - Fix a bug where bundled scoped dependencies couldn't be extracted. - ([@iarna](https://github.com/iarna)) -* [`d6cde98c2`](https://github.com/npm/npm/commit/d6cde98c2513fe160eab41e31c3198dfde993207) - [#16040](https://github.com/npm/npm/pull/16040) - Stop printing `ENOENT` errors more than once. - ([@iarna](https://github.com/iarna)) -* [`722fbf0f6`](https://github.com/npm/npm/commit/722fbf0f6cf4413cdc24b610bbd60a7dbaf2adfe) - [#16040](https://github.com/npm/npm/pull/16040) - Rewrite the `extract` action for greater clarity. - Specifically, this involves moving things around structurally to do the same - thing [`d0c6d194`](https://github.com/npm/npm/commit/d0c6d194) did, but in a more comprehensive manner. - This also fixes a long standing bug where errors from the move step would be - eaten during this phase and as a result we would get mysterious crashes in - the finalize phase when finalize tried to act on them. - ([@iarna](https://github.com/iarna)) -* [`6754dabb6`](https://github.com/npm/npm/commit/6754dabb6bd3301504efb3b62f36d3fe70958c19) - [#16040](https://github.com/npm/npm/pull/16040) - Flatten out `@npmcorp/move`'s deps for backwards compatibility reasons. Versions prior to this - one will fail to install any package that bundles a scoped dependency. This was responsible - for `ENOENT` errors during the `finalize` phase. - ([@iarna](https://github.com/iarna)) - -#### DOC UPDATES - -* [`fba51c582`](https://github.com/npm/npm/commit/fba51c582d1d08dd4aa6eb27f9044dddba91bb18) - [#15960](https://github.com/npm/npm/pull/15960) - Update troubleshooting and contribution guide links. - ([@watilde](https://github.com/watilde)) - - -### v4.4.2 (2017-03-09): - -This week, the focus on the release was mainly going through [all of npm's deps -that we manage -ourselves](https://github.com/npm/npm/wiki/npm-maintained-dependencies), and -making sure all their PRs and versions were up to date. That means there's a few -fixes here and there. Nothing too big codewise, though. - -The most exciting part of this release is probably our [shiny new -Contributing](https://github.com/npm/npm/blob/latest/CONTRIBUTING.md) and -[Troubleshooting](https://github.com/npm/npm/blob/latest/TROUBLESHOOTING.md) -docs! [@snopeks](https://github.com/snopeks) did some ✨fantastic✨ work hashing it -out, and we're really hoping this is a nice big step towards making contributing -to npm easier. The troubleshooting doc will also hopefully solve common issues -for people! Do you think something is missing from it? File a PR and we'll add -it! The current document is just a baseline for further editing and additions. - -Also there's maybe a bit of an easter egg in this release. 'Cause those are fun and I'm a huge nerd. 😉 - -#### DOCUMENTATION AHOY - -* [`07e997a`](https://github.com/npm/npm/commit/07e997a7ecedba7b29ad76ffb2ce990d5c0200fc) - [#15756](https://github.com/npm/npm/pull/15756) - Overhaul `CONTRIBUTING.md` and add new `TROUBLESHOOTING.md` files. 🙌🏼 - ([@snopeks](https://github.com/snopeks)) -* [`2f3e4b6`](https://github.com/npm/npm/commit/2f3e4b645cdc268889cf95ba24b2aae572d722ad) - [#15833](https://github.com/npm/npm/pull/15833) - Mention the [24-hour unpublish - policy](http://blog.npmjs.org/post/141905368000/changes-to-npms-unpublish-policy) - on the main registry. - ([@carols10cents](https://github.com/carols10cents)) - -#### NOT REALLY FEATURES, NOT REALLY BUGFIXES. MORE LIKE TWEAKS? 🤔 - -* [`84be534`](https://github.com/npm/npm/commit/84be534aedb78c65cd8012427fc04871ceeccf90) - [#15888](https://github.com/npm/npm/pull/15888) - Stop flattening `ls`-tree output. From now on, deduped deps will be marked as - such in the place where they would've been before getting hoisted by the - installer. - ([@iarna](https://github.com/iarna)) -* [`e9a5dca`](https://github.com/npm/npm/commit/e9a5dca369ead646ab5922326cede1406c62bd3b) - [#15967](https://github.com/npm/npm/pull/15967) - Limit metadata fetches to 10 concurrent requests. - ([@iarna](https://github.com/iarna)) -* [`46aa9bc`](https://github.com/npm/npm/commit/46aa9bcae088740df86234fc199f7aef53b116df) - [#15967](https://github.com/npm/npm/pull/15967) - Limit concurrent installer actions to 10. - ([@iarna](https://github.com/iarna)) - -#### BUGFIXES - -* [`c3b994b`](https://github.com/npm/npm/commit/c3b994b71565eb4f943cce890bb887d810e6e2d4) - [#15901](https://github.com/npm/npm/pull/15901) - Use EXDEV aware move instead of rename. This will allow moving across devices - and moving when filesystems don't support renaming directories full of files. It might make folks using Docker a bit happier. - ([@iarna](https://github.com/iarna)) -* [`0de1a9c`](https://github.com/npm/npm/commit/0de1a9c1db90e6705c65c068df1fe82899e60d68) - [#15735](https://github.com/npm/npm/pull/15735) - Autocomplete support for npm scripts with `:` colons in the name. - ([@beyondcompute](https://github.com/beyondcompute)) -* [`84b0b92`](https://github.com/npm/npm/commit/84b0b92e7f78ec4add42e8161c555325c99b7f98) - [#15874](https://github.com/npm/npm/pull/15874) - Stop using [undocumented](https://github.com/nodejs/node/pull/11355) - `res.writeHeader` alias for `res.writeHead`. - ([@ChALkeR](https://github.com/ChALkeR)) -* [`895ffe4`](https://github.com/npm/npm/commit/895ffe4f3eecd674796395f91c30eda88aca6b36) - [#15824](https://github.com/npm/npm/pull/15824) - Fix empty versions column in `npm search` output. - ([@bcoe](https://github.com/bcoe)) -* [`38c8d7a`](https://github.com/npm/npm/commit/38c8d7adc1f43ab357d1e729ae7cd5d801a26e68) - `init-package-json@1.9.5`: [npm/init-package-json#61](https://github.com/npm/init-package-json/pull/61) Exclude existing `devDependencies` from being added to `dependencies`. Fixes [#12260](https://github.com/npm/npm/issues/12260). - ([@addaleax](https://github.com/addaleax)) - -### v4.4.1 (2017-03-06): - -This is a quick little patch release to forgo the update notification -checker if you're on an unsuported (but not otherwise broken) version of -Node.js. Right now that means 0.10 or 0.12. - -* [`56ac249`](https://github.com/npm/npm/commit/56ac249ef8ede1021f1bc62a0e4fe1e9ba556af2) - [#15864](https://github.com/npm/npm/pull/15864) - Only use `update-notifier` on supported versions. - ([@legodude17](https://github.com/legodude17)) - -### v4.4.0 (2017-02-23): - -Aaaah, [@iarna](https://github.com/iarna) here, it's been a little while -since I did one of these! This is a nice little release, we've got an -update notifier, vastly less verbose error messages, new warnings on package -metadata that will probably give you a bad day, and a sprinkling of bug -fixes. - -#### UPDATE NOTIFICATIONS - -We now have a little nudge to update your `npm`, courtesy of -[update-notifier](https://www.npmjs.com/package/update-notifier). - -* [`148ee66`](https://github.com/npm/npm/commit/148ee663740aa05877c64f16cdf18eba33fbc371) - [#15774](https://github.com/npm/npm/pull/15774) - `npm` will now check at start up to see if a newer version is available. - It will check once a day. If you want to disable this, set `optOut` to `true` in - `~/.config/configstore/update-notifier-npm.json`. - ([@ceejbot](https://github.com/ceejbot)) - -#### LESS VERBOSE ERROR MESSAGES - -`npm` has, for a long time, had very verbose error messages. There was a -lot of info in there, including the cause of the error you were seeing but -without a lot of experience reading them pulling that out was time consuming -and difficult. - -With this change the output is cut down substantially, centering the error -message. So, for example if you try to `npm run sdlkfj` then the entire -error you'll get will be: +* `node-gyp` now supports `node-gyp.cmd` on Windows ([#14568](https://github.com/npm/npm/pull/14568)) +* npm no longer blasts your screen with the whole installed tree. Instead, you'll see a summary report of the install that is much kinder on your shell real-estate. Specially for large projects. ([#15914](https://github.com/npm/npm/pull/15914)): ``` -npm ERR! missing script: sldkfj - -npm ERR! A complete log of this run can be found in: -npm ERR! /Users/rebecca/.npm/_logs/2017-02-24T00_41_36_988Z-debug.log +$ npm install +npm added 125, removed 32, updated 148 and moved 5 packages in 5.032s. +$ ``` -The CLI team has discussed cutting this down even further and stripping the -`npm ERR!` prefix off those lines too. We'd appreciate your feedback on -this! - -* [`e544124`](https://github.com/npm/npm/commit/e544124592583654f2970ec332003cfd00d04f2b) - [#15716](https://github.com/npm/npm/pull/15716) - Make error output less verbose. - ([@iarna](https://github.com/iarna)) -* [`166bda9`](https://github.com/npm/npm/commit/166bda97410d0518b42ed361020ade1887e684af) - [#15716](https://github.com/npm/npm/pull/15716) - Stop encouraging users to visit the issue tracker unless we know for - certain that it's an npm bug. - ([@iarna](https://github.com/iarna)) - -#### OTHER NEW FEATURES - -* [`53412eb`](https://github.com/npm/npm/commit/53412eb22c1c75d768e30f96d69ed620dfedabde) - [#15772](https://github.com/npm/npm/pull/15772) - We now warn if you have a module listed in both dependencies and - devDependencies. - ([@TedYav](https://github.com/TedYav)) -* [`426b180`](https://github.com/npm/npm/commit/426b1805904a13bdc5c0dd504105ba037270cbee) - [#15757](https://github.com/npm/npm/pull/15757) - Default reporting metrics to default registry. Previously it defaulted to using - `https://registry.npmjs.org`, now it will default to the result of - `npm config get registry`. For most folks this won't actually change anything, but it - means that folks who use a private registry will have metrics routed there by default. - This has the potential to be interesting because it means that in the - future private registry products ([npme](https://npme.npmjs.com/docs/)!) - will be able to report on these metrics. - ([@iarna](https://github.com/iarna)) - -#### BUG FIXES - -* [`8ea0de9`](https://github.com/npm/npm/commit/8ea0de98563648ba0db032acd4d23d27c4a50a66) - [#15716](https://github.com/npm/npm/pull/15716) - Write logs for `cb() never called` errors. -* [`c4e83dc`](https://github.com/npm/npm/commit/c4e83dca830b24305e3cb3201a42452d56d2d864) - Make it so that errors while reading the existing node_modules tree can't - result in installer crashes. - ([@iarna](https://github.com/iarna)) -* [`2690dc2`](https://github.com/npm/npm/commit/2690dc2684a975109ef44953c2cf0746dbe343bb) - Update `npm doctor` to not treat broken symlinks in your global modules as - a permission failure. This is particularly important if you link modules and your text - editor uses the convention of creating symlinks from `.#filename.js` to a - machine name and pid to lock files (eg emacs and compatible things). - ([@iarna](https://github.com/iarna)) -* [`f4c3f48`](https://github.com/npm/npm/commit/f4c3f489aa5787cf0d60e8436be2190e4b0d0ff7) - [#15777](https://github.com/npm/npm/pull/15777) - Not exactly a bug, but change a parameterless `.apply` to `.call`. - ([@notarseniy](https://github.com/notarseniy)) - -#### DEPENDENCY UPDATES - -* [`549dcff`](https://github.com/npm/npm/commit/549dcff58c7aaa1e7ba71abaa14008fdf2697297) - `rimraf@2.6.0`: - Retry EBUSY, ENOTEMPTY and EPERM on non-Windows platforms too. - More reliable `rimraf.sync` on Windows. - ([@isaacs](https://github.com/isaacs)) -* [`052dfb6`](https://github.com/npm/npm/commit/052dfb623da508f2b5f681da0258125552a18a4a) - `validate-npm-package-name@3.0.0`: - Remove ableist language in README. - Stop allowing ~'!()* in package names. - ([@tomdale](https://github.com/tomdale)) - ([@chrisdickinson](https://github.com/chrisdickinson)) -* [`6663ea6`](https://github.com/npm/npm/commit/6663ea6ac0f0ecec5a3f04a3c01a71499632f4dc) - `abbrev@1.1.0` ([@isaacs](https://github.com/isaacs)) -* [`be6de9a`](https://github.com/npm/npm/commit/be6de9aab9e20b6eac70884e8626161eebf8721a) - `opener@1.4.3` ([@dominic](https://github.com/dominic)) -* [`900a5e3`](https://github.com/npm/npm/commit/900a5e3e3411ec221306455f99b24b9ce35757c0) - `readable-stream@2.2.3` ([@RangerMauve](https://github.com/RangerMauve)) ([@mcollina](https://github.com/mcollina)) -* [`c972a8b`](https://github.com/npm/npm/commit/c972a8b0f20a61a79c45b6642f870bea8c55c7e4) - `tacks@1.2.6` - ([@iarna](https://github.com/iarna)) -* [`85a36ef`](https://github.com/npm/npm/commit/85a36efdac0c24501876875cb9ad40292024e0b0) - [`7ac9265`](https://github.com/npm/npm/commit/7ac9265c56b4d9eeaca6fcfb29513f301713e7bb) - `tap@10.2.0` - ([@isaacs](https://github.com/saacs)) - -### v4.3.0 (2017-02-09): - -Yay! Release time! It's a rainy day, and we have another smallish release for -y'all. These things are not necessarily related. Or are they 🌧🤔 - -As far as news go, you may have noticed that the CLI team dropped support for -`node@0.12` when that version went out of maintenance. Still, we've avoided -explicitly breaking it and `node@0.10` so far -- but not much longer. - -Sometime soon, the CLI team plans on switching over to language features only -available as of `node@4 LTS`, and will likely start dropping old versions of node -as they go out of maintenance. The new features are exciting! We're really -looking forward to using them in the core CLI (and its dependencies) as we keep up -with our current feature work. - -And speaking of features, this release is a minor bump due to a small change in -how `npm login` works for the sake of supporting OAuth-based login for npm -Enterprise users. But we won't leave the rest of y'all out -- we're working on a -larger version of this feature. Soon enough, you'll be able to log in to npm -with, say, GitHub -- and use some shiny features that come from the integration. -Or turn on 2FA and other such security features. Keep your eyes peeled for new -on this in the next few releases and our weekly newsletter! - -#### NEW AUTH TYPES - -There's a new command line option: `--auth-type`, which can be used to log in to -a supporting registry with OAuth2 or SAML. The current implementation is mainly -meant to support npmE customers, so if you're one of those: ask us about using -it! If not, just hold off cause we'll have a much more complete version of this -feature out soon. - -* [`ac8595e`](https://github.com/npm/npm/commit/ac8595e3c9b615ff95abc3301fac1262c434792c) [`bcf2dd8`](https://github.com/npm/npm/commit/bcf2dd8a165843255c06515fa044c6e4d3b71ca4) [`9298d20`](https://github.com/npm/npm/commit/9298d20af58b92572515bfa9cf7377bd4221dc7d) [`66b61bc`](https://github.com/npm/npm/commit/66b61bc42e81ee8a1ee00fc63517f62284140688) [`dc85de7`](https://github.com/npm/npm/commit/dc85de7df6bb61f7788611813ee82ae695a18f1f) - [#13389](https://github.com/npm/npm/pull/13389) - Implement single-sign-on support with `--auth-type` option. - ([@zkat](https://github.com/zkat)) - -#### FASTER STARTUP. SOMETIMES! - -`request` is pretty heavy. And it loads a bunch of things. It's actually a -pretty big chunk of npm's load time. This small patch by Rebecca will make it so -npm only loads that module when we're actually intending to make network -requests. Those of you who use npm commands that run offline might see a small -speedup in startup time. - -* [`ac73568`](https://github.com/npm/npm/commit/ac735682e666e8724549d56146821f3b8b018e25) - [#15631](https://github.com/npm/npm/pull/15631) - Lazy load `caching-registry-client`. - ([@iarna](https://github.com/iarna)) - -#### DOCUMENTATION - -* [`4ad9247`](https://github.com/npm/npm/commit/4ad9247aa82f7553c9667ee93c74ec7399d6ceec) - [#15630](https://github.com/npm/npm/pull/15630) - Fix formatting/rendering for root npm README. - ([@ungoldman](https://github.com/ungoldman)) - -#### DEPENDENCY UPDATES - -* [`8cc1112`](https://github.com/npm/npm/commit/8cc1112958638ff88ac2c24c4a065acacb93d64b) - [npm/hosted-git-info#21](https://github.com/npm/hosted-git-info/pull/21) - `hosted-git-info@2.2.0`: - Add support for `.tarball()` URLs. - ([@zkat](https://github.com/zkat)) -* [`6eacc1b`](https://github.com/npm/npm/commit/6eacc1bc1925fe3cc79fc97bdc3194d944fce55e) - `npm-registry-mock@1.1.0` - ([@addaleax](https://github.com/addaleax)) -* [`a9b6d77`](https://github.com/npm/npm/commit/a9b6d775e61cf090df0e13514c624f99bf31d1e7) - `aproba@1.1.1` - ([@iarna](https://github.com/iarna)) - -### v4.2.0 (2017-01-26): - -Hi all! I'm Kat, and I'm currently sitting in a train traveling at ~300km/h -through Spain. So clearly, this release should have *something* to do with -speed. And it does! Heck, with this release, you could say we're really -_blazing_, even. 🌲🔥😏 - -#### IMPROVED CLI SEARCH~ - -You might recall if you've been keeping up that one of the reasons for a -semver-major bump to `npm@4` was an improved CLI search (read: no longer blowing -up Node). The work done for that new search system, while still relying on a -full metadata download and local search, was also meant to act as groundwork for -then-ongoing work on a brand-new, smarter search system for npm. Shortly after -`npm@4` came out, the bulk of the server-side work was done, and with this -release, the npm CLI has integrated use of the new endpoint for high-quality, -fast-turnaround searches. - -No, seriously, it's *fast*. And *relevant*: - -[](https://github.com/npm/npm/pull/15481) - -Give it a shot! And remember to check out the new website version of the search, -too, which uses the same backend as the CLI now. 🎉 - -Incidentally, the backend is a public service, so you can write your own search -tools, be they web-based, CLI, or GUI-based. You can read up on the [full -documentation for the search -endpoint](https://github.com/npm/registry/blob/master/docs/REGISTRY-API.md#get-v1search), -and let us know about the cool things you come up with! - -* [`ce3ca51`](https://github.com/npm/npm/commit/ce3ca51ca2d60e15e901c8bf6256338e53e1eca2) - [#15481](https://github.com/npm/npm/pull/15481) - Add an internal `gunzip-maybe` utility for optional gunzipping. - ([@zkat](https://github.com/zkat)) -* [`e322932`](https://github.com/npm/npm/commit/e3229324d507fda10ea9e94fd4de8a4ae5025c75) [`a53055e`](https://github.com/npm/npm/commit/a53055e423f1fe168f05047aa0dfec6d963cb211) [`a1f4365`](https://github.com/npm/npm/commit/a1f436570730c6e4a173ca92d1967a87c29b7f2d) [`c56618c`](https://github.com/npm/npm/commit/c56618c62854ea61f6f716dffe7bcac80b5f4144) - [#15481](https://github.com/npm/npm/pull/15481) - Add support for using the new npm search endpoint for fast, quality search - results. Includes a fallback to "classic" search. - ([@zkat](https://github.com/zkat)) - -#### WHERE DID THE DEBUG LOGS GO - -This is another pretty significant change: Usually, when the npm process -crashed, you would get an `npm-debug.log` in your current working directory. -This debug log would get cleared out as soon as you ran npm again. This was a -bit annoying because 1) you would get a random file in your `git status` that -you might accidentally commit, and 2) if you hit a hard-to-reproduce bug and -instinctually tried again, you would no longer have access to the repro -`npm-debug.log`. - -So now, any time a crash happens, we'll save your debug logs to your cache -folder, under `_logs` (`~/.npm` on *nix, by default -- use `npm config get -cache` to see what your current value is). The cache will now hold a -(configurable) number of `npm-debug.log` files, which you can access in the -future. Hopefully this will help clean stuff up and reduce frustration from -missed repros! In the future, this will also be used by `npm report` to make it -super easy to put up issues about crashes you run into with npm. 💃🕺🏿👯♂️ - -* [`04fca22`](https://github.com/npm/npm/commit/04fca223a0f704b69340c5f81b26907238fad878) - [#11439](https://github.com/npm/npm/pull/11439) - Put debug logs in `$(npm get cache)/_logs` and store multiple log files. - ([@KenanY](https://github.com/KenanY)) - ([@othiym23](https://github.com/othiym23)) - ([@isaacs](https://github.com/isaacs)) - ([@iarna](https://github.com/iarna)) - -#### DOCS - -* [`ae8e71c`](https://github.com/npm/npm/commit/ae8e71c2b7d64d782af287a21e146d7cea6e5273) - [#15402](https://github.com/npm/npm/pull/15402) - Add missing backtick in one of the `npm doctor` messages. - ([@watilde](https://github.com/watilde), [@charlotteis](https://github.com/charlotteis)) -* [`821fee6`](https://github.com/npm/npm/commit/821fee6d0b12a324e035c397ae73904db97d07d2) - [#15480](https://github.com/npm/npm/pull/15480) - Clarify that unscoped packages can depend on scoped packages and vice-versa. - ([@chocolateboy](https://github.com/chocolateboy)) -* [`2ee45a8`](https://github.com/npm/npm/commit/2ee45a884137ae0706b7c741c671fef2cb3bac96) - [#15515](https://github.com/npm/npm/pull/15515) - Update minimum supported Node version number in the README to `node@>=4`. - ([@watilde](https://github.com/watilde)) -* [`af06aa9`](https://github.com/npm/npm/commit/af06aa9a357578a8fd58c575f3dbe55bc65fc376) - [#15520](https://github.com/npm/npm/pull/15520) - Add section to `npm-scope` docs to explain that scope owners will own scoped - packages with that scope. That is, user `@alice` is not allowed to publish to - `@bob/my-package` unless explicitly made an owner by user (or org) `@bob`. - ([@hzoo](https://github.com/hzoo)) -* [`bc892e6`](https://github.com/npm/npm/commit/bc892e6d07a4c6646480703641a4d71129c38b6d) - [#15539](https://github.com/npm/npm/pull/15539) - Replace `http` with `https` and fix typos in some docs. - ([@watilde](https://github.com/watilde)) -* [`1dfe875`](https://github.com/npm/npm/commit/1dfe875b9ac61a0ab9f61a2eab02bacf6cce583c) - [#15545](https://github.com/npm/npm/pull/15545) - Update Node.js download link to point to the right place. - ([@watilde](https://github.com/watilde)) - -#### DEPENDENCIES - - * [`b824bfb`](https://github.com/npm/npm/commit/b824bfbeb2d89c92762e9170b026af98b5a3668a) - `ansi-regex@2.1.1` - * [`81ea3e8`](https://github.com/npm/npm/commit/81ea3e8e4ea34cd9c2b418512dcb508abcee1380) - `mississippi@1.3.0` - -#### MISC - -* [`98df212`](https://github.com/npm/npm/commit/98df212a91fd6ff4a02b9cd247f4166f93d3977a) - [#15492](https://github.com/npm/npm/pull/15492) - Update the "master" node version used for AppVeyor to `node@7`. - ([@watilde](https://github.com/watilde)) -* [`d75fc03`](https://github.com/npm/npm/commit/d75fc03eda5364f12ac266fa4f66e31c2e44e864) - [#15413](https://github.com/npm/npm/pull/15413) - `npm run-script` now exits with the child process' exit code on exit. - ([@kapals](https://github.com/kapals)) - -### v4.1.2 (2017-01-12) - -We have a twee little release this week as we come back from the holidays. - -#### 0.12 IS UNSUPPORTED NOW (really) - -After [jumping the gun a -little](https://github.com/npm/npm/releases/tag/v4.0.2), we can now -officially remove 0.12 from our supported versions list. The Node.js -project has now officially ended even maintenance support for 0.12 and thus, -so will we. To reiterate from the last time we did this: - -What this means: - -* Your contributions will no longer block on the tests passing on 0.12. -* We will no longer block dependency upgrades on working with 0.12. -* Bugs filed on the npm CLI that are due to incompatibilities with 0.12 - (and older versions) will be closed with a strong urging to upgrade to a - supported version of Node. -* On the flip side, we'll continue to (happily!) accept patches that - address regressions seen when running the CLI with Node.js 0.12. - -What this doesn't mean: - -* The CLI is going to start depending on ES2015+ features. npm continues - to work, in almost all cases, all the way back to Node.js 0.8, and our - long history of backwards compatibility is a source of pride for the - team. -* We aren't concerned about the problems of users who, for whatever - reason, can't update to newer versions of npm. As mentioned above, we're - happy to take community patches intended to address regressions. - -We're not super interested in taking sides on what version of Node.js -you "should" be running. We're a workflow tool, and we understand that -you all have a diverse set of operational environments you need to be -able to support. At the same time, we _are_ a small team, and we need -to put some limits on what we support. Tracking what's supported by our -runtime's own team seems most practical, so that's what we're doing. - -* [`c7bbba8`](https://github.com/npm/npm/commit/c7bbba8744b62448103a1510c65d9751288abb5d) - Remove 0.12 from our supported versions list. - ([@iarna](https://github.com/iarna)) - -#### WRITING TO SYMLINKED `package.json` (AND OTHER FILES) - -If your `package.json`, `npm-shrinkwrap.json` or `.npmrc` were a symlink and -you used an `npm` command that modified one of these (eg `npm config set` or -`npm install --save`) then previously we would have removed your symlink and -replaced it with an ordinary file. While making these files symlinks is pretty -uncommon, this was still surprising behavior. With this fix we now overwrite -the _destination_ of the symlink and preserve the symlink itself. - -* [`a583983`](https://github.com/npm/npm/commit/a5839833d3de7072be06884b91902c093aff1aed) - [write-file-atomic/#5](https://github.com/npm/write-file-atomic/issues/5) - [#10223](https://github.com/npm/npm/10223) - `write-file-atomic@1.3.1`: - When the target is a symlink, write-file-atomic now overwrites the - _destination_ of the symlink, instead of replacing the symlink itself. This - makes it's behavior match `fs.writeFile`. - - Fixed a bug where it would ALWAYS fs.stat to look up default mode and chown - values even if you'd passed them in. (It still used the values you passed - in, but did a needless stat.) - ([@iarna](https://github.com/iarna)) - -#### DEPENDENCY UPDATES - -* [`521f230`](https://github.com/npm/npm/commit/521f230dd57261e64ac9613b3db62f5312971dca) - `node-gyp@3.5.0`: - Improvements to how Python is located. New `--devdir` flag. - ([@bnoordhuis](https://github.com/bnoordhuis)) - ([@mhart](https://github.com/mhart)) -* [`ccd83e8`](https://github.com/npm/npm/commit/ccd83e8a70d35fb0904f8a9adb2ff7ac8a6b2706) - `JSONStream@1.3.0`: - Add new emitPath option. - ([@nathanwills](https://github.com/nathanwills)) - -#### TEST IMPROVEMENTS - -* [`d76e084`](https://github.com/npm/npm/commit/d76e08463fd65705217624b861a1443811692f34) - Disable metric reporting for test suite even if the user has it enabled. - ([@iarna](https://github.com/iarna)) - -### v4.1.1 (2016-12-16) - -This fixes a bug in the metrics reporting where, if you had enabled it then -installs would create a metrics reporting process, that would create a -metrics reporting process, that would… well, you get the idea. The only -way to actually kill these processes is to turn off your networking, then -on MacOS/Linux kill them with `kill -9`. Alternatively you can just reboot. - -Anyway, this is a quick release to fix that bug: - -* [`51c393f`](https://github.com/npm/npm/commit/51c393feff5f4908c8a9fb02baef505b1f2259be) - [#15237](https://github.com/npm/npm/pull/15237) - Don't launch a metrics sender process if we're running from a metrics - sender process. - ([@iarna](https://github.com/iarna)) - -### v4.1.0 (2016-12-15) - -I'm really excited about `npm@4.1.0`. I know, I know, I'm kinda overexcited -in my changelogs, but this one is GREAT. We've got a WHOLE NEW subcommand, I -mean, when was the last time you saw that? YEARS! And we have the beginnings -of usage metrics reporting. Then there's a fix for a really subtle bug that -resulted in `shasum` errors. And then we also have a few more bug fixes and -other improvements. - -#### ANONYMOUS METRIC REPORTING - -We're adding the ability for you all to help us track the quality of your -experiences using `npm`. Metrics will be sent if you run: - -``` -npm config set send-metrics true -``` - -Then `npm` will report to `registry.npmjs.org` the number of successful and -failed installations you've had. The data contains no identifying -information and npm will not attempt to correlate things like IP address -with the metrics being submitted. - -Currently we only track number of successful and failed installations. In -the future we would like to find additional metrics to help us better -quantify the quality of the `npm` experience. - -* [`190a658`](https://github.com/npm/npm/commit/190a658c4222f6aa904cbc640fc394a5c875e4db) - [#15084](https://github.com/npm/npm/pull/15084) - Add facility for recording and reporting success metrics. - ([@iarna](https://github.com/iarna)) -* [`87afc8b`](https://github.com/npm/npm/commit/87afc8b466f553fb49746c932c259173de48d0a4) - [npm/npm-registry-client#147](https://github.com/npm/npm-registry-client/pull/148) - `npm-registry-client@7.4.5`: - Add support for sending anonymous CLI metrics. - ([@iarna](https://github.com/iarna), - [@sisidovski](https://github.com/sisidovski)) - -### NPM DOCTOR - -<pre> -<u>Check</u> <u>Value</u> <u>Recommendation</u> -npm ping ok -npm -v v4.0.5 -node -v v4.6.1 Use node v6.9.2 -npm config get registry https://registry.npmjs.org/ -which git /Users/rebecca/bin/git -Perms check on cached files ok -Perms check on global node_modules ok -Perms check on local node_modules ok -Checksum cached files ok -</pre> - -It's a rare day that we add a new command to `npm`, so I'm excited to -present to you `npm doctor`. It checks for a number of common problems and -provides some recommended solutions. It was put together through the hard -work of [@watilde](https://github.com/watilde). - -* [`2359505`](https://github.com/npm/npm/commit/23595055669f76c9fe8f5f1cf4a705c2e794f0dc) - [`0209ee5`](https://github.com/npm/npm/commit/0209ee50448441695fbf9699019d34178b69ba73) - [#14582](https://github.com/npm/npm/pull/14582) - Add new `npm doctor` to give your project environment a health check. - ([@watilde](https://github.com/watilde)) - -#### FIX MAJOR SOURCE OF SHASUM ERRORS - -If you've been getting intermittent shasum errors then you'll be pleased to -know that we've tracked down at least one source of them, if not THE source -of them. - -* [`87afc8b`](https://github.com/npm/npm/commit/87afc8b466f553fb49746c932c259173de48d0a4) - [#14626](https://github.com/npm/npm/issues/14626) - [npm/npm-registry-client#148](https://github.com/npm/npm-registry-client/pull/148) - `npm-registry-client@7.4.5`: - Fix a bug where an `ECONNRESET` while fetching a package file would result - in a partial download that would be reported as a "shasum mismatch". It - now throws away the partial download and retries it. - ([@iarna](https://github.com/iarna)) - -#### FILE URLS AND NODE.JS 7 - -When `npm` was formatting `file` URLs we took advantage of `url.format` to -construct them. Node.js 7 changed the behavior in such a way that our use of -`url.format` stopped producing URLs that we could make use of. - -The reasons for this have to do with the `file` URL specification and how -invalid (according to the specification) URLs are handled. How this changed -is most easily explained with a table: - -<table> -<tr><th></th><th>URL</th><th>Node.js <= 6</th><th><tt>npm</tt>'s understanding</th><th>Node.js 7</th><th><tt>npm</tt>'s understanding</th></tr> -<tr><td>VALID</td><td><tt>file:///abc/def</tt></td><td><tt>file:///abc/def</tt></td><td><tt>/abc/def</tt></td><td><tt>file:///abc/def</tt></td><td><tt>/abc/def</tt></td></tr> -<tr><td>invalid</td><td><tt>file:/abc/def</tt></td><td><tt>file:/abc/def</tt></td><td><tt>/abc/def</tt></td><td><tt>file:///abc/def</tt></td><td><tt>/abc/def</tt></td></tr> -<tr><td>invalid</td><td><tt>file:abc/def</tt></td><td><tt>file:abc/def</tt></td><td><tt>$CWD/abc/def</tt></td><td><tt>file://abc/def</tt></td><td><tt>/def</tt> on the <tt>abc</tt> host</td></tr> -<tr><td>invalid</td><td><tt>file:../abc/def</tt></td><td><tt>file:../abc/def</tt></td><td><tt>$CWD/../abc/def</tt></td><td><tt>file://../abc/def</tt></td><td><tt>/abc/def</tt> on the <tt>..</tt> host</td></tr> -</table> - -So the result was that passing a `file` URL that npm had received that used -through Node.js 7's `url.format` changed its meaning as far as `npm` was -concerned. As those kinds of URLs are, per the specification, invalid, how -they should be handled is undefined and so the change in Node.js wasn't a -bug per se. - -Our solution is to stop using `url.format` when constructing this kind of -URL. - -* [`173935b`](https://github.com/npm/npm/commit/173935b4298e09c4fdcb8f3a44b06134d5aff181) - [#15114](https://github.com/npm/npm/issues/15114) - Stop using `url.format` for relative local dep paths. - ([@zkat](https://github.com/zkat)) - -#### EXTRANEOUS LIFECYCLE SCRIPT EXECUTION WHEN REMOVING - -* [`afb1dfd`](https://github.com/npm/npm/commit/afb1dfd944e57add25a05770c0d52d983dc4e96c) - [#15090](https://github.com/npm/npm/pull/15090) - Skip top level lifecycles when uninstalling. - ([@iarna](https://github.com/iarna)) - -#### REFACTORING AND INTERNALS - -* [`c9b279a`](https://github.com/npm/npm/commit/c9b279aca0fcb8d0e483e534c7f9a7250e2a9392) - [#15205](https://github.com/npm/npm/pull/15205) - [#15196](https://github.com/npm/npm/pull/15196) - Only have one function that determines which version of a package to use - given a specifier and a list of versions. - ([@iarna](https://github.com/iarna), - [@zkat](https://github.com/zkat)) - -* [`981ce63`](https://github.com/npm/npm/commit/981ce6395e7892dde2591b44e484e191f8625431) - [#15090](https://github.com/npm/npm/pull/15090) - Rewrite prune to use modern npm plumbing. - ([@iarna](https://github.com/iarna)) - -* [`bc4b739`](https://github.com/npm/npm/commit/bc4b73911f58a11b4a2d28b49e24b4dd7365f95b) - [#15089](https://github.com/npm/npm/pull/15089) - Rename functions and variables in the module that computes what changes to - make to your installation. - ([@iarna](https://github.com/iarna)) - -* [`2449f74`](https://github.com/npm/npm/commit/2449f74a202b3efdb1b2f5a83356a78ea9ecbe35) - [#15089](https://github.com/npm/npm/pull/15089) - When computing changes to make to your installation, use a function to add - new actions to take instead of just pushing on a list. - ([@iarna](https://github.com/iarna)) - -#### IMPROVED LOGGING - -* [`335933a`](https://github.com/npm/npm/commit/335933a05396258eead139d27eea3f7668ccdfab) - [#15089](https://github.com/npm/npm/pull/15089) - Log when we remove obsolete dependencies in the tree. - ([@iarna](https://github.com/iarna)) - -#### DOCUMENTATION - -* [`33ca4e6`](https://github.com/npm/npm/commit/33ca4e6db3c1878cbc40d5e862ab49bb0e82cfb2) - [#15157](https://github.com/npm/npm/pull/15157) - Update `npm cache` docs to use more consistent language - ([@JonahMoses](https://github.com/JonahMoses)) - -#### DEPENDENCY UPDATES - -* [`c2d22fa`](https://github.com/npm/npm/commit/c2d22faf916e8260136a1cc95913ca474421c0d3) - [#15215](https://github.com/npm/npm/pull/15215) - `nopt@4.0.1`: - The breaking change is a small tweak to how empty string values are - handled. See the brand-new - [CHANGELOG.md for nopt](https://github.com/npm/nopt/blob/v4.0.1/CHANGELOG.md) for further - details about what's changed in this release! - ([@adius](https://github.com/adius), - [@samjonester](https://github.com/samjonester), - [@elidoran](https://github.com/elidoran), - [@helio](https://github.com/helio), - [@silkentrance](https://github.com/silkentrance), - [@othiym23](https://github.com/othiym23)) -* [`54d949b`](https://github.com/npm/npm/commit/54d949b05adefffeb7b5b10229c5fe0ccb929ac3) - [npm/lockfile#24](https://github.com/npm/lockfile/pull/24) - `lockfile@1.0.3`: - Handled case where callback was not passed in by the user. - ([@ORESoftware](https://github.com/ORESoftware)) -* [`54acc03`](https://github.com/npm/npm/commit/54acc0389b39850c0725d0868cb5e61317b57503) - `npmlog@4.0.2`: - Documentation update. - ([@helio-frota](https://github.com/helio-frota)) -* [`57f4bc1`](https://github.com/npm/npm/commit/57f4bc1150322294c1ea0a287ad0a8e457c151e6) - `osenv@0.1.4`: - Test changes. - ([@isaacs](https://github.com/isaacs)) -* [`bea1a2d`](https://github.com/npm/npm/commit/bea1a2d0db566560e13ecc1d5f42e55811269c88) - `retry@0.10.1`: - No changes. - ([@tim-kos](https://github.com/tim-kos)) -* [`6749e39`](https://github.com/npm/npm/commit/6749e395f868109afd97f79d36507e6567dd48fb) - [kapouer/marked-man#9](https://github.com/kapouer/marked-man/pull/9) - `marked-man@0.2.0`: - Add table support. - ([@gholk](https://github.com/gholk)) - -### v4.0.5 (2016-12-01) - -It's that time of year! December is upon us, which means y'all are just going to -be doing a lot less, in general, for the next month or so. The "Xmas Chasm", as -we like to call it, has already begun. So for those of you reading it from the -other side: Hi! Welcome back! - -This week's release is a relatively small one, involving just a few bugfixes and -dependency upgrades. The CLI team has been busy recently with scoping out -`npm@5`, and starting to do initial spec work for in-scope stuff. - -#### BUGFIXES - -On to the actual changes! - -* [`9776d8f`](https://github.com/npm/npm/commit/9776d8f70a0ea8d921cbbcab7a54e52c15fc455f) - [#15081](https://github.com/npm/npm/pull/15081) - `bundledDependencies` are intended to be left untouched by the installer, as - much as possible -- if they're bundled, we assume that you want to be - particular about the contents of your bundle. - - The installer used to have a corner case where existing dependencies that had - bundledDependencies would get clobbered by as the installer moved stuff - around, even though the installer already avoided moving deps that were - themselves bundled. This is now fixed, along with the connected crasher, and - your bundledDeps should be left even more intact than before! - ([@iarna](https://github.com/iarna)) -* [`fc61c08`](https://github.com/npm/npm/commit/fc61c082122104031ccfb2a888432c9f809a0e8b) - [#15082](https://github.com/npm/npm/pull/15082) - Initialize nodes from bundled dependencies. This should address - [#14427](https://github.com/npm/npm/issues/14427) and related issues, but it's - turned out to be a tremendously difficult issue to reproduce in a test. We - decided to include it even pending tests, because we found the root cause of - the errors. - ([@iarna](https://github.com/iarna)) -* [`d8471a2`](https://github.com/npm/npm/commit/d8471a294ef848fc893f60e17d6ec6695b975d16) - [#12811](https://github.com/npm/npm/pull/12811) - Consider `devDependencies` when deciding whether to hoist a package. This - should resolve a variety of missing dependency issues some folks were seeing - when `devDependencies` happened to also be dependencies of your - `dependencies`. This often manifested as modules going missing, or only being - installed, after `npm install` was called twice. - ([@schmod](https://github.com/schmod)) - -#### DEPENDENCY UPDATES - -* [`5978703`](https://github.com/npm/npm/commit/5978703da8669adae464789b1b15ee71d7f8d55d) - `graceful-fs@4.1.11`: - `EPERM` errors are Windows are now handled more gracefully. Windows users that - tended to see these errors due to, say, an antivirus-induced race condition, - should see them much more rarely, if at all. - ([@zkatr](https://github.com/zkat)) -* [`85b0174`](https://github.com/npm/npm/commit/85b0174ba9842e8e89f3c33d009e4b4a9e877c7d) - `request@2.79.0` - ([@zkat](https://github.com/zkat)) -* [`9664d36`](https://github.com/npm/npm/commit/9664d36653503247737630440bc2ff657de965c3) - `tap@8.0.1` - ([@zkat](https://github.com/zkat)) - -#### MISCELLANEOUS - -* [`f0f7b0f`](https://github.com/npm/npm/commit/f0f7b0fd025daa2b69994130345e6e8fdaaa0304) - [#15083](https://github.com/npm/npm/pull/15083) - Removed dead code. - ([@iarna](https://github.com/iarna))
* [`bc32afe`](https://github.com/npm/npm/commit/bc32afe4d12e3760fb5a26466dc9c26a5a2981d5) [`c8a22fe`](https://github.com/npm/npm/commit/c8a22fe5320550e09c978abe560b62ce732686f4) [`db2666d`](https://github.com/npm/npm/commit/db2666d8c078fc69d0c02c6a3de9b31be1e995e9) - [#15085](https://github.com/npm/npm/pull/15085) - Change some network tests so they can run offline. - ([@iarna](https://github.com/iarna)) -* [`744a39b`](https://github.com/npm/npm/commit/744a39b836821b388ad8c848bd898c1d006689a9) - [#15085](https://github.com/npm/npm/pull/15085) - Make Node.js tests compatible with Windows. - ([@iarna](https://github.com/iarna)) - -### v4.0.3 (2016-11-17) - -Hey you all, we've got a couple of bug fixes for you, a slew of -documentation improvements and some improvements to our CI environment. I -know we just got v4 out the door, but the CLI team is already busy planning -v5. We'll have more for you in early December. - -#### BUG FIXES - -* [`45d40d9`](https://github.com/npm/npm/commit/45d40d96d2cd145f1e36702d6ade8cd033f7f332) - [`ba2adc2`](https://github.com/npm/npm/commit/ba2adc2e822d5e75021c12f13e3f74ea2edbde32) - [`1dc8908`](https://github.com/npm/npm/commit/1dc890807bd78a1794063688af31287ed25a2f06) - [`2ba19ee`](https://github.com/npm/npm/commit/2ba19ee643d612d103cdd8f288d313b00d05ee87) - [#14403](https://github.com/npm/npm/pull/14403) - Fix a bug where a scoped module could produce crashes when incorrectly - computing the paths related to their location. This patch reorganizes how path information - is passed in to eliminate the possibility of this sort of bug. - ([@iarna](https://github.com/iarna)) - ([@NatalieWolfe](https://github.com/NatalieWolfe)) -* [`1011ec6`](https://github.com/npm/npm/commit/1011ec61230288c827a1c256735c55cf03d6228f) - [npm/npmlog#46](https://github.com/npm/npmlog/pull/46) - `npmlog@4.0.1`: Fix a bug where the progress bar would still display even if - you passed in `--no-progress`. - ([@iarna](https://github.com/iarna)) - -#### DOCUMENTATION UPDATES - -* [`c3ac177`](https://github.com/npm/npm/commit/c3ac177236124c80524c5f252ba8f6670f05dcd8) - [#14406](https://github.com/npm/npm/pull/14406) - Sync up the dispute policy included with the CLI with the [current official text](https://www.npmjs.com/policies/disputes). - ([@mike-engel](https://github.com/mike-engel)) -* [`9c663b2`](https://github.com/npm/npm/commit/9c663b2dd8552f892dc0205330bbc73a484ecd81) - [#14627](https://github.com/npm/npm/pull/14627) - Update build status branch in README. - ([@cameronroe](https://github.com/cameronroe)) -* [`8a8a0a3`](https://github.com/npm/npm/commit/8a8a0a3d490fc767def208f925cdff57e16e565b) - [#14609](https://github.com/npm/npm/pull/14609) - Update examples URLs of GitHub repos where those repos have moved to new URLs. - ([@dougwilson](https://github.com/dougwilson)) -* [`7a6425b`](https://github.com/npm/npm/commit/7a6425bcd4decde5d4b0af8b507e98723a07c680) - [#14472](https://github.com/npm/npm/pull/14472) - Document `sign-git-tag` in - [npm-version(1)](https://github.com/npm/npm/blob/release-next/doc/cli/npm-version.md)'s - configuration section. - ([@strugee](https://github.com/strugee)) -* [`f3087cc`](https://github.com/npm/npm/commit/f3087cc58c903d9a70275be805ebaf0eadbcbe1b) - [#14546](https://github.com/npm/npm/pull/14546) - Add a note about the dangers of configuring npm via uppercase env vars. - ([@tuhoojabotti](https://github.com/tuhoojabotti)) -* [`50e51b0`](https://github.com/npm/npm/commit/50e51b04a143959048cf9e1e4c8fe15094f480b0) - [#14559](https://github.com/npm/npm/pull/14559) - Remove documentation that incorrectly stated that we check `.npmrc` permissions. - ([@iarna](https://github.com/iarna)) - -##### OH UH, HELLO AGAIN NODE.JS 0.12 - -* [`6f0c353`](https://github.com/npm/npm/commit/6f0c353e4e89b0378a4c88c829ccf9a1c5ae829d) - [`f78bde6`](https://github.com/npm/npm/commit/f78bde6983bdca63d5fcb9c220c87e8f75ffb70e) - [#14591](https://github.com/npm/npm/pull/14591) - Reintroduce Node.js 0.12 to our support matrix. We jumped the gun when - removing it. We won't drop support for it till the Node.js project does - so at the end of December 2016. - ([@othiym23](https://github.com/othiym23)) - -#### TEST/CI UPDATES - -* [`aa73d1c`](https://github.com/npm/npm/commit/aa73d1c1cc22608f95382a35b33da252addff38e) - [`c914e80`](https://github.com/npm/npm/commit/c914e80f5abcb16c572fe756c89cf0bcef4ff991) -* [`58fe064`](https://github.com/npm/npm/commit/58fe064dcc80bc08c677647832f2adb4a56b538a) - [#14602](https://github.com/npm/npm/pull/14602) - When running tests with coverage, use nyc's cache. This provides an 8x speedup! - ([@bcoe](https://github.com/bcoe)) -* [`ba091ce`](https://github.com/npm/npm/commit/ba091ce843af5d694f4540e825b095435b3558d8) - [#14435](https://github.com/npm/npm/pull/14435) - Remove an unused zero byte `package.json` found in the test fixtures. - ([@baderbuddy](https://github.com/baderbuddy)) - -#### DEPENDENCY UPDATES - -* [`442e01e`](https://github.com/npm/npm/commit/442e01e42d8a439809f6726032e3b73ac0d2b2f8) - `readable-stream@2.2.2`: - Bring in latest changes from Node.js 7.x. - ([@calvinmetcalf](https://github.com/calvinmetcalf)) -* [`bfc4a1c`](https://github.com/npm/npm/commit/bfc4a1c0c17ef0a00dfaa09beba3389598a46535) - `which@1.2.12`: - Remove unused require. - ([@isaacs](https://github.com/isaacs)) - -#### DEV DEPENDENCY UPDATES - -* [`7075b05`](https://github.com/npm/npm/commit/7075b054d8d2452bb53bee9b170498a48a0dc4e9) - `marked-man@0.1.6` - ([@kapouer](https://github.com/kapouer)) -* [`3e13fea`](https://github.com/npm/npm/commit/3e13fea907ee1141506a6de7d26cbc91c28fdb80) - `tap@8.0.0` - ([@isaacs](https://github.com/isaacs)) - -### v4.0.2 (2016-11-03) - -Hola, amigxs. I know it's been a long time since I rapped at ya, but I -been spending a lotta time quietly reflecting on all the things going on -in my life. I was, like, [in Japan for a while](https://gist.github.com/othiym23/c98bd4ef5d9fb3f496835bd481ef40ae), -and before that my swell colleagues [@zkat](https://github.com/zkat) and -[@iarna](https://github.com/iarna) have been very capably managing the release -process for quite a while. But I returned from Japan somewhat refreshed, very -jetlagged, and filled with a burning urge to get `npm@4` as stable as possible -before we push it out to the user community at large, so I decided to do this -release myself. (Also, huge thanks to Kat and Rebecca for putting out `npm@4` -so capably while I was on vacation! So cool to return to a major release having -gone so well without my involvement!) - -That said... - -#### NEVER TRUST AN X.0.0 RELEASE - -Even though 4.0.1 came out hard on the heels of 4.0.0 with a couple -critical fixes, we've found a couple other major issues that we want to -see fixed before making `npm@4` into `npm@latest`. Some of these are -arguably breaking changes on their own, so now is the time to get them -out if we're going to do so before `npm@5`, and all of them are pretty -significant blockers for a substantial number of users, so now is the -best time to fix them. - -##### PREPUBLISHONLY WHOOPS - -The code running the `publish*` lifecycle events was very confusingly written. -In fact, we didn't really figure out what it was doing until we added the new -`prepublishOnly` event and it was running people's scripts from the wrong -directory. We made it simpler. See the [commit -message](https://github.com/npm/npm/commit/8b32d67aa277fd7e62edbed886387a855f58387f) -for details. - -Because the change is no longer running publish events when publishing prebuilt -artifacts, it's technically a breaking / semver-major change. In the off chance -that the new behavior breaks any of y'all's workflows, let us know, and we can -roll some or all of this change back until `npm@5` (or forever, if that works -better for you). - -* [`8b32d67`](https://github.com/npm/npm/commit/8b32d67aa277fd7e62edbed886387a855f58387f) - [#14502](https://github.com/npm/npm/pull/14502) - Simplify lifecycle invocation and fix `prepublishOnly`. - ([@othiym23](https://github.com/othiym23)) - -##### G'BYE NODE.JS 0.10, 0.12, and 5.X; HI THERE, NODE 7 - -With the advent of the second official Node.js LTS release, Node 6.x -'Boron', the Node.js project has now officially dropped versions 0.10 -and 0.12 out of the maintenance phase of LTS. (Also, Node 5 was never -part of LTS, and will see no further support now that Node 7 has been -released.) As a small team with limited resources, the npm CLI team is -following suit and dropping those versions of Node from its CI test -matrix. - -What this means: - -* Your contributions will no longer block on the tests passing on 0.10 and 0.12. -* We will no longer block dependency upgrades on working with 0.10 and 0.12. -* Bugs filed on the npm CLI that are due to incompatibilities with 0.10 - or 0.12 (and older versions) will be closed with a strong urging to - upgrade to a supported version of Node. -* On the flip side, we'll continue to (happily!) accept patches that - address regressions seen when running the CLI with Node.js 0.10 and - 0.12. - -What this doesn't mean: - -* The CLI is going to start depending on ES2015+ features. npm continues - to work, in almost all cases, all the way back to Node.js 0.8, and our - long history of backwards compatibility is a source of pride for the - team. -* We aren't concerned about the problems of users who, for whatever - reason, can't update to newer versions of npm. As mentioned above, we're - happy to take community patches intended to address regressions. - -We're not super interested in taking sides on what version of Node.js -you "should" be running. We're a workflow tool, and we understand that -you all have a diverse set of operational environments you need to be -able to support. At the same time, we _are_ a small team, and we need -to put some limits on what we support. Tracking what's supported by our -runtime's own team seems most practical, so that's what we're doing. - -* [`ab630c9`](https://github.com/npm/npm/commit/ab630c9a7a1b40cdd4f1244be976c25ab1525907) - [#14503](https://github.com/npm/npm/pull/14503) - Node 6 is LTS; 5.x, 0.10, and 0.12 are unsupported. - ([@othiym23](https://github.com/othiym23)) -* [`731ae52`](https://github.com/npm/npm/commit/731ae526fb6e9951c43d82a26ccd357b63cc56c2) - [#14503](https://github.com/npm/npm/pull/14503) - Update supported version expression. - ([@othiym23](https://github.com/othiym23)) - -##### DISENTANGLING SCOPE - -The new `Npm-Scope` header was previously reusing the `scope` -configuration option to pass the current scope back to your current -registry (which, as [described -previously](https://github.com/npm/npm/blob/release-next/CHANGELOG.md#send-extra-headers-to-registry), is meant to set up some upcoming -registry features). It turns out that had some [seriously weird -consequences](https://github.com/npm/npm/issues/14412) in the case where -you were already configuring `scope` in your own environment. The CLI -now uses separate configuration for this. - -* [`39358f7`](https://github.com/npm/npm/commit/39358f732ded4aa46d86d593393a0d6bca5dc12a) - [#14477](https://github.com/npm/npm/pull/14477) - Differentiate registry scope from project scope in configuration. - ([@zkat](https://github.com/zkat)) - -#### SMALLER CHANGES - -* [`7f41295`](https://github.com/npm/npm/commit/7f41295775f28b958a926f9cb371cb37b05771dd) - [#14519](https://github.com/npm/npm/pull/14519) - Document that as of `npm@4.0.1`, `npm shrinkwrap` now includes `devDependencies` unless - instructed otherwise. - ([@iarna](https://github.com/iarna)) -* [`bdc2f9e`](https://github.com/npm/npm/commit/bdc2f9e255ddf1a47fd13ec8749d17ed41638b2c) - [#14501](https://github.com/npm/npm/pull/14501) - The `ENOSELF` error message is tricky to word. It's also an error that - normally bites new users. Clean it up in an effort to make it easier - to understand what's going on. - ([@snopeks](https://github.com/snopeks), [@zkat](https://github.com/zkat)) - -#### DEPENDENCY UPGRADES - -* [`a52d0f0`](https://github.com/npm/npm/commit/a52d0f0c9cf2de5caef77e12eabd7dca9e89b49c) - `glob@7.1.1`: - - Handle files without associated perms on Windows. - - Fix failing case with `absolute` option. - ([@isaacs](https://github.com/isaacs), [@phated](https://github.com/phated)) -* [`afda66d`](https://github.com/npm/npm/commit/afda66d9afcdcbae1d148f589287583c4182d124) - [isaacs/node-graceful-fs#97](https://github.com/isaacs/node-graceful-fs/pull/97) - `graceful-fs@4.1.10`: Better backoff for EPERM on Windows. - ([@sam-github](https://github.com/sam-github)) -* [`e0023c0`](https://github.com/npm/npm/commit/e0023c089ded9161fbcbe544f12b07e12e3e5729) - [npm/inflight#3](https://github.com/npm/inflight/pull/3) - `inflight@1.0.6`: Clean up even if / when a callback throws. - ([@phated](https://github.com/phated)) -* [`1d91594`](https://github.com/npm/npm/commit/1d9159440364d2fe21e8bc15e08e284aaa118347) - `request@2.78.0` - ([@othiym23](https://github.com/othiym23)) - -### v4.0.1 (2016-10-24) - -Ayyyy~ 🌊 - -So thanks to folks who were running on `npm@next`, we managed to find a few -issues of notes in that preview version, and we're rolling out a small patch -change to fix them. Most notably, anyone who was using a symlinked `node` binary -(for example, if they installed Node.js through `homebrew`), was getting a very -loud warning every time they ran scripts. Y'all should get warnings in a more -useful way, now that we're resolving those path symlinks. - -Another fairly big change that we decided to slap into this version, since -`npm@4.0.0` is never going to be `latest`, is to make it so `devDependencies` -are included in `npm-shrinkwrap.json` by default -- if you do not want this, use -`--production` with `npm shrinkwrap`. - -#### BIG FIXES/CHANGES - -* [`eff46dd`](https://github.com/npm/npm/commit/eff46dd498ed007bfa77ab7782040a3a828b852d) - [#14374](https://github.com/npm/npm/pull/14374) - Fully resolve the path for `node` executables in both `$PATH` and - `process.execPath` to avoid issues with symlinked `node`. - ([@addaleax](https://github.com/addaleax)) -* [`964f2d3`](https://github.com/npm/npm/commit/964f2d3a0675584267e6ece95b0115a53c6ca6a9) - [#14375](https://github.com/npm/npm/pull/14375) - Make including `devDependencies` in `npm-shrinkwrap.json` the default. This - should help make the transition to `npm@5` smoother in the future. - ([@iarna](https://github.com/iarna)) - -#### BUGFIXES - -* [`a5b0a8d`](https://github.com/npm/npm/commit/a5b0a8db561916086fc7dbd6eb2836c952a42a7e) - [#14400](https://github.com/npm/npm/pull/14400) - Recently, we've had some consistent timeout failures while running the test - suite under Travis. This tweak to tests should take care of those issues and - Travis should go back to being reliably green. - ([@iarna](https://github.com/iarna)) - -#### DOC PATCHES - -* [`c5907b2`](https://github.com/npm/npm/commit/c5907b2fc1a82ec919afe3b370ecd34d8895c7a2) - [#14251](https://github.com/npm/npm/pull/14251) - Update links to Node.js downloads. They previously pointed to 404 pages.😬 - ([@ArtskydJ](https://github.com/ArtskydJ)) -* [`0c122f2`](https://github.com/npm/npm/commit/0c122f24ff1d4d400975edda2b7262aaaf6f7d69) - [#14380](https://github.com/npm/npm/pull/14380) - Add note and clarification on when `prepare` script is run. Make it more - consistent with surrounding descriptions. - ([@SimenB](https://github.com/SimenB)) -* [`51a62ab`](https://github.com/npm/npm/commit/51a62abd88324ba3dad18e18ca5e741f1d60883c) - [#14359](https://github.com/npm/npm/pull/14359) - Fixes typo in `npm@4` changelog. - ([@kimroen](https://github.com/kimroen)) - -### v4.0.0 (2016-10-20) - -Welcome to `npm@4`, friends! - -This is our first semver major release since the release of `npm@3` just over a -year ago. Back then, `@3` turned out to be a bit of a ground-shaking release, -with a brand-new installer with significant structural changes to how npm set up -your tree. This is the end of an era, in a way. `npm@4` also marks the release -when we move *both* `npm@2` and `npm@3` into maintenance: We will no longer be -updating those release branches with anything except critical bugfixes and -security patches. - -While its predecessor had some pretty serious impaact, `npm@4` is expected to -have a much smaller effect on your day-to-day use of npm. Over the past year, -we've collected a handful of breaking changes that we wanted to get in which are -only breaking under a strict semver interpretation (which we follow). Some of -these are simple usability improvements, while others fix crashes and serious -issues that required a major release to include. - -We hope this release sees you well, and you can look forward to an accelerated -release pace now that the CLI team is done focusing on sustaining work -- our -Windows fixing and big bugs pushes -- and we can start focusing again on -usability, features, and performance. Keep an eye out for `npm@5` in Q1 2017, -too: We're planning a major overhaul of `shrinkwrap` as well as various speed -and usability fixes for that release. It's gonna be a fun ride. I promise. 😘 - -#### BRIEF OVERVIEW OF **BREAKING** CHANGES - -The following breaking changes are included in this release: - -* `npm search` rewritten to stream results, and no longer supports sorting. -* `npm scripts` no longer prepend the path of the node executable used to run - npm before running scripts. A `--scripts-prepend-node-path` option has been - added to configure this behavior. -* `npat` has been removed. -* `prepublish` has been deprecated, replaced by `prepare`. A `prepublishOnly` - script has been temporarily added, which will *only* run on `npm publish`. -* `npm outdated` exits with exit code `1` if it finds any outdated packages. -* `npm tag` has been removed after a deprecation cycle. Use `npm dist-tag`. -* Partial shrinkwraps are no longer supported. `npm-shrinkwrap.json` is - considered a complete installation manifest except for `devDependencies`. -* npm's default git branch is no longer `master`. We'll be using `latest` from - now on. - -#### SEARCH REWRITE (**BREAKING**) - -Let's face it -- `npm search` simply doesn't work anymore. Apart from the fact -that it grew slower over the years, it's reached a point where we can no longer -fit the entire registry metadata in memory, and anyone who tries to use the -command now sees a really awful memory overflow crash from node. - -It's still going to be some time before the CLI, registry, and web team are able -to overhaul `npm search` altogether, but until then, we've rewritten the -previous `npm search` implementation to *stream* results on the fly, from both -the search endpoint and a local cache. In absolute terms, you won't see a -performance increase and this patch *does* come at the cost of sorting -capabilities, but what it does do is start outputting results as it finds them. -This should make the experience much better, overall, and we believe this is an -acceptable band-aid until we have that search endpoint in place. - -Incidentally, if you want a really nice search experience, we recommend checking -out [npms.io](http://npms.io), which includes a handy-dandy -[`npms-cli`](https://npm.im/npms-cli) for command-line usage -- it's an npm -search site that returns high-quality results quickly and is operated by members -of the npm community. - -* [`cfd43b4`](https://github.com/npm/npm/commit/cfd43b49aed36d0e8ea6c35b07ed8b303b69be61) [`2b8057b`](https://github.com/npm/npm/commit/2b8057be2e1b51e97b1f8f38d7f58edf3ce2c145) - [#13746](https://github.com/npm/npm/pull/13746) - Stream search process end-to-end. - ([@zkat](https://github.com/zkat) and [@aredridel](https://github.com/aredridel)) -* [`50f4ec8`](https://github.com/npm/npm/commit/50f4ec8e8ce642aa6a58cb046b2b770ccf0029db) [`70b4bc2`](https://github.com/npm/npm/commit/70b4bc22ec8e81cd33b9448f5b45afd1a50d50ba) [`8fb470f`](https://github.com/npm/npm/commit/8fb470fe755c4ad3295cb75d7b4266f8e67f8d38) [`ac3a6e0`](https://github.com/npm/npm/commit/ac3a6e0eba61fb40099b1370c74ad1598777def4) [`bad54dd`](https://github.com/npm/npm/commit/bad54dd9f1119fe900a8d065f8537c6f1968b589) [`87d504e`](https://github.com/npm/npm/commit/87d504e0a61bccf09f5e975007d018de3a1c5f50) - [#13746](https://github.com/npm/npm/pull/13746) - Updated search-related tests. - ([@zkat](https://github.com/zkat)) -* [`3596de8`](https://github.com/npm/npm/commit/3596de88598c69eb5bae108703c8e74ca198b20c) - [#13746](https://github.com/npm/npm/pull/13746) - `JSONStream@1.2.1` - ([@zkat](https://github.com/zkat)) -* [`4b09209`](https://github.com/npm/npm/commit/4b09209bb605f547243065032a8b37772669745f) - [#13746](https://github.com/npm/npm/pull/13746) - `mississippi@1.2.0` - ([@zkat](https://github.com/zkat)) -* [`b650b39`](https://github.com/npm/npm/commit/b650b39d42654abb9eed1c7cd463b1c595ca2ef9) - [#13746](https://github.com/npm/npm/pull/13746) - `sorted-union-stream@2.1.3` - ([@zkat](https://github.com/zkat)) - -#### SCRIPT NODE PATH (**BREAKING**) - -Thanks to some great work by [@addaleax](https://github.com/addaleax), we've -addressed a fairly tricky issue involving the node process used by `npm -scripts`. - -Previously, npm would prefix the path of the node executable to the script's -`PATH`. This had the benefit of making sure that the node process would be the -same for both npm and `scripts` unless you had something like -[`node-bin`](https://npm.im/node-bin) in your `node_modules`. And it turns out -lots of people relied on this behavior being this way! - -It turns out that this had some unintended consequences: it broke systems like -[`nyc`](https://npm.im/nyc), but also completely broke/defeated things like -[`rvm`](https://rvm.io/) and -[`virtualenv`](https://virtualenv.pypa.io/en/stable/) by often causing things -that relied on them to fall back to the global system versions of ruby and -python. - -In the face of two perfectly valid, and used alternatives, we decided that the -second case was much more surprising for users, and that we should err on the -side of doing what those users expect. Anna put some hard work in and managed to -put together a patch that changes npm's behavior such that we no longer prepend -the node executable's path *by default*, and adds a new option, -`--scripts-prepend-node-path`, to allow users who rely on this behavior to have -it add the node path for them. - -This patch also makes it so this feature is discoverable by people who might run -into the first case above, by warning if the node executable is either missing -or shadowed by another one in `PATH`. This warning can also be disabled with the -`--scripts-prepend-node-path` option as needed. - -* [`3fb1eb3`](https://github.com/npm/npm/commit/3fb1eb3e00b5daf37f14e437d2818e9b65a43392) [`6a7d375`](https://github.com/npm/npm/commit/6a7d375d779ba5416fd5df154c6da673dd745d9d) [`378ae08`](https://github.com/npm/npm/commit/378ae08851882d6d2bc9b631b16b8c875d0b9704) - [#13409](https://github.com/npm/npm/pull/13409) - Add a `--scripts-prepend-node-path` option to configure whether npm prepends - the current node executable's path to `PATH`. - ([@addaleax](https://github.com/addaleax)) -* [`70b352c`](https://github.com/npm/npm/commit/70b352c6db41533b9a4bfaa9d91f7a2a1178f74e) - [#13409](https://github.com/npm/npm/pull/13409) - Change the default behaviour of npm to never prepending the current node - executable’s directory to `PATH` but printing a warning in the cases in which - it previously did. - ([@addaleax](https://github.com/addaleax)) - -#### REMOVE `npat` (**BREAKING**) - -Let's be real here -- almost no one knows this feature ever existed, and it's a -vestigial feature of the days when the ideal for npm was to distribute full -packages that could be directly developed on, even from the registry. - -It turns out the npm community decided to go a different way: primarily -publishing packages in a production-ready format, with no tests, build tools, -etc. And so, we say goodbye to `npat`. - -* [`e16c14a`](https://github.com/npm/npm/commit/e16c14afb6f52cb8b7adf60b2b26427f76773f2e) - [#14329](https://github.com/npm/npm/pull/14329) - Remove the npat feature. - ([@iarna](https://github.com/iarna)) - -#### NEW `prepare` SCRIPT. `prepublish` DEPRECATED (**BREAKING**) - -If there's anything that really seemed to confuse users, it's that the -`prepublish` script ran when invoking `npm install` without any arguments. - -Turns out many, many people really expected that it would only run on `npm -publish`, even if it actually did what most people expected: prepare the package -for publishing on the registry. +* `--parseable` and `--json` now work more consistently across various commands, particularly `install` and `ls`. -And so, we've added a `prepare` command that runs in the exact same cases where -`prepublish` ran, and we've begun a deprecation cycle for `prepublish` itself -**only when run by `npm install`**, which will now include a warning any time -you use it that way. +* Indentation is now [detected and preserved](https://twitter.com/maybekatz/status/860690502932340737) for `package.json`, `package-lock.json`, and `npm-shrinkwrap.json`. If the package lock is missing, it will default to `package.json`'s current indentation. -We've also added a `prepublishOnly` script which will execute **only** when `npm -publish` is invoked. Eventually, `prepublish` will stop executing on `npm -install`, and `prepublishOnly` will be removed, leaving `prepare` and -`prepublish` as two distinct lifecycles. +#### Publishing -* [`9b4a227`](https://github.com/npm/npm/commit/9b4a2278cee0a410a107c8ea4d11614731e0a943) [`bc32078`](https://github.com/npm/npm/commit/bc32078fa798acef0e036414cb448645f135b570) - [#14290](https://github.com/npm/npm/pull/14290) - Add `prepare` and `prepublishOnly` lifecyle events. - ([@othiym23](https://github.com/othiym23)) -* [`52fdefd`](https://github.com/npm/npm/commit/52fdefddb48f0c39c6e8eb4c118eb306c9436117) - [#14290](https://github.com/npm/npm/pull/14290) - Warn when running `prepublish` on `npm pack`. - ([@othiym23](https://github.com/othiym23)) -* [`4c2a948`](https://github.com/npm/npm/commit/4c2a9481b564cae3df3f4643766db4b987018a7b) [`a55bd65`](https://github.com/npm/npm/commit/a55bd651284552b93f7d972a2e944f65c1aa6c35) - [#14290](https://github.com/npm/npm/pull/14290) - Added `prepublish` warnings to `npm install`. - ([@zkat](https://github.com/zkat)) -* [`c27412b`](https://github.com/npm/npm/commit/c27412bb9fc7b09f7707c7d9ad23128959ae1abc) - [#14290](https://github.com/npm/npm/pull/14290) - Replace `prepublish` with `prepare` in `npm help package.json` documentation. - ([@zkat](https://github.com/zkat)) +* New [publishes will now include *both* `sha512`](https://twitter.com/maybekatz/status/863201943082065920) and `sha1` checksums. Versions of npm from 5 onwards will use the strongest algorithm available to verify downloads. [npm/npm-registry-client#157](https://github.com/npm/npm-registry-client/pull/157) -#### NO MORE PARTIAL SHRINKWRAPS (**BREAKING**) +#### Cache Rewrite! -That's right. No more partial shrinkwraps. That means that if you have an -`npm-shrinkwrap.json` in your project, npm will no longer install anything that -isn't explicitly listed there, unless it's a `devDependency`. This will open -doors to some nice optimizations and make use of `npm shrinkwrap` just generally -smoother by removing some awful corner cases. We will also skip `devDependency` -installation from `package.json` if you added `devDependencies` to your -shrinkwrap by using `npm shrinkwrap --dev`. +We've been talking about rewriting the cache for a loooong time. So here it is. +Lots of exciting stuff ahead. The rewrite will also enable some exciting future +features, but we'll talk about those when they're actually in the works. #15666 +is the main PR for all these changes. Additional PRs/commits are linked inline. -* [`b7dfae8`](https://github.com/npm/npm/commit/b7dfae8fd4dc0456605f7a921d20a829afd50864) - [#14327](https://github.com/npm/npm/pull/14327) - Use `readShrinkwrap` to read top level shrinkwrap. There's no reason for npm - to be doing its own bespoke heirloom-grade artisanal thing here. - ([@iarna](https://github.com/iarna)) -* [`0ae1f4b`](https://github.com/npm/npm/commit/0ae1f4b9d83af2d093974beb33f26d77fcc95bb9) [`4a54997`](https://github.com/npm/npm/commit/4a549970dc818d78b6de97728af08a1edb5ae7f0) [`f22a1ae`](https://github.com/npm/npm/commit/f22a1ae54b5d47f1a056a6e70868013ebaf66b79) [`3f61189`](https://github.com/npm/npm/commit/3f61189cb3843fee9f54288fefa95ade9cace066) - [#14327](https://github.com/npm/npm/pull/14327) - Treat shrinkwrap as canonical. That is, don't try to fill in for partial - shrinkwraps. Partial shrinkwraps should produce partial installs. If your - shrinkwrap contains NO `devDependencies` then we'll still try to install them - from your `package.json` instead of assuming you NEVER want `devDependencies`. - ([@iarna](https://github.com/iarna)) +* Package metadata, package download, and caching infrastructure replaced. -#### `npm tag` REMOVED (**BREAKING**) +* It's a bit faster. [Hopefully it will be noticeable](https://twitter.com/maybekatz/status/865393382260056064). 🤔 -* [`94255da`](https://github.com/npm/npm/commit/94255da8ffc2d9ed6a0434001a643c1ad82fa483) - [#14328](https://github.com/npm/npm/pull/14328) - Remove deprecated tag command. Folks must use the `dist-tag` command from now - on. - ([@iarna](https://github.com/iarna)) +* With the shrinkwrap and package-lock changes, tarballs will be looked up in the cache by content address (and verified with it). -#### NON-ZERO EXIT CODE ON OUTDATED DEPENDENCIES (**BREAKING**) +* Corrupted cache entries will [automatically be removed and re-fetched](https://twitter.com/maybekatz/status/854933138182557696) on integrity check failure. -* [`40a04d8`](https://github.com/npm/npm/commit/40a04d888d10a5952d5ca4080f2f5d2339d2038a) [`e2fa18d`](https://github.com/npm/npm/commit/e2fa18d9f7904eb048db7280b40787cb2cdf87b3) [`3ee3948`](https://github.com/npm/npm/commit/3ee39488b74c7d35fbb5c14295e33b5a77578104) [`3fa25d0`](https://github.com/npm/npm/commit/3fa25d02a8ff07c42c595f84ae4821bc9ee908df) - [#14013](https://github.com/npm/npm/pull/14013) - Do `exit 1` if any outdated dependencies are found by `npm outdated`. - ([@watilde](https://github.com/watilde)) -* [`c81838a`](https://github.com/npm/npm/commit/c81838ae96b253f4b1ac66af619317a3a9da418e) - [#14013](https://github.com/npm/npm/pull/14013) - Log non-zero exit codes at `verbose` level -- this isn't something command - line tools tend to do. It's generally the shell's job to display, if at all. - ([@zkat](https://github.com/zkat)) +* npm CLI now supports tarball hashes with any hash function supported by Node.js. That is, it will [use `sha512` for tarballs from registries that send a `sha512` checksum as the tarball hash](https://twitter.com/maybekatz/status/858137093624573953). Publishing with `sha512` is added by [npm/npm-registry-client#157](https://github.com/npm/npm-registry-client/pull/157) and may be backfilled by the registry for older entries. -#### SEND EXTRA HEADERS TO REGISTRY +* Remote tarball requests are now cached. This means that even if you're missing the `integrity` field in your shrinkwrap or package-lock, npm will be able to install from the cache. -For the purposes of supporting shiny new registry features, we've started -sending `Npm-Scope` and `Npm-In-CI` headers in outgoing requests. +* Downloads for large packages are streamed in and out of disk. npm is now able to install packages of """any""" size without running out of memory. Support for publishing them is pending (due to registry limitations). -* [`846f61c`](https://github.com/npm/npm/commit/846f61c1dd4a033f77aa736ab01c27ae6724fe1c) - [npm/npm-registry-client#145](https://github.com/npm/npm-registry-client/pull/145) - [npm/npm-registry-client#147](https://github.com/npm/npm-registry-client/pull/147) - `npm-registry-client@7.3.0`: - * Allow npm to add headers to outgoing requests. - * Add `Npm-In-CI` header that reports whether we're running in CI. - ([@iarna](https://github.com/iarna)) -* [`6b6bb08`](https://github.com/npm/npm/commit/6b6bb08af661221224a81df8adb0b72019ca3e11) - [#14129](https://github.com/npm/npm/pull/14129) - Send `Npm-Scope` header along with requests to registry. `Npm-Scope` is set to - the `@scope` of the current top level project. This will allow registries to - implement user/scope-aware features and services. - ([@iarna](https://github.com/iarna)) -* [`506de80`](https://github.com/npm/npm/commit/506de80dc0a0576ec2aab0ed8dc3eef3c1dabc23) - [#14129](https://github.com/npm/npm/pull/14129) - Add test to ensure `Npm-In-CI` header is being sent when CI is set in env. - ([@iarna](https://github.com/iarna)) +* [Automatic fallback-to-offline mode](https://twitter.com/maybekatz/status/854176565587984384). npm will seamlessly use your cache if you are offline, or if you lose access to a particular registry (for example, if you can no longer access a private npm repo, or if your git host is unavailable). -#### BUGFIXES +* A new `--prefer-offline` option will make npm skip any conditional requests (304 checks) for stale cache data, and *only* hit the network if something is missing from the cache. -* [`bc84012`](https://github.com/npm/npm/commit/bc84012c2c615024b08868acbd8df53a7ca8d146) - [#14117](https://github.com/npm/npm/pull/14117) - Fixes a bug where installing a shrinkwrapped package would fail if the - platform failed to install an optional dependency included in the shrinkwrap. - ([@watilde](https://github.com/watilde)) -* [`a40b32d`](https://github.com/npm/npm/commit/a40b32dc7fe18f007a672219a12d6fecef800f9d) - [#13519](https://github.com/npm/npm/pull/13519) - If a package has malformed metadata, `node.requiredBy` is sometimes missing. - Stop crashing when that happens. - ([@creationix](https://github.com/creationix)) +* A new `--prefer-online` option that will force npm to revalidate cached data (with 304 checks), ignoring any staleness checks, and refreshing the cache with revalidated, fresh data. -#### OTHER PATCHES +* A new `--offline` option will force npm to use the cache or exit. It will error with an `ENOTCACHED` code if anything it tries to install isn't already in the cache. -* [`643dae2`](https://github.com/npm/npm/commit/643dae2197c56f1c725ecc6539786bf82962d0fe) - [#14244](https://github.com/npm/npm/pull/14244) - Remove some ancient aliases that we'd rather not have around. - ([@zkat](https://github.com/zkat)) -* [`bdeac3e`](https://github.com/npm/npm/commit/bdeac3e0fb226e4777d4be5cd3c3bec8231c8044) - [#14230](https://github.com/npm/npm/pull/14230) - Detect unsupported Node.js versions and warn about it. Also error on really - old versions where we know we can't work. - ([@iarna](https://github.com/iarna)) +* A new `npm cache verify` command that will garbage collect your cache, reducing disk usage for things you don't need (-handwave-), and will do full integrity verification on both the index and the content. This is also hooked into `npm doctor` as part of its larger suite of checking tools. -#### DOC UPDATES +* The new cache is *very* fault tolerant and supports concurrent access. + * Multiple npm processes will not corrupt a shared cache. + * Corrupted data will not be installed. Data is checked on both insertion and extraction, and treated as if it were missing if found to be corrupted. I will literally bake you a cookie if you manage to corrupt the cache in such a way that you end up with the wrong data in your installation (installer bugs notwithstanding). + * `npm cache clear` is no longer useful for anything except clearing up disk space. -* [`9ca18ad`](https://github.com/npm/npm/commit/9ca18ada7cc1c10b2d32bbb59d5a99dd1c743109) - [#13746](https://github.com/npm/npm/pull/13746) - Updated docs for `npm search` options. - ([@zkat](https://github.com/zkat)) -* [`e02a47f`](https://github.com/npm/npm/commit/e02a47f9698ff082488dc2b1738afabb0912793e) - Move the `npm@3` changelog into the archived changelogs directory. - ([@zkat](https://github.com/zkat)) -* [`c12bbf8`](https://github.com/npm/npm/commit/c12bbf8c5a5dff24a191b66ac638f552bfb76601) - [#14290](https://github.com/npm/npm/pull/14290) - Document prepublish-on-install deprecation. - ([@othiym23](https://github.com/othiym23)) -* [`c246a75`](https://github.com/npm/npm/commit/c246a75ac8697f4ca11d316b7e7db5f24af7972b) - [#14129](https://github.com/npm/npm/pull/14129) - Document headers added by npm to outgoing registry requests. - ([@iarna](https://github.com/iarna)) +* Package metadata is cached separately per registry and package type: you can't have package name conflicts between locally-installed packages, private repo packages, and public repo packages. Identical tarball data will still be shared/deduplicated as long as their hashes match. -#### DEPENDENCIES +* HTTP cache-related headers and features are "fully" (lol) supported for both metadata and tarball requests -- if you have your own registry, you can define your own cache settings the CLI will obey! -* [`cb20c73`](https://github.com/npm/npm/commit/cb20c7373a32daaccba2c1ad32d0b7e1fc01a681) - [#13953](https://github.com/npm/npm/pull/13953) - `signal-exit@3.0.1` - ([@benjamincoe](https://github.com/benjamincoe)) +* `prepublishOnly` now runs *before* the tarball to publish is created, after `prepare` has run. diff --git a/deps/npm/TODO.org b/deps/npm/TODO.org index bbc1f73a8f..9ccceba595 100644 --- a/deps/npm/TODO.org +++ b/deps/npm/TODO.org @@ -1,4 +1,18 @@ * Finished + * [COMPLETED] npm: remove packageIntegrity + * [COMPLETED] npm: fix lifecycle stuff + * pack: + * pre-: immediately before tarball contents are packed. Need to re-read package.json immediately after + * pack: No pack lifecycle + * post-: immediately after tarball reaches its final destination (not immediately after packaging) + * prepare: `npm install`, immediately before `postinstall`, and immediately before `prepack`, never if `--prod`, after prepublish, before prepublishOnly + * prepublish: alias for `prepare` + * prepublishOnly: ONLY on `npm publish` (never on `npm pack`), runs before prepack (which takes care of re-reading package.json), re-reads package.json immediately after + * [COMPLETED] pacote: fix always-auth bug + * [COMPLETED] pacote: figure out why cache is being written as root + * [COMPLETED] npm: make `npm update` save files as the right type + * [COMPLETED] npm: update docs with npm5 changes + * [COMPLETED] npm: don't write "problems" into package-lock * [COMPLETED] npm: add `created-with`, `shrinkwrap-version`, and `package-integrity` * [COMPLETED] npm: warn on incompatible package-lock version * [COMPLETED] npm: warn if both shrinkwrap and package-lock are there @@ -46,6 +60,12 @@ * [COMPLETED] npm: fix bundle replacement issues (see: npm i nyc warning spam) * need fromBundle attribute on shrinkwrap and pass it through. the sw.version && sw.integrity-based fake node needs to have this there. * Backlog + * [TODO] make-fetch-happen: integrity failures are being thrown + * [TODO] write-file-atomic: review https://github.com/npm/write-file-atomic/pull/22 + * [TODO] pacote: write tests for git handlers + * https://github.com/zkat/pacote/issues/70 + * [TODO] pacote: offline feature support for git deps + * [TODO] npm: get logging working during the recalculateMetadata spam * [TODO] pacote: opts.extraHeaders * https://github.com/zkat/pacote/issues/79 * [TODO] pacote: ECONNRESET recovery @@ -59,14 +79,8 @@ * https://github.com/zkat/make-fetch-happen/issues/16 * [TODO] make-fetch-happen: retry notification * https://github.com/zkat/make-fetch-happen/issues/21 - * [TODO] npm: move addBundled call from inflate-shrinkwrap to extract - * fix the fucking bundling thing while at it + * [TODO] npm: more informative logging when building git deps * Needed for npm@5 - * [TODO] pacote: write tests for git handlers - * https://github.com/zkat/pacote/issues/70 - * [TODO] pacote: offline feature support for git deps - * [TODO] npm: get logging working during the recalculateMetadata spam - * [TODO] write-file-atomic: review https://github.com/npm/write-file-atomic/pull/22 * Active - * [TODO] npm: make `npm update` save files as the right type - * [TODO] node: track down lifecycle signal failure + * [TODO] npm: figure out https://github.com/npm/npm/issues/16665 + * [TODO] npm: first-run notice about npm5 still having known issues diff --git a/deps/npm/appveyor.yml b/deps/npm/appveyor.yml index eefca16071..d808b2dbcc 100644 --- a/deps/npm/appveyor.yml +++ b/deps/npm/appveyor.yml @@ -15,7 +15,6 @@ install: - ps: Install-Product node $env:nodejs_version $env:platform - npm config set spin false - npm rebuild - - npm i -g "npm/npm#release-beta-5" - node . install -g . - set "PATH=%APPDATA%\npm;C:\Program Files\Git\mingw64\libexec;%PATH%" - npm install --loglevel=http diff --git a/deps/npm/changelogs/CHANGELOG-4.md b/deps/npm/changelogs/CHANGELOG-4.md new file mode 100644 index 0000000000..e55bcab3da --- /dev/null +++ b/deps/npm/changelogs/CHANGELOG-4.md @@ -0,0 +1,1566 @@ +## v4.6.1 (2017-04-21) + +A little release to tide you over while we hammer out the last bits for npm@5. + +### FEATURES + +* [`d13c9b2f2`](https://github.com/npm/npm/commit/d13c9b2f24b6380427f359b6e430b149ac8aaa79) + `init-package-json@1.10.0`: + The `name:` prompt is now `package name:` to make this less ambiguous for new users. + + The default package name is now a valid package name. For example: If your package directory + has mixed case, the default package name will be all lower case. +* [`f08c66323`](https://github.com/npm/npm/commit/f08c663231099f7036eb82b92770806a3a79cdf1) + [#16213](https://github.com/npm/npm/pull/16213) + Add `--allow-same-version` option to `npm version` so that you can use `npm version` to run + your version lifecycles and tag your git repo without actually changing the version number in + your `package.json`. + ([@lucastheisen](https://github.com/lucastheisen)) +* [`f5e8becd0`](https://github.com/npm/npm/commit/f5e8becd05e0426379eb0c999abdbc8e87a7f6f2) + Timing has been added throughout the install implementation. You can see it by running + a command with `--loglevel=timing`. You can also run commands with `--timing` which will write + an `npm-debug.log` even on success and add an entry to `_timing.json` in your cache with + the timing information from that run. + ([@iarna](https://github.com/iarna)) + +### BUG FIXES + +* [`9c860f2ed`](https://github.com/npm/npm/commit/9c860f2ed3bdea1417ed059b019371cd253db2ad) + [#16021](https://github.com/npm/npm/pull/16021) + Fix a crash in `npm doctor` when used with a registry that does not support + the `ping` API endpoint. + ([@watilde](https://github.com/watilde)) +* [`65b9943e9`](https://github.com/npm/npm/commit/65b9943e9424c67547b0029f02b0258e35ba7d26) + [#16364](https://github.com/npm/npm/pull/16364) + Shorten the ELIFECYCLE error message. The shorter error message should make it much + easier to discern the actual cause of the error. + ([@j-f1](https://github.com/j-f1)) +* [`a87a4a835`](https://github.com/npm/npm/commit/a87a4a8359693518ee41dfeb13c5a8929136772a) + `npmlog@4.0.2`: + Fix flashing of the progress bar when your terminal is very narrow. + ([@iarna](https://github.com/iarna)) +* [`41c10974f`](https://github.com/npm/npm/commit/41c10974fe95a2e520e33e37725570c75f6126ea) + `write-file-atomic@1.3.2`: + Wait for `fsync` to complete before considering our file written to disk. + This will improve certain sorts of Windows diagnostic problems. +* [`2afa9240c`](https://github.com/npm/npm/commit/2afa9240ce5b391671ed5416464f2882d18a94bc) + [#16336](https://github.com/npm/npm/pull/16336) + Don't ham-it-up when expecting JSON. + ([@bdukes](https://github.com/bdukes)) + +### DOCUMENTATION FIXES + +* [`566f3eebe`](https://github.com/npm/npm/commit/566f3eebe741f935b7c1e004bebf19b8625a1413) + [#16296](https://github.com/npm/npm/pull/16296) + Use a single convention when referring to the `<command>` you're running. + ([@desfero](https://github.com/desfero)) +* [`ccbb94934`](https://github.com/npm/npm/commit/ccbb94934d4f677f680c3e2284df3d0ae0e65758) + [#16267](https://github.com/npm/npm/pull/16267) + Fix a missing space in the example package.json. + ([@famousgarkin](https://github.com/famousgarkin)) + +### DEPENDENCY UPDATES + +* [`ebde4ea33`](https://github.com/npm/npm/commit/ebde4ea3363dfc154c53bd537189503863c9b3a4) + `hosted-git-info@2.4.2` +* [`c46ad71bb`](https://github.com/npm/npm/commit/c46ad71bbe27aaa9ee10e107d8bcd665d98544d7) + `init-package-json@1.9.6` +* [`d856d570d`](https://github.com/npm/npm/commit/d856d570d2df602767c039cf03439d647bba2e3d) + `npm-registry-client@8.1.1` +* [`4a2e14436`](https://github.com/npm/npm/commit/4a2e1443613a199665e7adbda034d5b9d10391a2) + `readable-stream@2.2.9` +* [`f0399138e`](https://github.com/npm/npm/commit/f0399138e6d6f1cd7f807d523787a3b129996301) + `normalize-package-data@2.3.8` + +### v4.5.0 (2017-03-24) + +Welcome a wrinkle on npm's registry API! + +Codename: Corgi + + + +This release has some bug fixes, but it's mostly about bringing support for +MUCH smaller package metadata. How much smaller? Well, for npm itself it +reduces 416K of gzip compressed JSON to 24K. + +As a user, all you have to do is update to get to use the new API. If +you're interested in the details we've [documented the +changes](https://github.com/npm/registry/blob/master/docs/responses/package-metadata.md) +in detail. + +#### CORGUMENTS + +Package metadata: now smaller. This means a smaller cache and less to download. + +* [`86dad0d74`](https://github.com/npm/npm/commit/86dad0d747f288eab467d49c9635644d3d44d6f0) + Add support for filtered package metadata. + ([@iarna](https://github.com/iarna)) +* [`41789cffa`](https://github.com/npm/npm/commit/41789cffac9845603f4bdf3f5b03f412144a0e9f) + `npm-registry-client@8.1.0` + ([@iarna](https://github.com/iarna)) + +#### NO SHRINKWRAP, NO PROBLEM + +Previously we needed to extract every package's tarball to look for an +`npm-shrinkwrap.json` before we could begin working through what its +dependencies were. This was one of the things stopping npm's network +accesses from happening more concurrently. The new filtered package +metadata provides a new key, `_hasShrinkwrap`. When that's set to `false` +then we know we don't have to look for one. + +* [`4f5060eb3`](https://github.com/npm/npm/commit/4f5060eb31b9091013e1d6a34050973613a294a3) + [#15969](https://github.com/npm/npm/pull/15969) + Add support for skipping `npm-shrinkwrap.json` extraction when the + registry can affirm that one doesn't exist. + ([@iarna](https://github.com/iarna)) + +#### INTERRUPTING SCRIPTS + +* [`878aceb25`](https://github.com/npm/npm/commit/878aceb25e6d6052dac15da74639ce274c8e62c5) + [#16129](https://github.com/npm/npm/pull/16129) + Better handle Ctrl-C while running scripts. `npm` will now no longer exit + until the script it is running has exited. If you press Ctrl-C a second + time it kill the script rather than just forwarding the Ctrl-C. + ([@jaridmargolin](https://github.com/jaridmargolin)) + +#### DEPENDENCY UPDATES: + +* [`def75eebf`](https://github.com/npm/npm/commit/def75eebf1ad437bf4fd3f5e103cc2d963bd2a73) + `hosted-git-info@2.4.1`: + Preserve case of the user name part of shortcut specifiers, previously they were lowercased. + ([@iarna](https://github.com/iarna)) +* [`eb3789fd1`](https://github.com/npm/npm/commit/eb3789fd18cfb063de9e6f80c3049e314993d235) + `node-gyp@3.6.0`: Add support for VS2017 and Chakracore improvements. + ([@refack](https://github.com/refack)) + ([@kunalspathak](https://github.com/kunalspathak)) +* [`245e25315`](https://github.com/npm/npm/commit/245e25315524b95c0a71c980223a27719392ba75) + `readable-stream@2.2.6` ([@mcollina](https://github.com/mcollina)) +* [`30357ebc5`](https://github.com/npm/npm/commit/30357ebc5691d7c9e9cdc6e0fe7dc6253220c9c2) + `which@1.2.14` ([@isaacs](https://github.com/isaacs)) + +### v4.4.4 (2017-03-16) + +😩😤😅 Okay! We have another `next` +release for ya today. So, yes! With v4.4.3 we fixed the bug that made +bundled scoped modules uninstallable. But somehow I overlooked the fact +that we: A) were using these and B) that made upgrading to v4.4.3 impossible. 😭 + +So I've renamed those two scoped modules to no longer use scopes and we now +have a shiny new test to ensure that scoped modules don't creep into our +transitive deps and make it impossible to upgrade to `npm`. + +(None of our woes applies to most of you all because most of you all don't +use bundled dependencies. `npm` does because we want the published artifact to be +installable without having to already have `npm`.) + +* [`2a7409fcb`](https://github.com/npm/npm/commit/2a7409fcba6a8fab716c80f56987b255983e048e) + [#16066](https://github.com/npm/npm/pull/16066) + Ensure we aren't using any scoped modules + Because `npm`s prior 4.4.3 can't install dependencies that have bundled scoped + modules. This didn't show up sooner because they ALSO had a bug that caused + bundled scoped modules to not be included in the bundle. + ([@iarna](https://github.com/iarna)) +* [`eb4c70796`](https://github.com/npm/npm/commit/eb4c70796c38f24ee9357f5d4a0116db582cc7a9) + [#16066](https://github.com/npm/npm/pull/16066) + Switch to move-concurrently to remove scoped dependency + ([@iarna](https://github.com/iarna)) + +### v4.4.3 (2017-03-15) + +This is a small patch release, mostly because the published tarball for +v4.4.2 was missing a couple of modules, due to a bug involving scoped +modules, bundled dependencies and legacy tree layouts. + +There are a couple of other things here that happened to be ready to go. So +without further ado… + +#### BUG FIXES + +* [`3d80f8f70`](https://github.com/npm/npm/commit/3d80f8f70679ad2b8ce7227d20e8dbce257a47b9) + [npm/fs-vacuum#6](https://github.com/npm/fs-vacuum/pull/6) + `fs-vacuum@1.2.1`: Make sure we never, ever remove home directories. Previously if your + home directory was entirely empty then we might `rmdir` it. + ([@helio-frota](https://github.com/helio-frota)) +* [`1af85ca9f`](https://github.com/npm/npm/commit/1af85ca9f4d625f948e85961372de7df3f3774e2) + [#16040](https://github.com/npm/npm/pull/16040) + Fix bug where bundled transitive dependencies that happened to be + installed under bundled scoped dependencies wouldn't be included in the + tarball when building a package. + ([@iarna](https://github.com/iarna)) +* [`13c7fdc2e`](https://github.com/npm/npm/commit/13c7fdc2e87456a87b1c9385a3daeae228ed7c95) + [#16040](https://github.com/npm/npm/pull/16040) + Fix a bug where bundled scoped dependencies couldn't be extracted. + ([@iarna](https://github.com/iarna)) +* [`d6cde98c2`](https://github.com/npm/npm/commit/d6cde98c2513fe160eab41e31c3198dfde993207) + [#16040](https://github.com/npm/npm/pull/16040) + Stop printing `ENOENT` errors more than once. + ([@iarna](https://github.com/iarna)) +* [`722fbf0f6`](https://github.com/npm/npm/commit/722fbf0f6cf4413cdc24b610bbd60a7dbaf2adfe) + [#16040](https://github.com/npm/npm/pull/16040) + Rewrite the `extract` action for greater clarity. + Specifically, this involves moving things around structurally to do the same + thing [`d0c6d194`](https://github.com/npm/npm/commit/d0c6d194) did, but in a more comprehensive manner. + This also fixes a long standing bug where errors from the move step would be + eaten during this phase and as a result we would get mysterious crashes in + the finalize phase when finalize tried to act on them. + ([@iarna](https://github.com/iarna)) +* [`6754dabb6`](https://github.com/npm/npm/commit/6754dabb6bd3301504efb3b62f36d3fe70958c19) + [#16040](https://github.com/npm/npm/pull/16040) + Flatten out `@npmcorp/move`'s deps for backwards compatibility reasons. Versions prior to this + one will fail to install any package that bundles a scoped dependency. This was responsible + for `ENOENT` errors during the `finalize` phase. + ([@iarna](https://github.com/iarna)) + +#### DOC UPDATES + +* [`fba51c582`](https://github.com/npm/npm/commit/fba51c582d1d08dd4aa6eb27f9044dddba91bb18) + [#15960](https://github.com/npm/npm/pull/15960) + Update troubleshooting and contribution guide links. + ([@watilde](https://github.com/watilde)) + + +### v4.4.2 (2017-03-09): + +This week, the focus on the release was mainly going through [all of npm's deps +that we manage +ourselves](https://github.com/npm/npm/wiki/npm-maintained-dependencies), and +making sure all their PRs and versions were up to date. That means there's a few +fixes here and there. Nothing too big codewise, though. + +The most exciting part of this release is probably our [shiny new +Contributing](https://github.com/npm/npm/blob/latest/CONTRIBUTING.md) and +[Troubleshooting](https://github.com/npm/npm/blob/latest/TROUBLESHOOTING.md) +docs! [@snopeks](https://github.com/snopeks) did some ✨fantastic✨ work hashing it +out, and we're really hoping this is a nice big step towards making contributing +to npm easier. The troubleshooting doc will also hopefully solve common issues +for people! Do you think something is missing from it? File a PR and we'll add +it! The current document is just a baseline for further editing and additions. + +Also there's maybe a bit of an easter egg in this release. 'Cause those are fun and I'm a huge nerd. 😉 + +#### DOCUMENTATION AHOY + +* [`07e997a`](https://github.com/npm/npm/commit/07e997a7ecedba7b29ad76ffb2ce990d5c0200fc) + [#15756](https://github.com/npm/npm/pull/15756) + Overhaul `CONTRIBUTING.md` and add new `TROUBLESHOOTING.md` files. 🙌🏼 + ([@snopeks](https://github.com/snopeks)) +* [`2f3e4b6`](https://github.com/npm/npm/commit/2f3e4b645cdc268889cf95ba24b2aae572d722ad) + [#15833](https://github.com/npm/npm/pull/15833) + Mention the [24-hour unpublish + policy](http://blog.npmjs.org/post/141905368000/changes-to-npms-unpublish-policy) + on the main registry. + ([@carols10cents](https://github.com/carols10cents)) + +#### NOT REALLY FEATURES, NOT REALLY BUGFIXES. MORE LIKE TWEAKS? 🤔 + +* [`84be534`](https://github.com/npm/npm/commit/84be534aedb78c65cd8012427fc04871ceeccf90) + [#15888](https://github.com/npm/npm/pull/15888) + Stop flattening `ls`-tree output. From now on, deduped deps will be marked as + such in the place where they would've been before getting hoisted by the + installer. + ([@iarna](https://github.com/iarna)) +* [`e9a5dca`](https://github.com/npm/npm/commit/e9a5dca369ead646ab5922326cede1406c62bd3b) + [#15967](https://github.com/npm/npm/pull/15967) + Limit metadata fetches to 10 concurrent requests. + ([@iarna](https://github.com/iarna)) +* [`46aa9bc`](https://github.com/npm/npm/commit/46aa9bcae088740df86234fc199f7aef53b116df) + [#15967](https://github.com/npm/npm/pull/15967) + Limit concurrent installer actions to 10. + ([@iarna](https://github.com/iarna)) + +#### BUGFIXES + +* [`c3b994b`](https://github.com/npm/npm/commit/c3b994b71565eb4f943cce890bb887d810e6e2d4) + [#15901](https://github.com/npm/npm/pull/15901) + Use EXDEV aware move instead of rename. This will allow moving across devices + and moving when filesystems don't support renaming directories full of files. It might make folks using Docker a bit happier. + ([@iarna](https://github.com/iarna)) +* [`0de1a9c`](https://github.com/npm/npm/commit/0de1a9c1db90e6705c65c068df1fe82899e60d68) + [#15735](https://github.com/npm/npm/pull/15735) + Autocomplete support for npm scripts with `:` colons in the name. + ([@beyondcompute](https://github.com/beyondcompute)) +* [`84b0b92`](https://github.com/npm/npm/commit/84b0b92e7f78ec4add42e8161c555325c99b7f98) + [#15874](https://github.com/npm/npm/pull/15874) + Stop using [undocumented](https://github.com/nodejs/node/pull/11355) + `res.writeHeader` alias for `res.writeHead`. + ([@ChALkeR](https://github.com/ChALkeR)) +* [`895ffe4`](https://github.com/npm/npm/commit/895ffe4f3eecd674796395f91c30eda88aca6b36) + [#15824](https://github.com/npm/npm/pull/15824) + Fix empty versions column in `npm search` output. + ([@bcoe](https://github.com/bcoe)) +* [`38c8d7a`](https://github.com/npm/npm/commit/38c8d7adc1f43ab357d1e729ae7cd5d801a26e68) + `init-package-json@1.9.5`: [npm/init-package-json#61](https://github.com/npm/init-package-json/pull/61) Exclude existing `devDependencies` from being added to `dependencies`. Fixes [#12260](https://github.com/npm/npm/issues/12260). + ([@addaleax](https://github.com/addaleax)) + +### v4.4.1 (2017-03-06): + +This is a quick little patch release to forgo the update notification +checker if you're on an unsuported (but not otherwise broken) version of +Node.js. Right now that means 0.10 or 0.12. + +* [`56ac249`](https://github.com/npm/npm/commit/56ac249ef8ede1021f1bc62a0e4fe1e9ba556af2) + [#15864](https://github.com/npm/npm/pull/15864) + Only use `update-notifier` on supported versions. + ([@legodude17](https://github.com/legodude17)) + +### v4.4.0 (2017-02-23): + +Aaaah, [@iarna](https://github.com/iarna) here, it's been a little while +since I did one of these! This is a nice little release, we've got an +update notifier, vastly less verbose error messages, new warnings on package +metadata that will probably give you a bad day, and a sprinkling of bug +fixes. + +#### UPDATE NOTIFICATIONS + +We now have a little nudge to update your `npm`, courtesy of +[update-notifier](https://www.npmjs.com/package/update-notifier). + +* [`148ee66`](https://github.com/npm/npm/commit/148ee663740aa05877c64f16cdf18eba33fbc371) + [#15774](https://github.com/npm/npm/pull/15774) + `npm` will now check at start up to see if a newer version is available. + It will check once a day. If you want to disable this, set `optOut` to `true` in + `~/.config/configstore/update-notifier-npm.json`. + ([@ceejbot](https://github.com/ceejbot)) + +#### LESS VERBOSE ERROR MESSAGES + +`npm` has, for a long time, had very verbose error messages. There was a +lot of info in there, including the cause of the error you were seeing but +without a lot of experience reading them pulling that out was time consuming +and difficult. + +With this change the output is cut down substantially, centering the error +message. So, for example if you try to `npm run sdlkfj` then the entire +error you'll get will be: + +``` +npm ERR! missing script: sldkfj + +npm ERR! A complete log of this run can be found in: +npm ERR! /Users/rebecca/.npm/_logs/2017-02-24T00_41_36_988Z-debug.log +``` + +The CLI team has discussed cutting this down even further and stripping the +`npm ERR!` prefix off those lines too. We'd appreciate your feedback on +this! + +* [`e544124`](https://github.com/npm/npm/commit/e544124592583654f2970ec332003cfd00d04f2b) + [#15716](https://github.com/npm/npm/pull/15716) + Make error output less verbose. + ([@iarna](https://github.com/iarna)) +* [`166bda9`](https://github.com/npm/npm/commit/166bda97410d0518b42ed361020ade1887e684af) + [#15716](https://github.com/npm/npm/pull/15716) + Stop encouraging users to visit the issue tracker unless we know for + certain that it's an npm bug. + ([@iarna](https://github.com/iarna)) + +#### OTHER NEW FEATURES + +* [`53412eb`](https://github.com/npm/npm/commit/53412eb22c1c75d768e30f96d69ed620dfedabde) + [#15772](https://github.com/npm/npm/pull/15772) + We now warn if you have a module listed in both dependencies and + devDependencies. + ([@TedYav](https://github.com/TedYav)) +* [`426b180`](https://github.com/npm/npm/commit/426b1805904a13bdc5c0dd504105ba037270cbee) + [#15757](https://github.com/npm/npm/pull/15757) + Default reporting metrics to default registry. Previously it defaulted to using + `https://registry.npmjs.org`, now it will default to the result of + `npm config get registry`. For most folks this won't actually change anything, but it + means that folks who use a private registry will have metrics routed there by default. + This has the potential to be interesting because it means that in the + future private registry products ([npme](https://npme.npmjs.com/docs/)!) + will be able to report on these metrics. + ([@iarna](https://github.com/iarna)) + +#### BUG FIXES + +* [`8ea0de9`](https://github.com/npm/npm/commit/8ea0de98563648ba0db032acd4d23d27c4a50a66) + [#15716](https://github.com/npm/npm/pull/15716) + Write logs for `cb() never called` errors. +* [`c4e83dc`](https://github.com/npm/npm/commit/c4e83dca830b24305e3cb3201a42452d56d2d864) + Make it so that errors while reading the existing node_modules tree can't + result in installer crashes. + ([@iarna](https://github.com/iarna)) +* [`2690dc2`](https://github.com/npm/npm/commit/2690dc2684a975109ef44953c2cf0746dbe343bb) + Update `npm doctor` to not treat broken symlinks in your global modules as + a permission failure. This is particularly important if you link modules and your text + editor uses the convention of creating symlinks from `.#filename.js` to a + machine name and pid to lock files (eg emacs and compatible things). + ([@iarna](https://github.com/iarna)) +* [`f4c3f48`](https://github.com/npm/npm/commit/f4c3f489aa5787cf0d60e8436be2190e4b0d0ff7) + [#15777](https://github.com/npm/npm/pull/15777) + Not exactly a bug, but change a parameterless `.apply` to `.call`. + ([@notarseniy](https://github.com/notarseniy)) + +#### DEPENDENCY UPDATES + +* [`549dcff`](https://github.com/npm/npm/commit/549dcff58c7aaa1e7ba71abaa14008fdf2697297) + `rimraf@2.6.0`: + Retry EBUSY, ENOTEMPTY and EPERM on non-Windows platforms too. + More reliable `rimraf.sync` on Windows. + ([@isaacs](https://github.com/isaacs)) +* [`052dfb6`](https://github.com/npm/npm/commit/052dfb623da508f2b5f681da0258125552a18a4a) + `validate-npm-package-name@3.0.0`: + Remove ableist language in README. + Stop allowing ~'!()* in package names. + ([@tomdale](https://github.com/tomdale)) + ([@chrisdickinson](https://github.com/chrisdickinson)) +* [`6663ea6`](https://github.com/npm/npm/commit/6663ea6ac0f0ecec5a3f04a3c01a71499632f4dc) + `abbrev@1.1.0` ([@isaacs](https://github.com/isaacs)) +* [`be6de9a`](https://github.com/npm/npm/commit/be6de9aab9e20b6eac70884e8626161eebf8721a) + `opener@1.4.3` ([@dominic](https://github.com/dominic)) +* [`900a5e3`](https://github.com/npm/npm/commit/900a5e3e3411ec221306455f99b24b9ce35757c0) + `readable-stream@2.2.3` ([@RangerMauve](https://github.com/RangerMauve)) ([@mcollina](https://github.com/mcollina)) +* [`c972a8b`](https://github.com/npm/npm/commit/c972a8b0f20a61a79c45b6642f870bea8c55c7e4) + `tacks@1.2.6` + ([@iarna](https://github.com/iarna)) +* [`85a36ef`](https://github.com/npm/npm/commit/85a36efdac0c24501876875cb9ad40292024e0b0) + [`7ac9265`](https://github.com/npm/npm/commit/7ac9265c56b4d9eeaca6fcfb29513f301713e7bb) + `tap@10.2.0` + ([@isaacs](https://github.com/saacs)) + +### v4.3.0 (2017-02-09): + +Yay! Release time! It's a rainy day, and we have another smallish release for +y'all. These things are not necessarily related. Or are they 🌧🤔 + +As far as news go, you may have noticed that the CLI team dropped support for +`node@0.12` when that version went out of maintenance. Still, we've avoided +explicitly breaking it and `node@0.10` so far -- but not much longer. + +Sometime soon, the CLI team plans on switching over to language features only +available as of `node@4 LTS`, and will likely start dropping old versions of node +as they go out of maintenance. The new features are exciting! We're really +looking forward to using them in the core CLI (and its dependencies) as we keep up +with our current feature work. + +And speaking of features, this release is a minor bump due to a small change in +how `npm login` works for the sake of supporting OAuth-based login for npm +Enterprise users. But we won't leave the rest of y'all out -- we're working on a +larger version of this feature. Soon enough, you'll be able to log in to npm +with, say, GitHub -- and use some shiny features that come from the integration. +Or turn on 2FA and other such security features. Keep your eyes peeled for new +on this in the next few releases and our weekly newsletter! + +#### NEW AUTH TYPES + +There's a new command line option: `--auth-type`, which can be used to log in to +a supporting registry with OAuth2 or SAML. The current implementation is mainly +meant to support npmE customers, so if you're one of those: ask us about using +it! If not, just hold off cause we'll have a much more complete version of this +feature out soon. + +* [`ac8595e`](https://github.com/npm/npm/commit/ac8595e3c9b615ff95abc3301fac1262c434792c) [`bcf2dd8`](https://github.com/npm/npm/commit/bcf2dd8a165843255c06515fa044c6e4d3b71ca4) [`9298d20`](https://github.com/npm/npm/commit/9298d20af58b92572515bfa9cf7377bd4221dc7d) [`66b61bc`](https://github.com/npm/npm/commit/66b61bc42e81ee8a1ee00fc63517f62284140688) [`dc85de7`](https://github.com/npm/npm/commit/dc85de7df6bb61f7788611813ee82ae695a18f1f) + [#13389](https://github.com/npm/npm/pull/13389) + Implement single-sign-on support with `--auth-type` option. + ([@zkat](https://github.com/zkat)) + +#### FASTER STARTUP. SOMETIMES! + +`request` is pretty heavy. And it loads a bunch of things. It's actually a +pretty big chunk of npm's load time. This small patch by Rebecca will make it so +npm only loads that module when we're actually intending to make network +requests. Those of you who use npm commands that run offline might see a small +speedup in startup time. + +* [`ac73568`](https://github.com/npm/npm/commit/ac735682e666e8724549d56146821f3b8b018e25) + [#15631](https://github.com/npm/npm/pull/15631) + Lazy load `caching-registry-client`. + ([@iarna](https://github.com/iarna)) + +#### DOCUMENTATION + +* [`4ad9247`](https://github.com/npm/npm/commit/4ad9247aa82f7553c9667ee93c74ec7399d6ceec) + [#15630](https://github.com/npm/npm/pull/15630) + Fix formatting/rendering for root npm README. + ([@ungoldman](https://github.com/ungoldman)) + +#### DEPENDENCY UPDATES + +* [`8cc1112`](https://github.com/npm/npm/commit/8cc1112958638ff88ac2c24c4a065acacb93d64b) + [npm/hosted-git-info#21](https://github.com/npm/hosted-git-info/pull/21) + `hosted-git-info@2.2.0`: + Add support for `.tarball()` URLs. + ([@zkat](https://github.com/zkat)) +* [`6eacc1b`](https://github.com/npm/npm/commit/6eacc1bc1925fe3cc79fc97bdc3194d944fce55e) + `npm-registry-mock@1.1.0` + ([@addaleax](https://github.com/addaleax)) +* [`a9b6d77`](https://github.com/npm/npm/commit/a9b6d775e61cf090df0e13514c624f99bf31d1e7) + `aproba@1.1.1` + ([@iarna](https://github.com/iarna)) + +### v4.2.0 (2017-01-26): + +Hi all! I'm Kat, and I'm currently sitting in a train traveling at ~300km/h +through Spain. So clearly, this release should have *something* to do with +speed. And it does! Heck, with this release, you could say we're really +_blazing_, even. 🌲🔥😏 + +#### IMPROVED CLI SEARCH~ + +You might recall if you've been keeping up that one of the reasons for a +semver-major bump to `npm@4` was an improved CLI search (read: no longer blowing +up Node). The work done for that new search system, while still relying on a +full metadata download and local search, was also meant to act as groundwork for +then-ongoing work on a brand-new, smarter search system for npm. Shortly after +`npm@4` came out, the bulk of the server-side work was done, and with this +release, the npm CLI has integrated use of the new endpoint for high-quality, +fast-turnaround searches. + +No, seriously, it's *fast*. And *relevant*: + +[](https://github.com/npm/npm/pull/15481) + +Give it a shot! And remember to check out the new website version of the search, +too, which uses the same backend as the CLI now. 🎉 + +Incidentally, the backend is a public service, so you can write your own search +tools, be they web-based, CLI, or GUI-based. You can read up on the [full +documentation for the search +endpoint](https://github.com/npm/registry/blob/master/docs/REGISTRY-API.md#get-v1search), +and let us know about the cool things you come up with! + +* [`ce3ca51`](https://github.com/npm/npm/commit/ce3ca51ca2d60e15e901c8bf6256338e53e1eca2) + [#15481](https://github.com/npm/npm/pull/15481) + Add an internal `gunzip-maybe` utility for optional gunzipping. + ([@zkat](https://github.com/zkat)) +* [`e322932`](https://github.com/npm/npm/commit/e3229324d507fda10ea9e94fd4de8a4ae5025c75) [`a53055e`](https://github.com/npm/npm/commit/a53055e423f1fe168f05047aa0dfec6d963cb211) [`a1f4365`](https://github.com/npm/npm/commit/a1f436570730c6e4a173ca92d1967a87c29b7f2d) [`c56618c`](https://github.com/npm/npm/commit/c56618c62854ea61f6f716dffe7bcac80b5f4144) + [#15481](https://github.com/npm/npm/pull/15481) + Add support for using the new npm search endpoint for fast, quality search + results. Includes a fallback to "classic" search. + ([@zkat](https://github.com/zkat)) + +#### WHERE DID THE DEBUG LOGS GO + +This is another pretty significant change: Usually, when the npm process +crashed, you would get an `npm-debug.log` in your current working directory. +This debug log would get cleared out as soon as you ran npm again. This was a +bit annoying because 1) you would get a random file in your `git status` that +you might accidentally commit, and 2) if you hit a hard-to-reproduce bug and +instinctually tried again, you would no longer have access to the repro +`npm-debug.log`. + +So now, any time a crash happens, we'll save your debug logs to your cache +folder, under `_logs` (`~/.npm` on *nix, by default -- use `npm config get +cache` to see what your current value is). The cache will now hold a +(configurable) number of `npm-debug.log` files, which you can access in the +future. Hopefully this will help clean stuff up and reduce frustration from +missed repros! In the future, this will also be used by `npm report` to make it +super easy to put up issues about crashes you run into with npm. 💃🕺🏿👯♂️ + +* [`04fca22`](https://github.com/npm/npm/commit/04fca223a0f704b69340c5f81b26907238fad878) + [#11439](https://github.com/npm/npm/pull/11439) + Put debug logs in `$(npm get cache)/_logs` and store multiple log files. + ([@KenanY](https://github.com/KenanY)) + ([@othiym23](https://github.com/othiym23)) + ([@isaacs](https://github.com/isaacs)) + ([@iarna](https://github.com/iarna)) + +#### DOCS + +* [`ae8e71c`](https://github.com/npm/npm/commit/ae8e71c2b7d64d782af287a21e146d7cea6e5273) + [#15402](https://github.com/npm/npm/pull/15402) + Add missing backtick in one of the `npm doctor` messages. + ([@watilde](https://github.com/watilde), [@charlotteis](https://github.com/charlotteis)) +* [`821fee6`](https://github.com/npm/npm/commit/821fee6d0b12a324e035c397ae73904db97d07d2) + [#15480](https://github.com/npm/npm/pull/15480) + Clarify that unscoped packages can depend on scoped packages and vice-versa. + ([@chocolateboy](https://github.com/chocolateboy)) +* [`2ee45a8`](https://github.com/npm/npm/commit/2ee45a884137ae0706b7c741c671fef2cb3bac96) + [#15515](https://github.com/npm/npm/pull/15515) + Update minimum supported Node version number in the README to `node@>=4`. + ([@watilde](https://github.com/watilde)) +* [`af06aa9`](https://github.com/npm/npm/commit/af06aa9a357578a8fd58c575f3dbe55bc65fc376) + [#15520](https://github.com/npm/npm/pull/15520) + Add section to `npm-scope` docs to explain that scope owners will own scoped + packages with that scope. That is, user `@alice` is not allowed to publish to + `@bob/my-package` unless explicitly made an owner by user (or org) `@bob`. + ([@hzoo](https://github.com/hzoo)) +* [`bc892e6`](https://github.com/npm/npm/commit/bc892e6d07a4c6646480703641a4d71129c38b6d) + [#15539](https://github.com/npm/npm/pull/15539) + Replace `http` with `https` and fix typos in some docs. + ([@watilde](https://github.com/watilde)) +* [`1dfe875`](https://github.com/npm/npm/commit/1dfe875b9ac61a0ab9f61a2eab02bacf6cce583c) + [#15545](https://github.com/npm/npm/pull/15545) + Update Node.js download link to point to the right place. + ([@watilde](https://github.com/watilde)) + +#### DEPENDENCIES + + * [`b824bfb`](https://github.com/npm/npm/commit/b824bfbeb2d89c92762e9170b026af98b5a3668a) + `ansi-regex@2.1.1` + * [`81ea3e8`](https://github.com/npm/npm/commit/81ea3e8e4ea34cd9c2b418512dcb508abcee1380) + `mississippi@1.3.0` + +#### MISC + +* [`98df212`](https://github.com/npm/npm/commit/98df212a91fd6ff4a02b9cd247f4166f93d3977a) + [#15492](https://github.com/npm/npm/pull/15492) + Update the "master" node version used for AppVeyor to `node@7`. + ([@watilde](https://github.com/watilde)) +* [`d75fc03`](https://github.com/npm/npm/commit/d75fc03eda5364f12ac266fa4f66e31c2e44e864) + [#15413](https://github.com/npm/npm/pull/15413) + `npm run-script` now exits with the child process' exit code on exit. + ([@kapals](https://github.com/kapals)) + +### v4.1.2 (2017-01-12) + +We have a twee little release this week as we come back from the holidays. + +#### 0.12 IS UNSUPPORTED NOW (really) + +After [jumping the gun a +little](https://github.com/npm/npm/releases/tag/v4.0.2), we can now +officially remove 0.12 from our supported versions list. The Node.js +project has now officially ended even maintenance support for 0.12 and thus, +so will we. To reiterate from the last time we did this: + +What this means: + +* Your contributions will no longer block on the tests passing on 0.12. +* We will no longer block dependency upgrades on working with 0.12. +* Bugs filed on the npm CLI that are due to incompatibilities with 0.12 + (and older versions) will be closed with a strong urging to upgrade to a + supported version of Node. +* On the flip side, we'll continue to (happily!) accept patches that + address regressions seen when running the CLI with Node.js 0.12. + +What this doesn't mean: + +* The CLI is going to start depending on ES2015+ features. npm continues + to work, in almost all cases, all the way back to Node.js 0.8, and our + long history of backwards compatibility is a source of pride for the + team. +* We aren't concerned about the problems of users who, for whatever + reason, can't update to newer versions of npm. As mentioned above, we're + happy to take community patches intended to address regressions. + +We're not super interested in taking sides on what version of Node.js +you "should" be running. We're a workflow tool, and we understand that +you all have a diverse set of operational environments you need to be +able to support. At the same time, we _are_ a small team, and we need +to put some limits on what we support. Tracking what's supported by our +runtime's own team seems most practical, so that's what we're doing. + +* [`c7bbba8`](https://github.com/npm/npm/commit/c7bbba8744b62448103a1510c65d9751288abb5d) + Remove 0.12 from our supported versions list. + ([@iarna](https://github.com/iarna)) + +#### WRITING TO SYMLINKED `package.json` (AND OTHER FILES) + +If your `package.json`, `npm-shrinkwrap.json` or `.npmrc` were a symlink and +you used an `npm` command that modified one of these (eg `npm config set` or +`npm install --save`) then previously we would have removed your symlink and +replaced it with an ordinary file. While making these files symlinks is pretty +uncommon, this was still surprising behavior. With this fix we now overwrite +the _destination_ of the symlink and preserve the symlink itself. + +* [`a583983`](https://github.com/npm/npm/commit/a5839833d3de7072be06884b91902c093aff1aed) + [write-file-atomic/#5](https://github.com/npm/write-file-atomic/issues/5) + [#10223](https://github.com/npm/npm/10223) + `write-file-atomic@1.3.1`: + When the target is a symlink, write-file-atomic now overwrites the + _destination_ of the symlink, instead of replacing the symlink itself. This + makes it's behavior match `fs.writeFile`. + + Fixed a bug where it would ALWAYS fs.stat to look up default mode and chown + values even if you'd passed them in. (It still used the values you passed + in, but did a needless stat.) + ([@iarna](https://github.com/iarna)) + +#### DEPENDENCY UPDATES + +* [`521f230`](https://github.com/npm/npm/commit/521f230dd57261e64ac9613b3db62f5312971dca) + `node-gyp@3.5.0`: + Improvements to how Python is located. New `--devdir` flag. + ([@bnoordhuis](https://github.com/bnoordhuis)) + ([@mhart](https://github.com/mhart)) +* [`ccd83e8`](https://github.com/npm/npm/commit/ccd83e8a70d35fb0904f8a9adb2ff7ac8a6b2706) + `JSONStream@1.3.0`: + Add new emitPath option. + ([@nathanwills](https://github.com/nathanwills)) + +#### TEST IMPROVEMENTS + +* [`d76e084`](https://github.com/npm/npm/commit/d76e08463fd65705217624b861a1443811692f34) + Disable metric reporting for test suite even if the user has it enabled. + ([@iarna](https://github.com/iarna)) + +### v4.1.1 (2016-12-16) + +This fixes a bug in the metrics reporting where, if you had enabled it then +installs would create a metrics reporting process, that would create a +metrics reporting process, that would… well, you get the idea. The only +way to actually kill these processes is to turn off your networking, then +on MacOS/Linux kill them with `kill -9`. Alternatively you can just reboot. + +Anyway, this is a quick release to fix that bug: + +* [`51c393f`](https://github.com/npm/npm/commit/51c393feff5f4908c8a9fb02baef505b1f2259be) + [#15237](https://github.com/npm/npm/pull/15237) + Don't launch a metrics sender process if we're running from a metrics + sender process. + ([@iarna](https://github.com/iarna)) + +### v4.1.0 (2016-12-15) + +I'm really excited about `npm@4.1.0`. I know, I know, I'm kinda overexcited +in my changelogs, but this one is GREAT. We've got a WHOLE NEW subcommand, I +mean, when was the last time you saw that? YEARS! And we have the beginnings +of usage metrics reporting. Then there's a fix for a really subtle bug that +resulted in `shasum` errors. And then we also have a few more bug fixes and +other improvements. + +#### ANONYMOUS METRIC REPORTING + +We're adding the ability for you all to help us track the quality of your +experiences using `npm`. Metrics will be sent if you run: + +``` +npm config set send-metrics true +``` + +Then `npm` will report to `registry.npmjs.org` the number of successful and +failed installations you've had. The data contains no identifying +information and npm will not attempt to correlate things like IP address +with the metrics being submitted. + +Currently we only track number of successful and failed installations. In +the future we would like to find additional metrics to help us better +quantify the quality of the `npm` experience. + +* [`190a658`](https://github.com/npm/npm/commit/190a658c4222f6aa904cbc640fc394a5c875e4db) + [#15084](https://github.com/npm/npm/pull/15084) + Add facility for recording and reporting success metrics. + ([@iarna](https://github.com/iarna)) +* [`87afc8b`](https://github.com/npm/npm/commit/87afc8b466f553fb49746c932c259173de48d0a4) + [npm/npm-registry-client#147](https://github.com/npm/npm-registry-client/pull/148) + `npm-registry-client@7.4.5`: + Add support for sending anonymous CLI metrics. + ([@iarna](https://github.com/iarna), + [@sisidovski](https://github.com/sisidovski)) + +### NPM DOCTOR + +<pre> +<u>Check</u> <u>Value</u> <u>Recommendation</u> +npm ping ok +npm -v v4.0.5 +node -v v4.6.1 Use node v6.9.2 +npm config get registry https://registry.npmjs.org/ +which git /Users/rebecca/bin/git +Perms check on cached files ok +Perms check on global node_modules ok +Perms check on local node_modules ok +Checksum cached files ok +</pre> + +It's a rare day that we add a new command to `npm`, so I'm excited to +present to you `npm doctor`. It checks for a number of common problems and +provides some recommended solutions. It was put together through the hard +work of [@watilde](https://github.com/watilde). + +* [`2359505`](https://github.com/npm/npm/commit/23595055669f76c9fe8f5f1cf4a705c2e794f0dc) + [`0209ee5`](https://github.com/npm/npm/commit/0209ee50448441695fbf9699019d34178b69ba73) + [#14582](https://github.com/npm/npm/pull/14582) + Add new `npm doctor` to give your project environment a health check. + ([@watilde](https://github.com/watilde)) + +#### FIX MAJOR SOURCE OF SHASUM ERRORS + +If you've been getting intermittent shasum errors then you'll be pleased to +know that we've tracked down at least one source of them, if not THE source +of them. + +* [`87afc8b`](https://github.com/npm/npm/commit/87afc8b466f553fb49746c932c259173de48d0a4) + [#14626](https://github.com/npm/npm/issues/14626) + [npm/npm-registry-client#148](https://github.com/npm/npm-registry-client/pull/148) + `npm-registry-client@7.4.5`: + Fix a bug where an `ECONNRESET` while fetching a package file would result + in a partial download that would be reported as a "shasum mismatch". It + now throws away the partial download and retries it. + ([@iarna](https://github.com/iarna)) + +#### FILE URLS AND NODE.JS 7 + +When `npm` was formatting `file` URLs we took advantage of `url.format` to +construct them. Node.js 7 changed the behavior in such a way that our use of +`url.format` stopped producing URLs that we could make use of. + +The reasons for this have to do with the `file` URL specification and how +invalid (according to the specification) URLs are handled. How this changed +is most easily explained with a table: + +<table> +<tr><th></th><th>URL</th><th>Node.js <= 6</th><th><tt>npm</tt>'s understanding</th><th>Node.js 7</th><th><tt>npm</tt>'s understanding</th></tr> +<tr><td>VALID</td><td><tt>file:///abc/def</tt></td><td><tt>file:///abc/def</tt></td><td><tt>/abc/def</tt></td><td><tt>file:///abc/def</tt></td><td><tt>/abc/def</tt></td></tr> +<tr><td>invalid</td><td><tt>file:/abc/def</tt></td><td><tt>file:/abc/def</tt></td><td><tt>/abc/def</tt></td><td><tt>file:///abc/def</tt></td><td><tt>/abc/def</tt></td></tr> +<tr><td>invalid</td><td><tt>file:abc/def</tt></td><td><tt>file:abc/def</tt></td><td><tt>$CWD/abc/def</tt></td><td><tt>file://abc/def</tt></td><td><tt>/def</tt> on the <tt>abc</tt> host</td></tr> +<tr><td>invalid</td><td><tt>file:../abc/def</tt></td><td><tt>file:../abc/def</tt></td><td><tt>$CWD/../abc/def</tt></td><td><tt>file://../abc/def</tt></td><td><tt>/abc/def</tt> on the <tt>..</tt> host</td></tr> +</table> + +So the result was that passing a `file` URL that npm had received that used +through Node.js 7's `url.format` changed its meaning as far as `npm` was +concerned. As those kinds of URLs are, per the specification, invalid, how +they should be handled is undefined and so the change in Node.js wasn't a +bug per se. + +Our solution is to stop using `url.format` when constructing this kind of +URL. + +* [`173935b`](https://github.com/npm/npm/commit/173935b4298e09c4fdcb8f3a44b06134d5aff181) + [#15114](https://github.com/npm/npm/issues/15114) + Stop using `url.format` for relative local dep paths. + ([@zkat](https://github.com/zkat)) + +#### EXTRANEOUS LIFECYCLE SCRIPT EXECUTION WHEN REMOVING + +* [`afb1dfd`](https://github.com/npm/npm/commit/afb1dfd944e57add25a05770c0d52d983dc4e96c) + [#15090](https://github.com/npm/npm/pull/15090) + Skip top level lifecycles when uninstalling. + ([@iarna](https://github.com/iarna)) + +#### REFACTORING AND INTERNALS + +* [`c9b279a`](https://github.com/npm/npm/commit/c9b279aca0fcb8d0e483e534c7f9a7250e2a9392) + [#15205](https://github.com/npm/npm/pull/15205) + [#15196](https://github.com/npm/npm/pull/15196) + Only have one function that determines which version of a package to use + given a specifier and a list of versions. + ([@iarna](https://github.com/iarna), + [@zkat](https://github.com/zkat)) + +* [`981ce63`](https://github.com/npm/npm/commit/981ce6395e7892dde2591b44e484e191f8625431) + [#15090](https://github.com/npm/npm/pull/15090) + Rewrite prune to use modern npm plumbing. + ([@iarna](https://github.com/iarna)) + +* [`bc4b739`](https://github.com/npm/npm/commit/bc4b73911f58a11b4a2d28b49e24b4dd7365f95b) + [#15089](https://github.com/npm/npm/pull/15089) + Rename functions and variables in the module that computes what changes to + make to your installation. + ([@iarna](https://github.com/iarna)) + +* [`2449f74`](https://github.com/npm/npm/commit/2449f74a202b3efdb1b2f5a83356a78ea9ecbe35) + [#15089](https://github.com/npm/npm/pull/15089) + When computing changes to make to your installation, use a function to add + new actions to take instead of just pushing on a list. + ([@iarna](https://github.com/iarna)) + +#### IMPROVED LOGGING + +* [`335933a`](https://github.com/npm/npm/commit/335933a05396258eead139d27eea3f7668ccdfab) + [#15089](https://github.com/npm/npm/pull/15089) + Log when we remove obsolete dependencies in the tree. + ([@iarna](https://github.com/iarna)) + +#### DOCUMENTATION + +* [`33ca4e6`](https://github.com/npm/npm/commit/33ca4e6db3c1878cbc40d5e862ab49bb0e82cfb2) + [#15157](https://github.com/npm/npm/pull/15157) + Update `npm cache` docs to use more consistent language + ([@JonahMoses](https://github.com/JonahMoses)) + +#### DEPENDENCY UPDATES + +* [`c2d22fa`](https://github.com/npm/npm/commit/c2d22faf916e8260136a1cc95913ca474421c0d3) + [#15215](https://github.com/npm/npm/pull/15215) + `nopt@4.0.1`: + The breaking change is a small tweak to how empty string values are + handled. See the brand-new + [CHANGELOG.md for nopt](https://github.com/npm/nopt/blob/v4.0.1/CHANGELOG.md) for further + details about what's changed in this release! + ([@adius](https://github.com/adius), + [@samjonester](https://github.com/samjonester), + [@elidoran](https://github.com/elidoran), + [@helio](https://github.com/helio), + [@silkentrance](https://github.com/silkentrance), + [@othiym23](https://github.com/othiym23)) +* [`54d949b`](https://github.com/npm/npm/commit/54d949b05adefffeb7b5b10229c5fe0ccb929ac3) + [npm/lockfile#24](https://github.com/npm/lockfile/pull/24) + `lockfile@1.0.3`: + Handled case where callback was not passed in by the user. + ([@ORESoftware](https://github.com/ORESoftware)) +* [`54acc03`](https://github.com/npm/npm/commit/54acc0389b39850c0725d0868cb5e61317b57503) + `npmlog@4.0.2`: + Documentation update. + ([@helio-frota](https://github.com/helio-frota)) +* [`57f4bc1`](https://github.com/npm/npm/commit/57f4bc1150322294c1ea0a287ad0a8e457c151e6) + `osenv@0.1.4`: + Test changes. + ([@isaacs](https://github.com/isaacs)) +* [`bea1a2d`](https://github.com/npm/npm/commit/bea1a2d0db566560e13ecc1d5f42e55811269c88) + `retry@0.10.1`: + No changes. + ([@tim-kos](https://github.com/tim-kos)) +* [`6749e39`](https://github.com/npm/npm/commit/6749e395f868109afd97f79d36507e6567dd48fb) + [kapouer/marked-man#9](https://github.com/kapouer/marked-man/pull/9) + `marked-man@0.2.0`: + Add table support. + ([@gholk](https://github.com/gholk)) + +### v4.0.5 (2016-12-01) + +It's that time of year! December is upon us, which means y'all are just going to +be doing a lot less, in general, for the next month or so. The "Xmas Chasm", as +we like to call it, has already begun. So for those of you reading it from the +other side: Hi! Welcome back! + +This week's release is a relatively small one, involving just a few bugfixes and +dependency upgrades. The CLI team has been busy recently with scoping out +`npm@5`, and starting to do initial spec work for in-scope stuff. + +#### BUGFIXES + +On to the actual changes! + +* [`9776d8f`](https://github.com/npm/npm/commit/9776d8f70a0ea8d921cbbcab7a54e52c15fc455f) + [#15081](https://github.com/npm/npm/pull/15081) + `bundledDependencies` are intended to be left untouched by the installer, as + much as possible -- if they're bundled, we assume that you want to be + particular about the contents of your bundle. + + The installer used to have a corner case where existing dependencies that had + bundledDependencies would get clobbered by as the installer moved stuff + around, even though the installer already avoided moving deps that were + themselves bundled. This is now fixed, along with the connected crasher, and + your bundledDeps should be left even more intact than before! + ([@iarna](https://github.com/iarna)) +* [`fc61c08`](https://github.com/npm/npm/commit/fc61c082122104031ccfb2a888432c9f809a0e8b) + [#15082](https://github.com/npm/npm/pull/15082) + Initialize nodes from bundled dependencies. This should address + [#14427](https://github.com/npm/npm/issues/14427) and related issues, but it's + turned out to be a tremendously difficult issue to reproduce in a test. We + decided to include it even pending tests, because we found the root cause of + the errors. + ([@iarna](https://github.com/iarna)) +* [`d8471a2`](https://github.com/npm/npm/commit/d8471a294ef848fc893f60e17d6ec6695b975d16) + [#12811](https://github.com/npm/npm/pull/12811) + Consider `devDependencies` when deciding whether to hoist a package. This + should resolve a variety of missing dependency issues some folks were seeing + when `devDependencies` happened to also be dependencies of your + `dependencies`. This often manifested as modules going missing, or only being + installed, after `npm install` was called twice. + ([@schmod](https://github.com/schmod)) + +#### DEPENDENCY UPDATES + +* [`5978703`](https://github.com/npm/npm/commit/5978703da8669adae464789b1b15ee71d7f8d55d) + `graceful-fs@4.1.11`: + `EPERM` errors are Windows are now handled more gracefully. Windows users that + tended to see these errors due to, say, an antivirus-induced race condition, + should see them much more rarely, if at all. + ([@zkatr](https://github.com/zkat)) +* [`85b0174`](https://github.com/npm/npm/commit/85b0174ba9842e8e89f3c33d009e4b4a9e877c7d) + `request@2.79.0` + ([@zkat](https://github.com/zkat)) +* [`9664d36`](https://github.com/npm/npm/commit/9664d36653503247737630440bc2ff657de965c3) + `tap@8.0.1` + ([@zkat](https://github.com/zkat)) + +#### MISCELLANEOUS + +* [`f0f7b0f`](https://github.com/npm/npm/commit/f0f7b0fd025daa2b69994130345e6e8fdaaa0304) + [#15083](https://github.com/npm/npm/pull/15083) + Removed dead code. + ([@iarna](https://github.com/iarna))
* [`bc32afe`](https://github.com/npm/npm/commit/bc32afe4d12e3760fb5a26466dc9c26a5a2981d5) [`c8a22fe`](https://github.com/npm/npm/commit/c8a22fe5320550e09c978abe560b62ce732686f4) [`db2666d`](https://github.com/npm/npm/commit/db2666d8c078fc69d0c02c6a3de9b31be1e995e9) + [#15085](https://github.com/npm/npm/pull/15085) + Change some network tests so they can run offline. + ([@iarna](https://github.com/iarna)) +* [`744a39b`](https://github.com/npm/npm/commit/744a39b836821b388ad8c848bd898c1d006689a9) + [#15085](https://github.com/npm/npm/pull/15085) + Make Node.js tests compatible with Windows. + ([@iarna](https://github.com/iarna)) + +### v4.0.3 (2016-11-17) + +Hey you all, we've got a couple of bug fixes for you, a slew of +documentation improvements and some improvements to our CI environment. I +know we just got v4 out the door, but the CLI team is already busy planning +v5. We'll have more for you in early December. + +#### BUG FIXES + +* [`45d40d9`](https://github.com/npm/npm/commit/45d40d96d2cd145f1e36702d6ade8cd033f7f332) + [`ba2adc2`](https://github.com/npm/npm/commit/ba2adc2e822d5e75021c12f13e3f74ea2edbde32) + [`1dc8908`](https://github.com/npm/npm/commit/1dc890807bd78a1794063688af31287ed25a2f06) + [`2ba19ee`](https://github.com/npm/npm/commit/2ba19ee643d612d103cdd8f288d313b00d05ee87) + [#14403](https://github.com/npm/npm/pull/14403) + Fix a bug where a scoped module could produce crashes when incorrectly + computing the paths related to their location. This patch reorganizes how path information + is passed in to eliminate the possibility of this sort of bug. + ([@iarna](https://github.com/iarna)) + ([@NatalieWolfe](https://github.com/NatalieWolfe)) +* [`1011ec6`](https://github.com/npm/npm/commit/1011ec61230288c827a1c256735c55cf03d6228f) + [npm/npmlog#46](https://github.com/npm/npmlog/pull/46) + `npmlog@4.0.1`: Fix a bug where the progress bar would still display even if + you passed in `--no-progress`. + ([@iarna](https://github.com/iarna)) + +#### DOCUMENTATION UPDATES + +* [`c3ac177`](https://github.com/npm/npm/commit/c3ac177236124c80524c5f252ba8f6670f05dcd8) + [#14406](https://github.com/npm/npm/pull/14406) + Sync up the dispute policy included with the CLI with the [current official text](https://www.npmjs.com/policies/disputes). + ([@mike-engel](https://github.com/mike-engel)) +* [`9c663b2`](https://github.com/npm/npm/commit/9c663b2dd8552f892dc0205330bbc73a484ecd81) + [#14627](https://github.com/npm/npm/pull/14627) + Update build status branch in README. + ([@cameronroe](https://github.com/cameronroe)) +* [`8a8a0a3`](https://github.com/npm/npm/commit/8a8a0a3d490fc767def208f925cdff57e16e565b) + [#14609](https://github.com/npm/npm/pull/14609) + Update examples URLs of GitHub repos where those repos have moved to new URLs. + ([@dougwilson](https://github.com/dougwilson)) +* [`7a6425b`](https://github.com/npm/npm/commit/7a6425bcd4decde5d4b0af8b507e98723a07c680) + [#14472](https://github.com/npm/npm/pull/14472) + Document `sign-git-tag` in + [npm-version(1)](https://github.com/npm/npm/blob/release-next/doc/cli/npm-version.md)'s + configuration section. + ([@strugee](https://github.com/strugee)) +* [`f3087cc`](https://github.com/npm/npm/commit/f3087cc58c903d9a70275be805ebaf0eadbcbe1b) + [#14546](https://github.com/npm/npm/pull/14546) + Add a note about the dangers of configuring npm via uppercase env vars. + ([@tuhoojabotti](https://github.com/tuhoojabotti)) +* [`50e51b0`](https://github.com/npm/npm/commit/50e51b04a143959048cf9e1e4c8fe15094f480b0) + [#14559](https://github.com/npm/npm/pull/14559) + Remove documentation that incorrectly stated that we check `.npmrc` permissions. + ([@iarna](https://github.com/iarna)) + +##### OH UH, HELLO AGAIN NODE.JS 0.12 + +* [`6f0c353`](https://github.com/npm/npm/commit/6f0c353e4e89b0378a4c88c829ccf9a1c5ae829d) + [`f78bde6`](https://github.com/npm/npm/commit/f78bde6983bdca63d5fcb9c220c87e8f75ffb70e) + [#14591](https://github.com/npm/npm/pull/14591) + Reintroduce Node.js 0.12 to our support matrix. We jumped the gun when + removing it. We won't drop support for it till the Node.js project does + so at the end of December 2016. + ([@othiym23](https://github.com/othiym23)) + +#### TEST/CI UPDATES + +* [`aa73d1c`](https://github.com/npm/npm/commit/aa73d1c1cc22608f95382a35b33da252addff38e) + [`c914e80`](https://github.com/npm/npm/commit/c914e80f5abcb16c572fe756c89cf0bcef4ff991) +* [`58fe064`](https://github.com/npm/npm/commit/58fe064dcc80bc08c677647832f2adb4a56b538a) + [#14602](https://github.com/npm/npm/pull/14602) + When running tests with coverage, use nyc's cache. This provides an 8x speedup! + ([@bcoe](https://github.com/bcoe)) +* [`ba091ce`](https://github.com/npm/npm/commit/ba091ce843af5d694f4540e825b095435b3558d8) + [#14435](https://github.com/npm/npm/pull/14435) + Remove an unused zero byte `package.json` found in the test fixtures. + ([@baderbuddy](https://github.com/baderbuddy)) + +#### DEPENDENCY UPDATES + +* [`442e01e`](https://github.com/npm/npm/commit/442e01e42d8a439809f6726032e3b73ac0d2b2f8) + `readable-stream@2.2.2`: + Bring in latest changes from Node.js 7.x. + ([@calvinmetcalf](https://github.com/calvinmetcalf)) +* [`bfc4a1c`](https://github.com/npm/npm/commit/bfc4a1c0c17ef0a00dfaa09beba3389598a46535) + `which@1.2.12`: + Remove unused require. + ([@isaacs](https://github.com/isaacs)) + +#### DEV DEPENDENCY UPDATES + +* [`7075b05`](https://github.com/npm/npm/commit/7075b054d8d2452bb53bee9b170498a48a0dc4e9) + `marked-man@0.1.6` + ([@kapouer](https://github.com/kapouer)) +* [`3e13fea`](https://github.com/npm/npm/commit/3e13fea907ee1141506a6de7d26cbc91c28fdb80) + `tap@8.0.0` + ([@isaacs](https://github.com/isaacs)) + +### v4.0.2 (2016-11-03) + +Hola, amigxs. I know it's been a long time since I rapped at ya, but I +been spending a lotta time quietly reflecting on all the things going on +in my life. I was, like, [in Japan for a while](https://gist.github.com/othiym23/c98bd4ef5d9fb3f496835bd481ef40ae), +and before that my swell colleagues [@zkat](https://github.com/zkat) and +[@iarna](https://github.com/iarna) have been very capably managing the release +process for quite a while. But I returned from Japan somewhat refreshed, very +jetlagged, and filled with a burning urge to get `npm@4` as stable as possible +before we push it out to the user community at large, so I decided to do this +release myself. (Also, huge thanks to Kat and Rebecca for putting out `npm@4` +so capably while I was on vacation! So cool to return to a major release having +gone so well without my involvement!) + +That said... + +#### NEVER TRUST AN X.0.0 RELEASE + +Even though 4.0.1 came out hard on the heels of 4.0.0 with a couple +critical fixes, we've found a couple other major issues that we want to +see fixed before making `npm@4` into `npm@latest`. Some of these are +arguably breaking changes on their own, so now is the time to get them +out if we're going to do so before `npm@5`, and all of them are pretty +significant blockers for a substantial number of users, so now is the +best time to fix them. + +##### PREPUBLISHONLY WHOOPS + +The code running the `publish*` lifecycle events was very confusingly written. +In fact, we didn't really figure out what it was doing until we added the new +`prepublishOnly` event and it was running people's scripts from the wrong +directory. We made it simpler. See the [commit +message](https://github.com/npm/npm/commit/8b32d67aa277fd7e62edbed886387a855f58387f) +for details. + +Because the change is no longer running publish events when publishing prebuilt +artifacts, it's technically a breaking / semver-major change. In the off chance +that the new behavior breaks any of y'all's workflows, let us know, and we can +roll some or all of this change back until `npm@5` (or forever, if that works +better for you). + +* [`8b32d67`](https://github.com/npm/npm/commit/8b32d67aa277fd7e62edbed886387a855f58387f) + [#14502](https://github.com/npm/npm/pull/14502) + Simplify lifecycle invocation and fix `prepublishOnly`. + ([@othiym23](https://github.com/othiym23)) + +##### G'BYE NODE.JS 0.10, 0.12, and 5.X; HI THERE, NODE 7 + +With the advent of the second official Node.js LTS release, Node 6.x +'Boron', the Node.js project has now officially dropped versions 0.10 +and 0.12 out of the maintenance phase of LTS. (Also, Node 5 was never +part of LTS, and will see no further support now that Node 7 has been +released.) As a small team with limited resources, the npm CLI team is +following suit and dropping those versions of Node from its CI test +matrix. + +What this means: + +* Your contributions will no longer block on the tests passing on 0.10 and 0.12. +* We will no longer block dependency upgrades on working with 0.10 and 0.12. +* Bugs filed on the npm CLI that are due to incompatibilities with 0.10 + or 0.12 (and older versions) will be closed with a strong urging to + upgrade to a supported version of Node. +* On the flip side, we'll continue to (happily!) accept patches that + address regressions seen when running the CLI with Node.js 0.10 and + 0.12. + +What this doesn't mean: + +* The CLI is going to start depending on ES2015+ features. npm continues + to work, in almost all cases, all the way back to Node.js 0.8, and our + long history of backwards compatibility is a source of pride for the + team. +* We aren't concerned about the problems of users who, for whatever + reason, can't update to newer versions of npm. As mentioned above, we're + happy to take community patches intended to address regressions. + +We're not super interested in taking sides on what version of Node.js +you "should" be running. We're a workflow tool, and we understand that +you all have a diverse set of operational environments you need to be +able to support. At the same time, we _are_ a small team, and we need +to put some limits on what we support. Tracking what's supported by our +runtime's own team seems most practical, so that's what we're doing. + +* [`ab630c9`](https://github.com/npm/npm/commit/ab630c9a7a1b40cdd4f1244be976c25ab1525907) + [#14503](https://github.com/npm/npm/pull/14503) + Node 6 is LTS; 5.x, 0.10, and 0.12 are unsupported. + ([@othiym23](https://github.com/othiym23)) +* [`731ae52`](https://github.com/npm/npm/commit/731ae526fb6e9951c43d82a26ccd357b63cc56c2) + [#14503](https://github.com/npm/npm/pull/14503) + Update supported version expression. + ([@othiym23](https://github.com/othiym23)) + +##### DISENTANGLING SCOPE + +The new `Npm-Scope` header was previously reusing the `scope` +configuration option to pass the current scope back to your current +registry (which, as [described +previously](https://github.com/npm/npm/blob/release-next/CHANGELOG.md#send-extra-headers-to-registry), is meant to set up some upcoming +registry features). It turns out that had some [seriously weird +consequences](https://github.com/npm/npm/issues/14412) in the case where +you were already configuring `scope` in your own environment. The CLI +now uses separate configuration for this. + +* [`39358f7`](https://github.com/npm/npm/commit/39358f732ded4aa46d86d593393a0d6bca5dc12a) + [#14477](https://github.com/npm/npm/pull/14477) + Differentiate registry scope from project scope in configuration. + ([@zkat](https://github.com/zkat)) + +#### SMALLER CHANGES + +* [`7f41295`](https://github.com/npm/npm/commit/7f41295775f28b958a926f9cb371cb37b05771dd) + [#14519](https://github.com/npm/npm/pull/14519) + Document that as of `npm@4.0.1`, `npm shrinkwrap` now includes `devDependencies` unless + instructed otherwise. + ([@iarna](https://github.com/iarna)) +* [`bdc2f9e`](https://github.com/npm/npm/commit/bdc2f9e255ddf1a47fd13ec8749d17ed41638b2c) + [#14501](https://github.com/npm/npm/pull/14501) + The `ENOSELF` error message is tricky to word. It's also an error that + normally bites new users. Clean it up in an effort to make it easier + to understand what's going on. + ([@snopeks](https://github.com/snopeks), [@zkat](https://github.com/zkat)) + +#### DEPENDENCY UPGRADES + +* [`a52d0f0`](https://github.com/npm/npm/commit/a52d0f0c9cf2de5caef77e12eabd7dca9e89b49c) + `glob@7.1.1`: + - Handle files without associated perms on Windows. + - Fix failing case with `absolute` option. + ([@isaacs](https://github.com/isaacs), [@phated](https://github.com/phated)) +* [`afda66d`](https://github.com/npm/npm/commit/afda66d9afcdcbae1d148f589287583c4182d124) + [isaacs/node-graceful-fs#97](https://github.com/isaacs/node-graceful-fs/pull/97) + `graceful-fs@4.1.10`: Better backoff for EPERM on Windows. + ([@sam-github](https://github.com/sam-github)) +* [`e0023c0`](https://github.com/npm/npm/commit/e0023c089ded9161fbcbe544f12b07e12e3e5729) + [npm/inflight#3](https://github.com/npm/inflight/pull/3) + `inflight@1.0.6`: Clean up even if / when a callback throws. + ([@phated](https://github.com/phated)) +* [`1d91594`](https://github.com/npm/npm/commit/1d9159440364d2fe21e8bc15e08e284aaa118347) + `request@2.78.0` + ([@othiym23](https://github.com/othiym23)) + +### v4.0.1 (2016-10-24) + +Ayyyy~ 🌊 + +So thanks to folks who were running on `npm@next`, we managed to find a few +issues of notes in that preview version, and we're rolling out a small patch +change to fix them. Most notably, anyone who was using a symlinked `node` binary +(for example, if they installed Node.js through `homebrew`), was getting a very +loud warning every time they ran scripts. Y'all should get warnings in a more +useful way, now that we're resolving those path symlinks. + +Another fairly big change that we decided to slap into this version, since +`npm@4.0.0` is never going to be `latest`, is to make it so `devDependencies` +are included in `npm-shrinkwrap.json` by default -- if you do not want this, use +`--production` with `npm shrinkwrap`. + +#### BIG FIXES/CHANGES + +* [`eff46dd`](https://github.com/npm/npm/commit/eff46dd498ed007bfa77ab7782040a3a828b852d) + [#14374](https://github.com/npm/npm/pull/14374) + Fully resolve the path for `node` executables in both `$PATH` and + `process.execPath` to avoid issues with symlinked `node`. + ([@addaleax](https://github.com/addaleax)) +* [`964f2d3`](https://github.com/npm/npm/commit/964f2d3a0675584267e6ece95b0115a53c6ca6a9) + [#14375](https://github.com/npm/npm/pull/14375) + Make including `devDependencies` in `npm-shrinkwrap.json` the default. This + should help make the transition to `npm@5` smoother in the future. + ([@iarna](https://github.com/iarna)) + +#### BUGFIXES + +* [`a5b0a8d`](https://github.com/npm/npm/commit/a5b0a8db561916086fc7dbd6eb2836c952a42a7e) + [#14400](https://github.com/npm/npm/pull/14400) + Recently, we've had some consistent timeout failures while running the test + suite under Travis. This tweak to tests should take care of those issues and + Travis should go back to being reliably green. + ([@iarna](https://github.com/iarna)) + +#### DOC PATCHES + +* [`c5907b2`](https://github.com/npm/npm/commit/c5907b2fc1a82ec919afe3b370ecd34d8895c7a2) + [#14251](https://github.com/npm/npm/pull/14251) + Update links to Node.js downloads. They previously pointed to 404 pages.😬 + ([@ArtskydJ](https://github.com/ArtskydJ)) +* [`0c122f2`](https://github.com/npm/npm/commit/0c122f24ff1d4d400975edda2b7262aaaf6f7d69) + [#14380](https://github.com/npm/npm/pull/14380) + Add note and clarification on when `prepare` script is run. Make it more + consistent with surrounding descriptions. + ([@SimenB](https://github.com/SimenB)) +* [`51a62ab`](https://github.com/npm/npm/commit/51a62abd88324ba3dad18e18ca5e741f1d60883c) + [#14359](https://github.com/npm/npm/pull/14359) + Fixes typo in `npm@4` changelog. + ([@kimroen](https://github.com/kimroen)) + +### v4.0.0 (2016-10-20) + +Welcome to `npm@4`, friends! + +This is our first semver major release since the release of `npm@3` just over a +year ago. Back then, `@3` turned out to be a bit of a ground-shaking release, +with a brand-new installer with significant structural changes to how npm set up +your tree. This is the end of an era, in a way. `npm@4` also marks the release +when we move *both* `npm@2` and `npm@3` into maintenance: We will no longer be +updating those release branches with anything except critical bugfixes and +security patches. + +While its predecessor had some pretty serious impaact, `npm@4` is expected to +have a much smaller effect on your day-to-day use of npm. Over the past year, +we've collected a handful of breaking changes that we wanted to get in which are +only breaking under a strict semver interpretation (which we follow). Some of +these are simple usability improvements, while others fix crashes and serious +issues that required a major release to include. + +We hope this release sees you well, and you can look forward to an accelerated +release pace now that the CLI team is done focusing on sustaining work -- our +Windows fixing and big bugs pushes -- and we can start focusing again on +usability, features, and performance. Keep an eye out for `npm@5` in Q1 2017, +too: We're planning a major overhaul of `shrinkwrap` as well as various speed +and usability fixes for that release. It's gonna be a fun ride. I promise. 😘 + +#### BRIEF OVERVIEW OF **BREAKING** CHANGES + +The following breaking changes are included in this release: + +* `npm search` rewritten to stream results, and no longer supports sorting. +* `npm scripts` no longer prepend the path of the node executable used to run + npm before running scripts. A `--scripts-prepend-node-path` option has been + added to configure this behavior. +* `npat` has been removed. +* `prepublish` has been deprecated, replaced by `prepare`. A `prepublishOnly` + script has been temporarily added, which will *only* run on `npm publish`. +* `npm outdated` exits with exit code `1` if it finds any outdated packages. +* `npm tag` has been removed after a deprecation cycle. Use `npm dist-tag`. +* Partial shrinkwraps are no longer supported. `npm-shrinkwrap.json` is + considered a complete installation manifest except for `devDependencies`. +* npm's default git branch is no longer `master`. We'll be using `latest` from + now on. + +#### SEARCH REWRITE (**BREAKING**) + +Let's face it -- `npm search` simply doesn't work anymore. Apart from the fact +that it grew slower over the years, it's reached a point where we can no longer +fit the entire registry metadata in memory, and anyone who tries to use the +command now sees a really awful memory overflow crash from node. + +It's still going to be some time before the CLI, registry, and web team are able +to overhaul `npm search` altogether, but until then, we've rewritten the +previous `npm search` implementation to *stream* results on the fly, from both +the search endpoint and a local cache. In absolute terms, you won't see a +performance increase and this patch *does* come at the cost of sorting +capabilities, but what it does do is start outputting results as it finds them. +This should make the experience much better, overall, and we believe this is an +acceptable band-aid until we have that search endpoint in place. + +Incidentally, if you want a really nice search experience, we recommend checking +out [npms.io](http://npms.io), which includes a handy-dandy +[`npms-cli`](https://npm.im/npms-cli) for command-line usage -- it's an npm +search site that returns high-quality results quickly and is operated by members +of the npm community. + +* [`cfd43b4`](https://github.com/npm/npm/commit/cfd43b49aed36d0e8ea6c35b07ed8b303b69be61) [`2b8057b`](https://github.com/npm/npm/commit/2b8057be2e1b51e97b1f8f38d7f58edf3ce2c145) + [#13746](https://github.com/npm/npm/pull/13746) + Stream search process end-to-end. + ([@zkat](https://github.com/zkat) and [@aredridel](https://github.com/aredridel)) +* [`50f4ec8`](https://github.com/npm/npm/commit/50f4ec8e8ce642aa6a58cb046b2b770ccf0029db) [`70b4bc2`](https://github.com/npm/npm/commit/70b4bc22ec8e81cd33b9448f5b45afd1a50d50ba) [`8fb470f`](https://github.com/npm/npm/commit/8fb470fe755c4ad3295cb75d7b4266f8e67f8d38) [`ac3a6e0`](https://github.com/npm/npm/commit/ac3a6e0eba61fb40099b1370c74ad1598777def4) [`bad54dd`](https://github.com/npm/npm/commit/bad54dd9f1119fe900a8d065f8537c6f1968b589) [`87d504e`](https://github.com/npm/npm/commit/87d504e0a61bccf09f5e975007d018de3a1c5f50) + [#13746](https://github.com/npm/npm/pull/13746) + Updated search-related tests. + ([@zkat](https://github.com/zkat)) +* [`3596de8`](https://github.com/npm/npm/commit/3596de88598c69eb5bae108703c8e74ca198b20c) + [#13746](https://github.com/npm/npm/pull/13746) + `JSONStream@1.2.1` + ([@zkat](https://github.com/zkat)) +* [`4b09209`](https://github.com/npm/npm/commit/4b09209bb605f547243065032a8b37772669745f) + [#13746](https://github.com/npm/npm/pull/13746) + `mississippi@1.2.0` + ([@zkat](https://github.com/zkat)) +* [`b650b39`](https://github.com/npm/npm/commit/b650b39d42654abb9eed1c7cd463b1c595ca2ef9) + [#13746](https://github.com/npm/npm/pull/13746) + `sorted-union-stream@2.1.3` + ([@zkat](https://github.com/zkat)) + +#### SCRIPT NODE PATH (**BREAKING**) + +Thanks to some great work by [@addaleax](https://github.com/addaleax), we've +addressed a fairly tricky issue involving the node process used by `npm +scripts`. + +Previously, npm would prefix the path of the node executable to the script's +`PATH`. This had the benefit of making sure that the node process would be the +same for both npm and `scripts` unless you had something like +[`node-bin`](https://npm.im/node-bin) in your `node_modules`. And it turns out +lots of people relied on this behavior being this way! + +It turns out that this had some unintended consequences: it broke systems like +[`nyc`](https://npm.im/nyc), but also completely broke/defeated things like +[`rvm`](https://rvm.io/) and +[`virtualenv`](https://virtualenv.pypa.io/en/stable/) by often causing things +that relied on them to fall back to the global system versions of ruby and +python. + +In the face of two perfectly valid, and used alternatives, we decided that the +second case was much more surprising for users, and that we should err on the +side of doing what those users expect. Anna put some hard work in and managed to +put together a patch that changes npm's behavior such that we no longer prepend +the node executable's path *by default*, and adds a new option, +`--scripts-prepend-node-path`, to allow users who rely on this behavior to have +it add the node path for them. + +This patch also makes it so this feature is discoverable by people who might run +into the first case above, by warning if the node executable is either missing +or shadowed by another one in `PATH`. This warning can also be disabled with the +`--scripts-prepend-node-path` option as needed. + +* [`3fb1eb3`](https://github.com/npm/npm/commit/3fb1eb3e00b5daf37f14e437d2818e9b65a43392) [`6a7d375`](https://github.com/npm/npm/commit/6a7d375d779ba5416fd5df154c6da673dd745d9d) [`378ae08`](https://github.com/npm/npm/commit/378ae08851882d6d2bc9b631b16b8c875d0b9704) + [#13409](https://github.com/npm/npm/pull/13409) + Add a `--scripts-prepend-node-path` option to configure whether npm prepends + the current node executable's path to `PATH`. + ([@addaleax](https://github.com/addaleax)) +* [`70b352c`](https://github.com/npm/npm/commit/70b352c6db41533b9a4bfaa9d91f7a2a1178f74e) + [#13409](https://github.com/npm/npm/pull/13409) + Change the default behaviour of npm to never prepending the current node + executable’s directory to `PATH` but printing a warning in the cases in which + it previously did. + ([@addaleax](https://github.com/addaleax)) + +#### REMOVE `npat` (**BREAKING**) + +Let's be real here -- almost no one knows this feature ever existed, and it's a +vestigial feature of the days when the ideal for npm was to distribute full +packages that could be directly developed on, even from the registry. + +It turns out the npm community decided to go a different way: primarily +publishing packages in a production-ready format, with no tests, build tools, +etc. And so, we say goodbye to `npat`. + +* [`e16c14a`](https://github.com/npm/npm/commit/e16c14afb6f52cb8b7adf60b2b26427f76773f2e) + [#14329](https://github.com/npm/npm/pull/14329) + Remove the npat feature. + ([@iarna](https://github.com/iarna)) + +#### NEW `prepare` SCRIPT. `prepublish` DEPRECATED (**BREAKING**) + +If there's anything that really seemed to confuse users, it's that the +`prepublish` script ran when invoking `npm install` without any arguments. + +Turns out many, many people really expected that it would only run on `npm +publish`, even if it actually did what most people expected: prepare the package +for publishing on the registry. + +And so, we've added a `prepare` command that runs in the exact same cases where +`prepublish` ran, and we've begun a deprecation cycle for `prepublish` itself +**only when run by `npm install`**, which will now include a warning any time +you use it that way. + +We've also added a `prepublishOnly` script which will execute **only** when `npm +publish` is invoked. Eventually, `prepublish` will stop executing on `npm +install`, and `prepublishOnly` will be removed, leaving `prepare` and +`prepublish` as two distinct lifecycles. + +* [`9b4a227`](https://github.com/npm/npm/commit/9b4a2278cee0a410a107c8ea4d11614731e0a943) [`bc32078`](https://github.com/npm/npm/commit/bc32078fa798acef0e036414cb448645f135b570) + [#14290](https://github.com/npm/npm/pull/14290) + Add `prepare` and `prepublishOnly` lifecyle events. + ([@othiym23](https://github.com/othiym23)) +* [`52fdefd`](https://github.com/npm/npm/commit/52fdefddb48f0c39c6e8eb4c118eb306c9436117) + [#14290](https://github.com/npm/npm/pull/14290) + Warn when running `prepublish` on `npm pack`. + ([@othiym23](https://github.com/othiym23)) +* [`4c2a948`](https://github.com/npm/npm/commit/4c2a9481b564cae3df3f4643766db4b987018a7b) [`a55bd65`](https://github.com/npm/npm/commit/a55bd651284552b93f7d972a2e944f65c1aa6c35) + [#14290](https://github.com/npm/npm/pull/14290) + Added `prepublish` warnings to `npm install`. + ([@zkat](https://github.com/zkat)) +* [`c27412b`](https://github.com/npm/npm/commit/c27412bb9fc7b09f7707c7d9ad23128959ae1abc) + [#14290](https://github.com/npm/npm/pull/14290) + Replace `prepublish` with `prepare` in `npm help package.json` documentation. + ([@zkat](https://github.com/zkat)) + +#### NO MORE PARTIAL SHRINKWRAPS (**BREAKING**) + +That's right. No more partial shrinkwraps. That means that if you have an +`npm-shrinkwrap.json` in your project, npm will no longer install anything that +isn't explicitly listed there, unless it's a `devDependency`. This will open +doors to some nice optimizations and make use of `npm shrinkwrap` just generally +smoother by removing some awful corner cases. We will also skip `devDependency` +installation from `package.json` if you added `devDependencies` to your +shrinkwrap by using `npm shrinkwrap --dev`. + +* [`b7dfae8`](https://github.com/npm/npm/commit/b7dfae8fd4dc0456605f7a921d20a829afd50864) + [#14327](https://github.com/npm/npm/pull/14327) + Use `readShrinkwrap` to read top level shrinkwrap. There's no reason for npm + to be doing its own bespoke heirloom-grade artisanal thing here. + ([@iarna](https://github.com/iarna)) +* [`0ae1f4b`](https://github.com/npm/npm/commit/0ae1f4b9d83af2d093974beb33f26d77fcc95bb9) [`4a54997`](https://github.com/npm/npm/commit/4a549970dc818d78b6de97728af08a1edb5ae7f0) [`f22a1ae`](https://github.com/npm/npm/commit/f22a1ae54b5d47f1a056a6e70868013ebaf66b79) [`3f61189`](https://github.com/npm/npm/commit/3f61189cb3843fee9f54288fefa95ade9cace066) + [#14327](https://github.com/npm/npm/pull/14327) + Treat shrinkwrap as canonical. That is, don't try to fill in for partial + shrinkwraps. Partial shrinkwraps should produce partial installs. If your + shrinkwrap contains NO `devDependencies` then we'll still try to install them + from your `package.json` instead of assuming you NEVER want `devDependencies`. + ([@iarna](https://github.com/iarna)) + +#### `npm tag` REMOVED (**BREAKING**) + +* [`94255da`](https://github.com/npm/npm/commit/94255da8ffc2d9ed6a0434001a643c1ad82fa483) + [#14328](https://github.com/npm/npm/pull/14328) + Remove deprecated tag command. Folks must use the `dist-tag` command from now + on. + ([@iarna](https://github.com/iarna)) + +#### NON-ZERO EXIT CODE ON OUTDATED DEPENDENCIES (**BREAKING**) + +* [`40a04d8`](https://github.com/npm/npm/commit/40a04d888d10a5952d5ca4080f2f5d2339d2038a) [`e2fa18d`](https://github.com/npm/npm/commit/e2fa18d9f7904eb048db7280b40787cb2cdf87b3) [`3ee3948`](https://github.com/npm/npm/commit/3ee39488b74c7d35fbb5c14295e33b5a77578104) [`3fa25d0`](https://github.com/npm/npm/commit/3fa25d02a8ff07c42c595f84ae4821bc9ee908df) + [#14013](https://github.com/npm/npm/pull/14013) + Do `exit 1` if any outdated dependencies are found by `npm outdated`. + ([@watilde](https://github.com/watilde)) +* [`c81838a`](https://github.com/npm/npm/commit/c81838ae96b253f4b1ac66af619317a3a9da418e) + [#14013](https://github.com/npm/npm/pull/14013) + Log non-zero exit codes at `verbose` level -- this isn't something command + line tools tend to do. It's generally the shell's job to display, if at all. + ([@zkat](https://github.com/zkat)) + +#### SEND EXTRA HEADERS TO REGISTRY + +For the purposes of supporting shiny new registry features, we've started +sending `Npm-Scope` and `Npm-In-CI` headers in outgoing requests. + +* [`846f61c`](https://github.com/npm/npm/commit/846f61c1dd4a033f77aa736ab01c27ae6724fe1c) + [npm/npm-registry-client#145](https://github.com/npm/npm-registry-client/pull/145) + [npm/npm-registry-client#147](https://github.com/npm/npm-registry-client/pull/147) + `npm-registry-client@7.3.0`: + * Allow npm to add headers to outgoing requests. + * Add `Npm-In-CI` header that reports whether we're running in CI. + ([@iarna](https://github.com/iarna)) +* [`6b6bb08`](https://github.com/npm/npm/commit/6b6bb08af661221224a81df8adb0b72019ca3e11) + [#14129](https://github.com/npm/npm/pull/14129) + Send `Npm-Scope` header along with requests to registry. `Npm-Scope` is set to + the `@scope` of the current top level project. This will allow registries to + implement user/scope-aware features and services. + ([@iarna](https://github.com/iarna)) +* [`506de80`](https://github.com/npm/npm/commit/506de80dc0a0576ec2aab0ed8dc3eef3c1dabc23) + [#14129](https://github.com/npm/npm/pull/14129) + Add test to ensure `Npm-In-CI` header is being sent when CI is set in env. + ([@iarna](https://github.com/iarna)) + +#### BUGFIXES + +* [`bc84012`](https://github.com/npm/npm/commit/bc84012c2c615024b08868acbd8df53a7ca8d146) + [#14117](https://github.com/npm/npm/pull/14117) + Fixes a bug where installing a shrinkwrapped package would fail if the + platform failed to install an optional dependency included in the shrinkwrap. + ([@watilde](https://github.com/watilde)) +* [`a40b32d`](https://github.com/npm/npm/commit/a40b32dc7fe18f007a672219a12d6fecef800f9d) + [#13519](https://github.com/npm/npm/pull/13519) + If a package has malformed metadata, `node.requiredBy` is sometimes missing. + Stop crashing when that happens. + ([@creationix](https://github.com/creationix)) + +#### OTHER PATCHES + +* [`643dae2`](https://github.com/npm/npm/commit/643dae2197c56f1c725ecc6539786bf82962d0fe) + [#14244](https://github.com/npm/npm/pull/14244) + Remove some ancient aliases that we'd rather not have around. + ([@zkat](https://github.com/zkat)) +* [`bdeac3e`](https://github.com/npm/npm/commit/bdeac3e0fb226e4777d4be5cd3c3bec8231c8044) + [#14230](https://github.com/npm/npm/pull/14230) + Detect unsupported Node.js versions and warn about it. Also error on really + old versions where we know we can't work. + ([@iarna](https://github.com/iarna)) + +#### DOC UPDATES + +* [`9ca18ad`](https://github.com/npm/npm/commit/9ca18ada7cc1c10b2d32bbb59d5a99dd1c743109) + [#13746](https://github.com/npm/npm/pull/13746) + Updated docs for `npm search` options. + ([@zkat](https://github.com/zkat)) +* [`e02a47f`](https://github.com/npm/npm/commit/e02a47f9698ff082488dc2b1738afabb0912793e) + Move the `npm@3` changelog into the archived changelogs directory. + ([@zkat](https://github.com/zkat)) +* [`c12bbf8`](https://github.com/npm/npm/commit/c12bbf8c5a5dff24a191b66ac638f552bfb76601) + [#14290](https://github.com/npm/npm/pull/14290) + Document prepublish-on-install deprecation. + ([@othiym23](https://github.com/othiym23)) +* [`c246a75`](https://github.com/npm/npm/commit/c246a75ac8697f4ca11d316b7e7db5f24af7972b) + [#14129](https://github.com/npm/npm/pull/14129) + Document headers added by npm to outgoing registry requests. + ([@iarna](https://github.com/iarna)) + +#### DEPENDENCIES + +* [`cb20c73`](https://github.com/npm/npm/commit/cb20c7373a32daaccba2c1ad32d0b7e1fc01a681) + [#13953](https://github.com/npm/npm/pull/13953) + `signal-exit@3.0.1` + ([@benjamincoe](https://github.com/benjamincoe)) diff --git a/deps/npm/doc/cli/npm-cache.md b/deps/npm/doc/cli/npm-cache.md index ea8cb1b991..92a6236c0c 100644 --- a/deps/npm/doc/cli/npm-cache.md +++ b/deps/npm/doc/cli/npm-cache.md @@ -8,11 +8,11 @@ npm-cache(1) -- Manipulates packages cache npm cache add <tarball url> npm cache add <name>@<version> - npm cache ls [<path>] - npm cache clean [<path>] aliases: npm cache clear, npm cache rm + npm cache verify + ## DESCRIPTION Used to add, list, or clean the npm cache folder. @@ -22,35 +22,45 @@ Used to add, list, or clean the npm cache folder. intended to be used internally by npm, but it can provide a way to add data to the local installation cache explicitly. -* ls: - Show the data in the cache. Argument is a path to show in the cache - folder. Works a bit like the `find` program, but limited by the - `depth` config. - * clean: - Delete data out of the cache folder. If an argument is provided, then - it specifies a subpath to delete. If no argument is provided, then - the entire cache is deleted. + Delete all data out of the cache folder. + +* verify: + Verify the contents of the cache folder, garbage collecting any unneeded data, + and verifying the integrity of the cache index and all cached data. ## DETAILS -npm stores cache data in the directory specified in `npm config get cache`. -For each package that is added to the cache, three pieces of information are -stored in `{cache}/{name}/{version}`: +npm stores cache data in an opaque directory within the configured `cache`, +named `_cacache`. This directory is a `cacache`-based content-addressable cache +that stores all http request data as well as other package-related data. This +directory is primarily accessed through `pacote`, the library responsible for +all package fetching as of npm@5. + +All data that passes through the cache is fully verified for integrity on both +insertion and extraction. Cache corruption will either trigger an error, or +signal to `pacote` that the data must be refetched, which it will do +automatically. For this reason, it should never be necessary to clear the cache +for any reason other than reclaiming disk space, thus why `clean` now requires +`--force` to run. + +There is currently no method exposed through npm to inspect or directly manage +the contents of this cache. In order to access it, `cacache` must be used +directly. + +npm will not remove data by itself: the cache will grow as new packages are +installed. -* .../package/package.json: - The package.json file, as npm sees it. -* .../package.tgz: - The tarball for that version. +## A NOTE ABOUT THE CACHE'S DESIGN -Additionally, whenever a registry request is made, a `.cache.json` file -is placed at the corresponding URI, to store the ETag and the requested -data. This is stored in `{cache}/{hostname}/{path}/.cache.json`. +The npm cache is strictly a cache: it should not be relied upon as a persistent +and reliable data store for package data. npm makes no guarantee that a +previously-cached piece of data will be available later, and will automatically +delete corrupted contents. The primary guarantee that the cache makes is that, +if it does return data, that data will be exactly the data that was inserted. -Commands that make non-essential registry requests (such as `search` and -`view`, or the completion scripts) generally specify a minimum timeout. -If the `.cache.json` file is younger than the specified timeout, then -they do not make an HTTP request to the registry. +To run an offline verification of existing cache contents, use `npm cache +verify`. ## CONFIGURATION @@ -69,3 +79,5 @@ The root cache folder. * npm-install(1) * npm-publish(1) * npm-pack(1) +* https://npm.im/cacache +* https://npm.im/pacote diff --git a/deps/npm/doc/cli/npm-install.md b/deps/npm/doc/cli/npm-install.md index 6a37fcc76b..44cb68792b 100644 --- a/deps/npm/doc/cli/npm-install.md +++ b/deps/npm/doc/cli/npm-install.md @@ -8,18 +8,21 @@ npm-install(1) -- Install a package npm install [<@scope>/]<name>@<tag> npm install [<@scope>/]<name>@<version> npm install [<@scope>/]<name>@<version range> + npm install <git-host>:<git-user>/<repo-name> + npm install <git repo url> npm install <tarball file> npm install <tarball url> npm install <folder> alias: npm i - common options: [-S|--save|-D|--save-dev|-O|--save-optional] [-E|--save-exact] [-B|--save-bundle] [--dry-run] + common options: [-P|--save-prod|-D|--save-dev|-O|--save-optional] [-E|--save-exact] [-B|--save-bundle] [--no-save] [--dry-run] ## DESCRIPTION This command installs a package, and any packages that it depends on. If the -package has a shrinkwrap file, the installation of dependencies will be driven -by that. See npm-shrinkwrap(1). +package has a package-lock or shrinkwrap file, the installation of dependencies +will be driven by that, with an `npm-shrinkwrap.json` taking precedence if both +files exist. See package-lock.json(5) and npm-shrinkwrap(1). A `package` is: @@ -54,13 +57,17 @@ after packing it up into a tarball (b). * `npm install <folder>`: - Install a package that is sitting in a folder on the filesystem. + Install the package in the directory as a symlink in the current project. + Its dependencies will be installed before it's linked. If `<folder>` sits + inside the root of your project, its dependencies may be hoisted to the + toplevel `node_modules` as they would for other types of dependencies. * `npm install <tarball file>`: Install a package that is sitting on the filesystem. Note: if you just want to link a dev directory into your npm root, you can do this more easily by - using `npm link`. + using `npm link`. The filename *must* use `.tar`, `.tar.gz`, or `.tgz` as + the extension. Example: @@ -75,27 +82,31 @@ after packing it up into a tarball (b). npm install https://github.com/indexzero/forever/tarball/v0.5.6 -* `npm install [<@scope>/]<name> [-S|--save|-D|--save-dev|-O|--save-optional]`: +* `npm install [<@scope>/]<name>`: Do a `<name>@<tag>` install, where `<tag>` is the "tag" config. (See `npm-config(7)`. The config's default value is `latest`.) - In most cases, this will install the latest version - of the module published on npm. + In most cases, this will install the version of the modules tagged as + `latest` on the npm registry. Example: npm install sax - `npm install` takes 3 exclusive, optional flags which save or update - the package version in your main package.json: + `npm install` saves any specified packages into `dependencies` by default. + Additionally, you can control where and how they get saved with some + additional flags: - * `-S, --save`: Package will appear in your `dependencies`. + * `-P, --save-prod`: Package will appear in your `dependencies`. This is the + default unless `-D` or `-O` are present. * `-D, --save-dev`: Package will appear in your `devDependencies`. * `-O, --save-optional`: Package will appear in your `optionalDependencies`. + * `--no-save`: Prevents saving to `dependencies`. + When using any of the above options to save dependencies to your package.json, there are two additional, optional flags: @@ -105,8 +116,8 @@ after packing it up into a tarball (b). * `-B, --save-bundle`: Saved dependencies will also be added to your `bundleDependencies` list. - Further, if you have an `npm-shrinkwrap.json` then it will be updated as - well. + Further, if you have an `npm-shrinkwrap.json` or `package-lock.json` then it + will be updated as well. `<scope>` is optional. The package will be downloaded from the registry associated with the specified scope. If no registry is associated with @@ -118,13 +129,13 @@ after packing it up into a tarball (b). Examples: - npm install sax --save + npm install sax npm install githubname/reponame npm install @myorg/privatepackage npm install node-tap --save-dev npm install dtrace-provider --save-optional - npm install readable-stream --save --save-exact - npm install ansi-regex --save --save-bundle + npm install readable-stream --save-exact + npm install ansi-regex --save-bundle **Note**: If there is a file or folder named `<name>` in the current @@ -167,20 +178,30 @@ after packing it up into a tarball (b). * `npm install <git remote url>`: - Installs the package from the hosted git provider, cloning it with - `git`. First it tries via the https (git with github) and if that fails, via ssh. + Installs the package from the hosted git provider, cloning it with `git`. + For a full git remote url, only that URL will be attempted. + + <protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>[#<commit-ish> | #semver:<semver>] + + `<protocol>` is one of `git`, `git+ssh`, `git+http`, `git+https`, or + `git+file`. - <protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>[#<commit-ish>] + If `#<commit-ish>` is provided, it will be used to clone exactly that + commit. If the commit-ish has the format `#semver:<semver>`, `<semver>` can + be any valid semver range or exact version, and npm will look for any tags + or refs matching that range in the remote repository, much as it would for a + registry dependency. If neither `#<commit-ish>` or `#semver:<semver>` is + specified, then `master` is used. - `<protocol>` is one of `git`, `git+ssh`, `git+http`, `git+https`, - or `git+file`. - If no `<commit-ish>` is specified, then `master` is used. + If the repository makes use of submodules, those submodules will be cloned + as well. - If the repository makes use of submodules, those submodules will - be cloned as well. + If the package being installed contains a `prepare` script, its + `dependencies` and `devDependencies` will be installed, and the prepare + script will be run, before the package is packaged and installed. - The following git environment variables are recognized by npm and will be added - to the environment when running git: + The following git environment variables are recognized by npm and will be + added to the environment when running git: * `GIT_ASKPASS` * `GIT_EXEC_PATH` @@ -195,6 +216,7 @@ after packing it up into a tarball (b). Examples: npm install git+ssh://git@github.com:npm/npm.git#v1.0.27 + npm install git+ssh://git@github.com:npm/npm#semver:^5.0 npm install git+https://isaacs@github.com/npm/npm.git npm install git://github.com/npm/npm.git#v1.0.27 GIT_SSH_COMMAND='ssh -i ~/.ssh/custom_ident' npm install git+ssh://git@github.com:npm/npm.git @@ -205,20 +227,31 @@ after packing it up into a tarball (b). Install the package at `https://github.com/githubname/githubrepo` by attempting to clone it using `git`. - If you don't specify a *commit-ish* then `master` will be used. + If `#<commit-ish>` is provided, it will be used to clone exactly that + commit. If the commit-ish has the format `#semver:<semver>`, `<semver>` can + be any valid semver range or exact version, and npm will look for any tags + or refs matching that range in the remote repository, much as it would for a + registry dependency. If neither `#<commit-ish>` or `#semver:<semver>` is + specified, then `master` is used. + + As with regular git dependencies, `dependencies` and `devDependencies` will + be installed if the package has a `prepare` script, before the package is + done installing. Examples: npm install mygithubuser/myproject npm install github:mygithubuser/myproject -* `npm install gist:[<githubname>/]<gistID>[#<commit-ish>]`: +* `npm install gist:[<githubname>/]<gistID>[#<commit-ish>|#semver:<semver>]`: Install the package at `https://gist.github.com/gistID` by attempting to clone it using `git`. The GitHub username associated with the gist is - optional and will not be saved in `package.json` if `-S` or `--save` is used. + optional and will not be saved in `package.json`. - If you don't specify a *commit-ish* then `master` will be used. + As with regular git dependencies, `dependencies` and `devDependencies` will + be installed if the package has a `prepare` script, before the package is + done installing. Example: @@ -229,7 +262,16 @@ after packing it up into a tarball (b). Install the package at `https://bitbucket.org/bitbucketname/bitbucketrepo` by attempting to clone it using `git`. - If you don't specify a *commit-ish* then `master` will be used. + If `#<commit-ish>` is provided, it will be used to clone exactly that + commit. If the commit-ish has the format `#semver:<semver>`, `<semver>` can + be any valid semver range or exact version, and npm will look for any tags + or refs matching that range in the remote repository, much as it would for a + registry dependency. If neither `#<commit-ish>` or `#semver:<semver>` is + specified, then `master` is used. + + As with regular git dependencies, `dependencies` and `devDependencies` will + be installed if the package has a `prepare` script, before the package is + done installing. Example: @@ -240,11 +282,21 @@ after packing it up into a tarball (b). Install the package at `https://gitlab.com/gitlabname/gitlabrepo` by attempting to clone it using `git`. - If you don't specify a *commit-ish* then `master` will be used. + If `#<commit-ish>` is provided, it will be used to clone exactly that + commit. If the commit-ish has the format `#semver:<semver>`, `<semver>` can + be any valid semver range or exact version, and npm will look for any tags + or refs matching that range in the remote repository, much as it would for a + registry dependency. If neither `#<commit-ish>` or `#semver:<semver>` is + specified, then `master` is used. + + As with regular git dependencies, `dependencies` and `devDependencies` will + be installed if the package has a `prepare` script, before the package is + done installing. Example: npm install gitlab:mygitlabuser/myproject + npm install gitlab:myusr/myproj#semver:^5.0 You may combine multiple arguments, and even multiple types of arguments. For example: @@ -272,7 +324,7 @@ global `node_modules` folder. Only your direct dependencies will show in `node_modules` and everything they depend on will be flattened in their `node_modules` folders. This obviously will eliminate some deduping. -The `--ignore-scripts` argument will cause npm to not execute any +The `--ignore-scripts` argument will cause npm to not execute any scripts defined in the package.json. See `npm-scripts(7)`. The `--legacy-bundling` argument will cause npm to install the package such @@ -289,7 +341,7 @@ The `--no-optional` argument will prevent optional dependencies from being installed. The `--no-shrinkwrap` argument, which will ignore an available -shrinkwrap file and use the package.json instead. +package lock or shrinkwrap file and use the package.json instead. The `--nodedir=/path/to/node/source` argument will allow npm to find the node source code so that npm can compile native modules. @@ -336,7 +388,9 @@ For `A{B,C}, B{C,D@1}, C{D@2}`, this algorithm produces: +-- D@1 Because B's D@1 will be installed in the top level, C now has to install D@2 -privately for itself. +privately for itself. This algorithm is deterministic, but different trees may +be produced if two dependencies are requested for installation in a different +order. See npm-folders(5) for a more detailed description of the specific folder structures that npm creates. diff --git a/deps/npm/doc/cli/npm-publish.md b/deps/npm/doc/cli/npm-publish.md index caf1fd2430..892786b61d 100644 --- a/deps/npm/doc/cli/npm-publish.md +++ b/deps/npm/doc/cli/npm-publish.md @@ -48,6 +48,10 @@ Once a package is published with a given name and version, that specific name and version combination can never be used again, even if it is removed with npm-unpublish(1). +As of `npm@5`, both a sha1sum and an integrity field with a sha512sum of the +tarball will be submitted to the registry during publication. Subsequent +installs will use the strongest supported algorithm to verify downloads. + For a "dry run" that does everything except actually publishing to the registry, see `npm-pack(1)`, which figures out the files to be included and packs them into a tarball to be uploaded to the registry. diff --git a/deps/npm/doc/cli/npm-shrinkwrap.md b/deps/npm/doc/cli/npm-shrinkwrap.md index ae04bd02bb..4c223a86cc 100644 --- a/deps/npm/doc/cli/npm-shrinkwrap.md +++ b/deps/npm/doc/cli/npm-shrinkwrap.md @@ -1,4 +1,4 @@ -npm-shrinkwrap(1) -- Lock down dependency versions +npm-shrinkwrap(1) -- Lock down dependency versions for publication ===================================================== ## SYNOPSIS @@ -7,181 +7,11 @@ npm-shrinkwrap(1) -- Lock down dependency versions ## DESCRIPTION -This command locks down the versions of a package's dependencies so -that you can control exactly which versions of each dependency will be -used when your package is installed. The `package.json` file is still -required if you want to use `npm install`. - -By default, `npm install` recursively installs the target's -dependencies (as specified in `package.json`), choosing the latest -available version that satisfies the dependency's semver pattern. In -some situations, particularly when shipping software where each change -is tightly managed, it's desirable to fully specify each version of -each dependency recursively so that subsequent builds and deploys do -not inadvertently pick up newer versions of a dependency that satisfy -the semver pattern. Specifying specific semver patterns in each -dependency's `package.json` would facilitate this, but that's not always -possible or desirable, as when another author owns the npm package. -It's also possible to check dependencies directly into source control, -but that may be undesirable for other reasons. - -As an example, consider package A: - - { - "name": "A", - "version": "0.1.0", - "dependencies": { - "B": "<0.1.0" - } - } - -package B: - - { - "name": "B", - "version": "0.0.1", - "dependencies": { - "C": "<0.1.0" - } - } - -and package C: - - { - "name": "C", - "version": "0.0.1" - } - -If these are the only versions of A, B, and C available in the -registry, then a normal `npm install A` will install: - - A@0.1.0 - `-- B@0.0.1 - `-- C@0.0.1 - -However, if B@0.0.2 is published, then a fresh `npm install A` will -install: - - A@0.1.0 - `-- B@0.0.2 - `-- C@0.0.1 - -assuming the new version did not modify B's dependencies. Of course, -the new version of B could include a new version of C and any number -of new dependencies. If such changes are undesirable, the author of A -could specify a dependency on B@0.0.1. However, if A's author and B's -author are not the same person, there's no way for A's author to say -that he or she does not want to pull in newly published versions of C -when B hasn't changed at all. - -In this case, A's author can run - - npm shrinkwrap - -This generates `npm-shrinkwrap.json`, which will look something like this: - - { - "name": "A", - "version": "0.1.0", - "dependencies": { - "B": { - "version": "0.0.1", - "from": "B@^0.0.1", - "resolved": "https://registry.npmjs.org/B/-/B-0.0.1.tgz", - "dependencies": { - "C": { - "version": "0.0.1", - "from": "org/C#v0.0.1", - "resolved": "git://github.com/org/C.git#5c380ae319fc4efe9e7f2d9c78b0faa588fd99b4" - } - } - } - } - } - -The shrinkwrap command has locked down the dependencies based on what's -currently installed in `node_modules`. The installation behavior is changed to: - -1. The module tree described by the shrinkwrap is reproduced. This means -reproducing the structure described in the file, using the specific files -referenced in "resolved" if available, falling back to normal package -resolution using "version" if one isn't. - -2. The tree is walked and any missing dependencies are installed in the usual fashion. - -If `preshrinkwrap`, `shrinkwrap` or `postshrinkwrap` are in the `scripts` property of the -`package.json`, they will be executed by running `npm shrinkwrap`. -`preshrinkwrap` and `shrinkwrap` are executed before the shrinkwrap, `postshrinkwrap` is -executed afterwards. For example to run some postprocessing on the generated file: - - "scripts": { "postshrinkwrap": "node fix-shrinkwrap.js" } - - -### Using shrinkwrapped packages - -Using a shrinkwrapped package is no different than using any other -package: you can `npm install` it by hand, or add a dependency to your -`package.json` file and `npm install` it. - -### Building shrinkwrapped packages - -To shrinkwrap an existing package: - -1. Run `npm install` in the package root to install the current - versions of all dependencies. -2. Validate that the package works as expected with these versions. -3. Run `npm shrinkwrap`, add `npm-shrinkwrap.json` to git, and publish - your package. - -To add or update a dependency in a shrinkwrapped package: - -1. Run `npm install` in the package root to install the current - versions of all dependencies. -2. Add or update dependencies. `npm install --save` or `npm install --save-dev` - each new or updated package individually to update the `package.json` and - the shrinkwrap. Note that they must be explicitly named in order to be - installed: running `npm install` with no arguments will merely reproduce - the existing shrinkwrap. -3. Validate that the package works as expected with the new - dependencies. -4. Commit the new `npm-shrinkwrap.json`, and publish your package. - -You can use npm-outdated(1) to view dependencies with newer versions -available. - -### Other Notes - -A shrinkwrap file must be consistent with the package's `package.json` -file. `npm shrinkwrap` will fail if required dependencies are not -already installed, since that would result in a shrinkwrap that -wouldn't actually work. Similarly, the command will fail if there are -extraneous packages (not referenced by `package.json`), since that would -indicate that `package.json` is not correct. - -Starting with npm v4.0.1, `devDependencies` are included when you run -`npm shrinkwrap` and follow the usual rules as to when they're installed. -As of npm v3.10.8, if you run `npm install --only=production` or -`npm install --production` with a shrinkwrap including your development -dependencies they won't be installed. Similarly, if the environment -variable `NODE_ENV` is `production` then they won't be installed. If you -need compatibility with versions of npm prior to v3.10.8 or otherwise -don't want them in your shrinkwrap you can exclude development -dependencies with: -`npm shrinkwrap --only=prod` or `npm shrinkwrap --production`. - -If shrinkwrapped package A depends on shrinkwrapped package B, B's -shrinkwrap will not be used as part of the installation of A. However, -because A's shrinkwrap is constructed from a valid installation of B -and recursively specifies all dependencies, the contents of B's -shrinkwrap will implicitly be included in A's shrinkwrap. - -### Caveats - -If you wish to lock down the specific bytes included in a package, for -example to have 100% confidence in being able to reproduce a -deployment or build, then you ought to check your dependencies into -source control, or pursue some other mechanism that can verify -contents rather than versions. +This command repurposes `package-lock.json` into a publishable +`npm-shrinkwrap.json` or simply creates a new one. The file created and updated +by this command will then take precedence over any other existing or future +`package-lock.json` files. For a detailed explanation of the design and purpose +of package locks in npm, see npm-package-locks(5). ## SEE ALSO @@ -189,4 +19,7 @@ contents rather than versions. * npm-run-script(1) * npm-scripts(7) * package.json(5) +* npm-package-locks(5) +* package-lock.json(5) +* npm-shrinkwrap.json(5) * npm-ls(1) diff --git a/deps/npm/doc/files/npm-package-locks.md b/deps/npm/doc/files/npm-package-locks.md new file mode 100644 index 0000000000..73786dc91a --- /dev/null +++ b/deps/npm/doc/files/npm-package-locks.md @@ -0,0 +1,145 @@ +npm-package-locks(5) -- An explanation of npm lockfiles +===================================================== + +## DESCRIPTION + +Conceptually, the "input" to npm-install(1) is a package.json(5), while its +"output" is a fully-formed `node_modules` tree: a representation of the +dependencies you declared. In an ideal world, npm would work like a pure +function: the same `package.json` should produce the exact same `node_modules` +tree, any time. In some cases, this is indeed true. But in many others, npm is +unable to do this. There are multiple reasons for this: + +* different versions of npm (or other package managers) may have been used to install a package, each using slightly different installation algorithms. + +* a new version of a direct semver-range package may have been published since the last time your packages were installed, and thus a newer version will be used. + +* A dependency of one of your dependencies may have published a new version, which will update even if you used pinned dependency specifiers (`1.2.3` instead of `^1.2.3`) + +* The registry you installed from is no longer available, or allows mutation of versions (unlike the primary npm registry), and a different version of a package exists under the same version number now. + +As an example, consider package A: + + { + "name": "A", + "version": "0.1.0", + "dependencies": { + "B": "<0.1.0" + } + } + +package B: + + { + "name": "B", + "version": "0.0.1", + "dependencies": { + "C": "<0.1.0" + } + } + +and package C: + + { + "name": "C", + "version": "0.0.1" + } + +If these are the only versions of A, B, and C available in the +registry, then a normal `npm install A` will install: + + A@0.1.0 + `-- B@0.0.1 + `-- C@0.0.1 + +However, if B@0.0.2 is published, then a fresh `npm install A` will +install: + + A@0.1.0 + `-- B@0.0.2 + `-- C@0.0.1 + +assuming the new version did not modify B's dependencies. Of course, +the new version of B could include a new version of C and any number +of new dependencies. If such changes are undesirable, the author of A +could specify a dependency on B@0.0.1. However, if A's author and B's +author are not the same person, there's no way for A's author to say +that he or she does not want to pull in newly published versions of C +when B hasn't changed at all. + +To prevent this potential issue, npm uses package-lock.json(5) or, if present, +npm-shrinkwrap.json(5). These files are called package locks, or lockfiles. + +Whenever you run `npm install`, npm generates or updates your package lock, +which will look something like this: + + { + "name": "A", + "version": "0.1.0", + ...metadata fields... + "dependencies": { + "B": { + "version": "0.0.1", + "resolved": "https://registry.npmjs.org/B/-/B-0.0.1.tgz", + "integrity": "sha512-DeAdb33F+" + "dependencies": { + "C": { + "version": "git://github.com/org/C.git#5c380ae319fc4efe9e7f2d9c78b0faa588fd99b4" + } + } + } + } + } + +This file describes an *exact*, and more importantly *reproducible* +`node_modules` tree. Once it's present, and future installation will base its +work off this file, instead of recalculating dependency versions off +package.json(5). + +The presence of a package lock changes the installation behavior such that: + +1. The module tree described by the package lock is reproduced. This means +reproducing the structure described in the file, using the specific files +referenced in "resolved" if available, falling back to normal package resolution +using "version" if one isn't. + +2. The tree is walked and any missing dependencies are installed in the usual +fashion. + +If `preshrinkwrap`, `shrinkwrap` or `postshrinkwrap` are in the `scripts` +property of the `package.json`, they will be executed in order. `preshrinkwrap` +and `shrinkwrap` are executed before the shrinkwrap, `postshrinkwrap` is +executed afterwards. These scripts run for both `package-lock.json` and +`npm-shrinkwrap.json`. For example to run some postprocessing on the generated +file: + + "scripts": { + "postshrinkwrap": "json -I -e \"this.myMetadata = $MY_APP_METADATA\"" + } + + +### Using locked packages + +Using a locked package is no different than using any package without a package +lock: any commands that update `node_modules` and/or `package.json`'s +dependencies will automatically sync the existing lockfile. This includes `npm +install`, `npm rm`, `npm update`, etc. To prevent this update from happening, +you can use the `--no-save` option to prevent saving altogether, or +`--no-shrinkwrap` to allow `package.json` to be updated while leaving +`package-lock.json` or `npm-shrinkwrap.json` intact. + +It is highly recommended you commit the generated package lock to source +control: this will allow anyone else on your team, your deployments, your +CI/continuous integration, and anyone else who runs `npm install` in your +package source to get the exact same dependency tree that you were developing +on. Additionally, the diffs from these changes are human-readable and will +inform you of any changes npm has made to your `node_modules`, so you can notice +if any transitive dependencies were updated, hoisted, etc. + +## SEE ALSO + +* https://medium.com/@sdboyer/so-you-want-to-write-a-package-manager-4ae9c17d9527 +* package.json(5) +* package-lock.json(5) +* npm-shrinkwrap.json(5) +* npm-shrinkwrap(1) diff --git a/deps/npm/doc/files/npm-shrinkwrap.json.md b/deps/npm/doc/files/npm-shrinkwrap.json.md new file mode 100644 index 0000000000..8256398e86 --- /dev/null +++ b/deps/npm/doc/files/npm-shrinkwrap.json.md @@ -0,0 +1,27 @@ +npm-shrinkwrap.json(5) -- A publishable lockfile +===================================================== + +## DESCRIPTION + +`npm-shrinkwrap.json` is a file created by npm-shrinkwrap(1). It is identical to +`package-lock.json`, with one major caveat: Unlike `package-lock.json`, +`npm-shrinwkrap.json` may be included when publishing a package. + +The recommended use-case for `npm-shrinkwrap.json` is applications deployed +through the publishing process on the registry: for example, daemons and +command-line tools intended as global installs or `devDependencies`. It's +strongly discouraged for library authors to publish this file, since that would +prevent end users from having control over transitive dependency updates. + +Additionally, if both `package-lock.json` and `npm-shrinwkrap.json` are present +in a package root, `package-lock.json` will be ignored in favor of this file. + +For full details and description of the `npm-shrinkwrap.json` file format, refer +to the manual page for package-lock.json(5). + +## SEE ALSO + +* npm-shrinkwrap(1) +* package-lock.json(5) +* package.json(5) +* npm-install(1) diff --git a/deps/npm/doc/files/package-lock.json.md b/deps/npm/doc/files/package-lock.json.md new file mode 100644 index 0000000000..dad219b4a1 --- /dev/null +++ b/deps/npm/doc/files/package-lock.json.md @@ -0,0 +1,132 @@ +package-lock.json(5) -- A manifestation of the manifest +===================================================== + +## DESCRIPTION + +`package-lock.json` is automatically generated for any operations where npm +modifies either the `node_modules` tree, or `package.json`. It describes the +exact tree that was generated, such that subsequent installs are able to +generate identical trees, regardless of intermediate dependency updates. + +This file is intended to be committed into source repositories, and serves +various purposes: + +* Describe a single representation of a dependency tree such that teammates, deployments, and continuous integration are guaranteed to install exactly the same dependencies. + +* Provide a facility for users to "time-travel" to previous states of `node_modules` without having to commit the directory itself. + +* To facilitate greater visibility of tree changes through readable source control diffs. + +* And optimize the installation process by allowing npm to skip repeated metadata resolutions for previously-installed packages. + +One key detail about `package-lock.json` is that it cannot be published, and it +will be ignored if found in any place other than the toplevel package. It shares +a format with npm-shrinkwrap.json(5), which is essentially the same file, but +allows publication. This is not recommended unless deploying a CLI tool or +otherwise using the publication process for producing production packages. + +If both `package-lock.json` and `npm-shrinkwrap.json` are present in the root of +a package, `package-lock.json` will be completely ignored. + + +## FILE FORMAT + +### name + +The name of the package this is a package-lock for. This must match what's in +`package.json`. + +### version + +The version of the package this is a package-lock for. This must match what's in +`package.json`. + +### lockfileVersion + +An integer version, starting at `1` with the version number of this document +whose semantics were used when generating this `package-lock.json`. + +### packageIntegrity + +This is a [subresource +integrity](https://w3c.github.io/webappsec/specs/subresourceintegrity/) value +created from the `pacakge.json`. No preprocessing of the `package.json` should +be done. Subresource integrity strings can be produced by modules like +[`ssri`](https://www.npmjs.com/package/ssri). + +### preserveSymlinks + +Indicates that the install was done with the environment variable +`NODE_PRESERVE_SYMLINKS` enabled. The installer should insist that the value of +this property match that environment variable. + +### dependencies + +A mapping of package name to dependency object. Dependency objects have the +following properties: + +#### version + +This is a specifier that uniquely identifies this package and should be +usable in fetching a new copy of it. + +* bundled dependencies: Regardless of source, this is a version number that is purely for informational purposes. +* registry sources: This is a version number. (eg, `1.2.3`) +* git sources: This is a git specifier with resolved committish. (eg, `git+https://example.com/foo/bar#115311855adb0789a0466714ed48a1499ffea97e`) +* http tarball sources: This is the URL of the tarball. (eg, `https://example.com/example-1.3.0.tgz`) +* local tarball sources: This is the file URL of the tarball. (eg `file:///opt/storage/example-1.3.0.tgz`) +* local link sources: This is the file URL of the link. (eg `file:libs/our-module`) + +#### integrity + +This is a [Standard Subresource +Integrity](https://w3c.github.io/webappsec/specs/subresourceintegrity/) for this +resource. + +* For bundled dependencies this is not included, regardless of source. +* For registry sources, this is the `integrity` that the registry provided, or if one wasn't provided the SHA1 in `shasum`. +* For git sources this is the specific commit hash we cloned from. +* For remote tarball sources this is an integrity based on a SHA512 of + the file. +* For local tarball sources: This is an integrity field based on the SHA512 of the file. + +#### resolved + +* For bundled dependencies this is not included, regardless of source. +* For registry sources this is path of the tarball relative to the registry + URL. If the tarball URL isn't on the same server as the registry URL then + this is a complete URL. + +#### bundled + +If true, this is the bundled dependency and will be installed by the parent +module. When installing, this module will be extracted from the parent +module during the extract phase, not installed as a separate dependency. + +#### dev + +If true then this dependency is either a development dependency ONLY of the +top level module or a transitive dependency of one. This is false for +dependencies that are both a development dependency of the top level and a +transitive dependency of a non-development dependency of the top level. + +#### optional + +If true then this dependency is either an optional dependency ONLY of the +top level module or a transitive dependency of one. This is false for +dependencies that are both an optional dependency of the top level and a +transitive dependency of a non-optional dependency of the top level. + +All optional dependencies should be included even if they're uninstallable +on the current platform. + +#### dependencies + +The dependencies of this dependency, exactly as at the top level. + +## SEE ALSO + +* npm-shrinkwrap(1) +* package-lock.json(5) +* package.json(5) +* npm-install(1) diff --git a/deps/npm/doc/misc/npm-config.md b/deps/npm/doc/misc/npm-config.md index 0b7db2e0e5..6fee98a90c 100644 --- a/deps/npm/doc/misc/npm-config.md +++ b/deps/npm/doc/misc/npm-config.md @@ -63,6 +63,7 @@ The following shorthands are parsed on the command-line: * `-f`: `--force` * `-desc`: `--description` * `-S`: `--save` +* `-P`: `--save-prod` * `-D`: `--save-dev` * `-O`: `--save-optional` * `-B`: `--save-bundle` @@ -682,6 +683,16 @@ Attempt to install packages in the `optionalDependencies` object. Note that if these packages fail to install, the overall installation process is not aborted. +### package-lock + +* Default: true +* Type: Boolean + +If set to false, then ignore `package-lock.json` files when installing. This +will also prevent _writing_ `package-lock.json` if `save` is true. + +This option is an alias for `--shrinkwrap`. + ### parseable * Default: false @@ -803,6 +814,17 @@ If a package would be saved at install time by the use of `--save`, When used with the `npm rm` command, it removes it from the bundledDependencies list. +### save-prod + +* Default: false +* Type: Boolean + +Makes sure that a package will be saved into `dependencies` specifically. This +is useful if a package already exists in `devDependencies` or +`optionalDependencies`, but you want to move it to be a production dep. This is +also the default behavior if `--save` is true, and neither `--save-dev` or +`--save-optional` are true. + ### save-dev * Default: false @@ -934,8 +956,10 @@ The shell to run for the `npm explore` command. * Default: true * Type: Boolean -If set to false, then ignore `npm-shrinkwrap.json` files when -installing. +If set to false, then ignore `npm-shrinkwrap.json` files when installing. This +will also prevent _writing_ `npm-shrinkwrap.json` if `save` is true. + +This option is an alias for `--package-lock`. ### sign-git-tag diff --git a/deps/npm/doc/misc/npm-index.md b/deps/npm/doc/misc/npm-index.md index 7569a225c7..ed478d84ad 100644 --- a/deps/npm/doc/misc/npm-index.md +++ b/deps/npm/doc/misc/npm-index.md @@ -163,7 +163,7 @@ Search for packages ### npm-shrinkwrap(1) -Lock down dependency versions +Lock down dependency versions for publication ### npm-star(1) @@ -225,10 +225,22 @@ File system structures npm uses Folder Structures Used by npm +### npm-package-locks(5) + +An explanation of npm lockfiles + +### npm-shrinkwrap.json(5) + +A publishable lockfile + ### npmrc(5) The npm config files +### package-lock.json(5) + +A manifestation of the manifest + ### package.json(5) Specifics of npm's package.json handling diff --git a/deps/npm/doc/misc/npm-scripts.md b/deps/npm/doc/misc/npm-scripts.md index 3f048716de..0e9c3bc6e7 100644 --- a/deps/npm/doc/misc/npm-scripts.md +++ b/deps/npm/doc/misc/npm-scripts.md @@ -7,14 +7,20 @@ npm supports the "scripts" property of the package.json script, for the following scripts: * prepublish: - Run BEFORE the package is published. (Also run on local `npm - install` without any arguments. See below.) + Run BEFORE the package is packed and published, as well as on local `npm + install` without any arguments. (See below) * prepare: - Run both BEFORE the package is published, and on local `npm - install` without any arguments. (See below.) This is run + Run both BEFORE the package is packed and published, and on local `npm + install` without any arguments (See below). This is run AFTER `prepublish`, but BEFORE `prepublishOnly`. * prepublishOnly: - Run BEFORE the package is published. (See below.) + Run BEFORE the package is prepared and packed, ONLY on `npm publish`. (See + below.) +* prepack: + run BEFORE a tarball is packed (on `npm pack`, `npm publish`, and when + installing git dependencies) +* postpack: + Run AFTER the tarball has been generated and moved to its final destination. * publish, postpublish: Run AFTER the package is published. * preinstall: diff --git a/deps/npm/html/doc/README.html b/deps/npm/html/doc/README.html index 088f4f5fdb..eb4f72947d 100644 --- a/deps/npm/html/doc/README.html +++ b/deps/npm/html/doc/README.html @@ -126,5 +126,5 @@ will no doubt tell you to put the output in a gist or email.</p> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer"><a href="../doc/README.html">README</a> — npm@5.0.0-beta.56</p> +<p id="footer"><a href="../doc/README.html">README</a> — npm@5.0.0</p> diff --git a/deps/npm/html/doc/cli/npm-access.html b/deps/npm/html/doc/cli/npm-access.html index e9010b45d1..f015aacdbc 100644 --- a/deps/npm/html/doc/cli/npm-access.html +++ b/deps/npm/html/doc/cli/npm-access.html @@ -84,5 +84,5 @@ with an HTTP 402 status code (logically enough), unless you use <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-access — npm@5.0.0-beta.56</p> +<p id="footer">npm-access — npm@5.0.0</p> diff --git a/deps/npm/html/doc/cli/npm-adduser.html b/deps/npm/html/doc/cli/npm-adduser.html index 70a6d56bf7..46385d7295 100644 --- a/deps/npm/html/doc/cli/npm-adduser.html +++ b/deps/npm/html/doc/cli/npm-adduser.html @@ -81,5 +81,5 @@ username/password entry in legacy npm.</p> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-adduser — npm@5.0.0-beta.56</p> +<p id="footer">npm-adduser — npm@5.0.0</p> diff --git a/deps/npm/html/doc/cli/npm-bin.html b/deps/npm/html/doc/cli/npm-bin.html index 922be47ec5..962a3282d8 100644 --- a/deps/npm/html/doc/cli/npm-bin.html +++ b/deps/npm/html/doc/cli/npm-bin.html @@ -35,5 +35,5 @@ <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-bin — npm@5.0.0-beta.56</p> +<p id="footer">npm-bin — npm@5.0.0</p> diff --git a/deps/npm/html/doc/cli/npm-bugs.html b/deps/npm/html/doc/cli/npm-bugs.html index 420f373d82..79e11b018e 100644 --- a/deps/npm/html/doc/cli/npm-bugs.html +++ b/deps/npm/html/doc/cli/npm-bugs.html @@ -55,5 +55,5 @@ a <code>package.json</code> in the current folder and use the <code>name</code> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-bugs — npm@5.0.0-beta.56</p> +<p id="footer">npm-bugs — npm@5.0.0</p> diff --git a/deps/npm/html/doc/cli/npm-build.html b/deps/npm/html/doc/cli/npm-build.html index 0fc55f149c..ba59bba643 100644 --- a/deps/npm/html/doc/cli/npm-build.html +++ b/deps/npm/html/doc/cli/npm-build.html @@ -40,5 +40,5 @@ directly, run:</p> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-build — npm@5.0.0-beta.56</p> +<p id="footer">npm-build — npm@5.0.0</p> diff --git a/deps/npm/html/doc/cli/npm-bundle.html b/deps/npm/html/doc/cli/npm-bundle.html index 5971604ba3..8f3510f5b8 100644 --- a/deps/npm/html/doc/cli/npm-bundle.html +++ b/deps/npm/html/doc/cli/npm-bundle.html @@ -31,5 +31,5 @@ install packages into the local space.</p> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-bundle — npm@5.0.0-beta.56</p> +<p id="footer">npm-bundle — npm@5.0.0</p> diff --git a/deps/npm/html/doc/cli/npm-cache.html b/deps/npm/html/doc/cli/npm-cache.html index 1d78e738c2..fdcf223638 100644 --- a/deps/npm/html/doc/cli/npm-cache.html +++ b/deps/npm/html/doc/cli/npm-cache.html @@ -16,10 +16,10 @@ npm cache add <folder> npm cache add <tarball url> npm cache add <name>@<version> -npm cache ls [<path>] - npm cache clean [<path>] aliases: npm cache clear, npm cache rm + +npm cache verify </code></pre><h2 id="description">DESCRIPTION</h2> <p>Used to add, list, or clean the npm cache folder.</p> <ul> @@ -28,34 +28,39 @@ Add the specified package to the local cache. This command is primarily intended to be used internally by npm, but it can provide a way to add data to the local installation cache explicitly.</p> </li> -<li><p>ls: -Show the data in the cache. Argument is a path to show in the cache -folder. Works a bit like the <code>find</code> program, but limited by the -<code>depth</code> config.</p> -</li> <li><p>clean: -Delete data out of the cache folder. If an argument is provided, then -it specifies a subpath to delete. If no argument is provided, then -the entire cache is deleted.</p> +Delete all data out of the cache folder.</p> +</li> +<li><p>verify: +Verify the contents of the cache folder, garbage collecting any unneeded data, +and verifying the integrity of the cache index and all cached data.</p> </li> </ul> <h2 id="details">DETAILS</h2> -<p>npm stores cache data in the directory specified in <code>npm config get cache</code>. -For each package that is added to the cache, three pieces of information are -stored in <code>{cache}/{name}/{version}</code>:</p> -<ul> -<li>.../package/package.json: -The package.json file, as npm sees it.</li> -<li>.../package.tgz: -The tarball for that version.</li> -</ul> -<p>Additionally, whenever a registry request is made, a <code>.cache.json</code> file -is placed at the corresponding URI, to store the ETag and the requested -data. This is stored in <code>{cache}/{hostname}/{path}/.cache.json</code>.</p> -<p>Commands that make non-essential registry requests (such as <code>search</code> and -<code>view</code>, or the completion scripts) generally specify a minimum timeout. -If the <code>.cache.json</code> file is younger than the specified timeout, then -they do not make an HTTP request to the registry.</p> +<p>npm stores cache data in an opaque directory within the configured <code>cache</code>, +named <code>_cacache</code>. This directory is a <code>cacache</code>-based content-addressable cache +that stores all http request data as well as other package-related data. This +directory is primarily accessed through <code>pacote</code>, the library responsible for +all package fetching as of npm@5.</p> +<p>All data that passes through the cache is fully verified for integrity on both +insertion and extraction. Cache corruption will either trigger an error, or +signal to <code>pacote</code> that the data must be refetched, which it will do +automatically. For this reason, it should never be necessary to clear the cache +for any reason other than reclaiming disk space, thus why <code>clean</code> now requires +<code>--force</code> to run.</p> +<p>There is currently no method exposed through npm to inspect or directly manage +the contents of this cache. In order to access it, <code>cacache</code> must be used +directly.</p> +<p>npm will not remove data by itself: the cache will grow as new packages are +installed.</p> +<h2 id="a-note-about-the-cache-s-design">A NOTE ABOUT THE CACHE'S DESIGN</h2> +<p>The npm cache is strictly a cache: it should not be relied upon as a persistent +and reliable data store for package data. npm makes no guarantee that a +previously-cached piece of data will be available later, and will automatically +delete corrupted contents. The primary guarantee that the cache makes is that, +if it does return data, that data will be exactly the data that was inserted.</p> +<p>To run an offline verification of existing cache contents, use <code>npm cache +verify</code>.</p> <h2 id="configuration">CONFIGURATION</h2> <h3 id="cache">cache</h3> <p>Default: <code>~/.npm</code> on Posix, or <code>%AppData%/npm-cache</code> on Windows.</p> @@ -69,6 +74,8 @@ they do not make an HTTP request to the registry.</p> <li><a href="../cli/npm-install.html">npm-install(1)</a></li> <li><a href="../cli/npm-publish.html">npm-publish(1)</a></li> <li><a href="../cli/npm-pack.html">npm-pack(1)</a></li> +<li><a href="https://npm.im/cacache">https://npm.im/cacache</a></li> +<li><a href="https://npm.im/pacote">https://npm.im/pacote</a></li> </ul> </div> @@ -82,5 +89,5 @@ they do not make an HTTP request to the registry.</p> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-cache — npm@5.0.0-beta.56</p> +<p id="footer">npm-cache — npm@5.0.0</p> diff --git a/deps/npm/html/doc/cli/npm-completion.html b/deps/npm/html/doc/cli/npm-completion.html index b3515186e0..18d659ea83 100644 --- a/deps/npm/html/doc/cli/npm-completion.html +++ b/deps/npm/html/doc/cli/npm-completion.html @@ -43,5 +43,5 @@ completions based on the arguments.</p> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-completion — npm@5.0.0-beta.56</p> +<p id="footer">npm-completion — npm@5.0.0</p> diff --git a/deps/npm/html/doc/cli/npm-config.html b/deps/npm/html/doc/cli/npm-config.html index d7a179a749..2ef422bd74 100644 --- a/deps/npm/html/doc/cli/npm-config.html +++ b/deps/npm/html/doc/cli/npm-config.html @@ -67,5 +67,5 @@ global config.</p> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-config — npm@5.0.0-beta.56</p> +<p id="footer">npm-config — npm@5.0.0</p> diff --git a/deps/npm/html/doc/cli/npm-dedupe.html b/deps/npm/html/doc/cli/npm-dedupe.html index fa1a78e18b..d6ff8ce760 100644 --- a/deps/npm/html/doc/cli/npm-dedupe.html +++ b/deps/npm/html/doc/cli/npm-dedupe.html @@ -61,5 +61,5 @@ result in new modules being installed.</p> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-dedupe — npm@5.0.0-beta.56</p> +<p id="footer">npm-dedupe — npm@5.0.0</p> diff --git a/deps/npm/html/doc/cli/npm-deprecate.html b/deps/npm/html/doc/cli/npm-deprecate.html index 0fb651b563..6741f7478b 100644 --- a/deps/npm/html/doc/cli/npm-deprecate.html +++ b/deps/npm/html/doc/cli/npm-deprecate.html @@ -38,5 +38,5 @@ something like this:</p> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-deprecate — npm@5.0.0-beta.56</p> +<p id="footer">npm-deprecate — npm@5.0.0</p> diff --git a/deps/npm/html/doc/cli/npm-dist-tag.html b/deps/npm/html/doc/cli/npm-dist-tag.html index 41def9b127..8fa52c2b33 100644 --- a/deps/npm/html/doc/cli/npm-dist-tag.html +++ b/deps/npm/html/doc/cli/npm-dist-tag.html @@ -86,5 +86,5 @@ begin with a number or the letter <code>v</code>.</p> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-dist-tag — npm@5.0.0-beta.56</p> +<p id="footer">npm-dist-tag — npm@5.0.0</p> diff --git a/deps/npm/html/doc/cli/npm-docs.html b/deps/npm/html/doc/cli/npm-docs.html index cbf16bb0d0..530a784ed9 100644 --- a/deps/npm/html/doc/cli/npm-docs.html +++ b/deps/npm/html/doc/cli/npm-docs.html @@ -56,5 +56,5 @@ the current folder and use the <code>name</code> property.</p> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-docs — npm@5.0.0-beta.56</p> +<p id="footer">npm-docs — npm@5.0.0</p> diff --git a/deps/npm/html/doc/cli/npm-doctor.html b/deps/npm/html/doc/cli/npm-doctor.html index cefa628214..b75fcc5618 100644 --- a/deps/npm/html/doc/cli/npm-doctor.html +++ b/deps/npm/html/doc/cli/npm-doctor.html @@ -103,4 +103,4 @@ cache, you should probably run <code>npm cache clean</code> and reset the cache. <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-doctor — npm@5.0.0-beta.56</p> +<p id="footer">npm-doctor — npm@5.0.0</p> diff --git a/deps/npm/html/doc/cli/npm-edit.html b/deps/npm/html/doc/cli/npm-edit.html index 784e0fc56c..8860c492ad 100644 --- a/deps/npm/html/doc/cli/npm-edit.html +++ b/deps/npm/html/doc/cli/npm-edit.html @@ -49,5 +49,5 @@ or <code>"notepad"</code> on Windows.</li> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-edit — npm@5.0.0-beta.56</p> +<p id="footer">npm-edit — npm@5.0.0</p> diff --git a/deps/npm/html/doc/cli/npm-explore.html b/deps/npm/html/doc/cli/npm-explore.html index c25bd194c9..115d43584c 100644 --- a/deps/npm/html/doc/cli/npm-explore.html +++ b/deps/npm/html/doc/cli/npm-explore.html @@ -49,5 +49,5 @@ Windows</li> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-explore — npm@5.0.0-beta.56</p> +<p id="footer">npm-explore — npm@5.0.0</p> diff --git a/deps/npm/html/doc/cli/npm-help-search.html b/deps/npm/html/doc/cli/npm-help-search.html index 922f1dc2bb..a9cb77652b 100644 --- a/deps/npm/html/doc/cli/npm-help-search.html +++ b/deps/npm/html/doc/cli/npm-help-search.html @@ -45,5 +45,5 @@ where the terms were found in the documentation.</p> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-help-search — npm@5.0.0-beta.56</p> +<p id="footer">npm-help-search — npm@5.0.0</p> diff --git a/deps/npm/html/doc/cli/npm-help.html b/deps/npm/html/doc/cli/npm-help.html index 1ed1413b35..bd72e9471e 100644 --- a/deps/npm/html/doc/cli/npm-help.html +++ b/deps/npm/html/doc/cli/npm-help.html @@ -50,5 +50,5 @@ matches are equivalent to specifying a topic name.</p> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-help — npm@5.0.0-beta.56</p> +<p id="footer">npm-help — npm@5.0.0</p> diff --git a/deps/npm/html/doc/cli/npm-init.html b/deps/npm/html/doc/cli/npm-init.html index cae2b1c4c4..6f053ddb1b 100644 --- a/deps/npm/html/doc/cli/npm-init.html +++ b/deps/npm/html/doc/cli/npm-init.html @@ -48,5 +48,5 @@ defaults and not prompt you for any options.</p> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-init — npm@5.0.0-beta.56</p> +<p id="footer">npm-init — npm@5.0.0</p> diff --git a/deps/npm/html/doc/cli/npm-install-test.html b/deps/npm/html/doc/cli/npm-install-test.html index c8c5bc2d7c..02866f7374 100644 --- a/deps/npm/html/doc/cli/npm-install-test.html +++ b/deps/npm/html/doc/cli/npm-install-test.html @@ -42,5 +42,5 @@ takes exactly the same arguments as <code>npm install</code>.</p> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-install-test — npm@5.0.0-beta.56</p> +<p id="footer">npm-install-test — npm@5.0.0</p> diff --git a/deps/npm/html/doc/cli/npm-install.html b/deps/npm/html/doc/cli/npm-install.html index 655a7ac69f..55eaabcfd3 100644 --- a/deps/npm/html/doc/cli/npm-install.html +++ b/deps/npm/html/doc/cli/npm-install.html @@ -16,16 +16,19 @@ npm install [<@scope>/]<name> npm install [<@scope>/]<name>@<tag> npm install [<@scope>/]<name>@<version> npm install [<@scope>/]<name>@<version range> +npm install <git-host>:<git-user>/<repo-name> +npm install <git repo url> npm install <tarball file> npm install <tarball url> npm install <folder> alias: npm i -common options: [-S|--save|-D|--save-dev|-O|--save-optional] [-E|--save-exact] [-B|--save-bundle] [--dry-run] +common options: [-P|--save-prod|-D|--save-dev|-O|--save-optional] [-E|--save-exact] [-B|--save-bundle] [--no-save] [--dry-run] </code></pre><h2 id="description">DESCRIPTION</h2> <p>This command installs a package, and any packages that it depends on. If the -package has a shrinkwrap file, the installation of dependencies will be driven -by that. See <a href="../cli/npm-shrinkwrap.html">npm-shrinkwrap(1)</a>.</p> +package has a package-lock or shrinkwrap file, the installation of dependencies +will be driven by that, with an <code>npm-shrinkwrap.json</code> taking precedence if both +files exist. See <a href="../files/package-lock.json.html">package-lock.json(5)</a> and <a href="../cli/npm-shrinkwrap.html">npm-shrinkwrap(1)</a>.</p> <p>A <code>package</code> is:</p> <ul> <li>a) a folder containing a program described by a <code><a href="../files/package.json.html">package.json(5)</a></code> file</li> @@ -53,12 +56,16 @@ after packing it up into a tarball (b).</p> <code>devDependencies</code>.</p> </li> <li><p><code>npm install <folder></code>:</p> -<p> Install a package that is sitting in a folder on the filesystem.</p> +<p> Install the package in the directory as a symlink in the current project. + Its dependencies will be installed before it's linked. If <code><folder></code> sits + inside the root of your project, its dependencies may be hoisted to the + toplevel <code>node_modules</code> as they would for other types of dependencies.</p> </li> <li><p><code>npm install <tarball file></code>:</p> <p> Install a package that is sitting on the filesystem. Note: if you just want to link a dev directory into your npm root, you can do this more easily by - using <code>npm link</code>.</p> + using <code>npm link</code>. The filename <em>must</em> use <code>.tar</code>, <code>.tar.gz</code>, or <code>.tgz</code> as + the extension.</p> <p> Example:</p> <pre><code> npm install ./package.tgz </code></pre></li> @@ -68,21 +75,25 @@ after packing it up into a tarball (b).</p> <p> Example:</p> <pre><code> npm install https://github.com/indexzero/forever/tarball/v0.5.6 </code></pre></li> -<li><p><code>npm install [<@scope>/]<name> [-S|--save|-D|--save-dev|-O|--save-optional]</code>:</p> +<li><p><code>npm install [<@scope>/]<name></code>:</p> <p> Do a <code><name>@<tag></code> install, where <code><tag></code> is the "tag" config. (See <code><a href="../misc/npm-config.html">npm-config(7)</a></code>. The config's default value is <code>latest</code>.)</p> -<p> In most cases, this will install the latest version - of the module published on npm.</p> +<p> In most cases, this will install the version of the modules tagged as + <code>latest</code> on the npm registry.</p> <p> Example:</p> <pre><code> npm install sax -</code></pre><p> <code>npm install</code> takes 3 exclusive, optional flags which save or update - the package version in your main package.json:</p> +</code></pre><p> <code>npm install</code> saves any specified packages into <code>dependencies</code> by default. + Additionally, you can control where and how they get saved with some + additional flags:</p> <ul> -<li><p><code>-S, --save</code>: Package will appear in your <code>dependencies</code>.</p> -</li> +<li><p><code>-P, --save-prod</code>: Package will appear in your <code>dependencies</code>. This is the</p> +<pre><code> default unless `-D` or `-O` are present. +</code></pre></li> <li><p><code>-D, --save-dev</code>: Package will appear in your <code>devDependencies</code>.</p> </li> <li><p><code>-O, --save-optional</code>: Package will appear in your <code>optionalDependencies</code>.</p> +</li> +<li><p><code>--no-save</code>: Prevents saving to <code>dependencies</code>.</p> <p>When using any of the above options to save dependencies to your package.json, there are two additional, optional flags:</p> </li> @@ -91,8 +102,8 @@ exact version rather than using npm's default semver range operator.</p> </li> <li><p><code>-B, --save-bundle</code>: Saved dependencies will also be added to your <code>bundleDependencies</code> list.</p> -<p>Further, if you have an <code>npm-shrinkwrap.json</code> then it will be updated as -well.</p> +<p>Further, if you have an <code>npm-shrinkwrap.json</code> or <code>package-lock.json</code> then it +will be updated as well.</p> <p><code><scope></code> is optional. The package will be downloaded from the registry associated with the specified scope. If no registry is associated with the given scope the default registry is assumed. See <code><a href="../misc/npm-scope.html">npm-scope(7)</a></code>.</p> @@ -100,13 +111,13 @@ the given scope the default registry is assumed. See <code><a href="../misc/npm- interpret this as a GitHub repository instead, see below. Scopes names must also be followed by a slash.</p> <p>Examples:</p> -<pre><code>npm install sax --save +<pre><code>npm install sax npm install githubname/reponame npm install @myorg/privatepackage npm install node-tap --save-dev npm install dtrace-provider --save-optional -npm install readable-stream --save --save-exact -npm install ansi-regex --save --save-bundle +npm install readable-stream --save-exact +npm install ansi-regex --save-bundle </code></pre></li> </ul> </li> @@ -140,16 +151,24 @@ fetch the package by name if it is not valid. npm install @myorg/privatepackage@">=0.1.0 <0.2.0" </code></pre></li> <li><p><code>npm install <git remote url></code>:</p> -<p> Installs the package from the hosted git provider, cloning it with - <code>git</code>. First it tries via the https (git with github) and if that fails, via ssh.</p> -<pre><code> <protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>[#<commit-ish>] -</code></pre><p> <code><protocol></code> is one of <code>git</code>, <code>git+ssh</code>, <code>git+http</code>, <code>git+https</code>, - or <code>git+file</code>. - If no <code><commit-ish></code> is specified, then <code>master</code> is used.</p> -<p> If the repository makes use of submodules, those submodules will - be cloned as well.</p> -<p> The following git environment variables are recognized by npm and will be added - to the environment when running git:</p> +<p> Installs the package from the hosted git provider, cloning it with <code>git</code>. + For a full git remote url, only that URL will be attempted.</p> +<pre><code> <protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>[#<commit-ish> | #semver:<semver>] +</code></pre><p> <code><protocol></code> is one of <code>git</code>, <code>git+ssh</code>, <code>git+http</code>, <code>git+https</code>, or + <code>git+file</code>.</p> +<p> If <code>#<commit-ish></code> is provided, it will be used to clone exactly that + commit. If the commit-ish has the format <code>#semver:<semver></code>, <code><semver></code> can + be any valid semver range or exact version, and npm will look for any tags + or refs matching that range in the remote repository, much as it would for a + registry dependency. If neither <code>#<commit-ish></code> or <code>#semver:<semver></code> is + specified, then <code>master</code> is used.</p> +<p> If the repository makes use of submodules, those submodules will be cloned + as well.</p> +<p> If the package being installed contains a <code>prepare</code> script, its + <code>dependencies</code> and <code>devDependencies</code> will be installed, and the prepare + script will be run, before the package is packaged and installed.</p> +<p> The following git environment variables are recognized by npm and will be + added to the environment when running git:</p> <ul> <li><code>GIT_ASKPASS</code></li> <li><code>GIT_EXEC_PATH</code></li> @@ -161,6 +180,7 @@ fetch the package by name if it is not valid. <p>See the git man page for details.</p> <p>Examples:</p> <pre><code>npm install git+ssh://git@github.com:npm/npm.git#v1.0.27 +npm install git+ssh://git@github.com:npm/npm#semver:^5.0 npm install git+https://isaacs@github.com/npm/npm.git npm install git://github.com/npm/npm.git#v1.0.27 GIT_SSH_COMMAND='ssh -i ~/.ssh/custom_ident' npm install git+ssh://git@github.com:npm/npm.git @@ -172,32 +192,59 @@ GIT_SSH_COMMAND='ssh -i ~/.ssh/custom_ident' npm install git+ssh://git@g <li><p><code>npm install github:<githubname>/<githubrepo>[#<commit-ish>]</code>:</p> <p> Install the package at <code>https://github.com/githubname/githubrepo</code> by attempting to clone it using <code>git</code>.</p> -<p> If you don't specify a <em>commit-ish</em> then <code>master</code> will be used.</p> +<p> If <code>#<commit-ish></code> is provided, it will be used to clone exactly that + commit. If the commit-ish has the format <code>#semver:<semver></code>, <code><semver></code> can + be any valid semver range or exact version, and npm will look for any tags + or refs matching that range in the remote repository, much as it would for a + registry dependency. If neither <code>#<commit-ish></code> or <code>#semver:<semver></code> is + specified, then <code>master</code> is used.</p> +<p> As with regular git dependencies, <code>dependencies</code> and <code>devDependencies</code> will + be installed if the package has a <code>prepare</code> script, before the package is + done installing.</p> <p> Examples:</p> <pre><code> npm install mygithubuser/myproject npm install github:mygithubuser/myproject </code></pre></li> -<li><p><code>npm install gist:[<githubname>/]<gistID>[#<commit-ish>]</code>:</p> +<li><p><code>npm install gist:[<githubname>/]<gistID>[#<commit-ish>|#semver:<semver>]</code>:</p> <p> Install the package at <code>https://gist.github.com/gistID</code> by attempting to clone it using <code>git</code>. The GitHub username associated with the gist is - optional and will not be saved in <code>package.json</code> if <code>-S</code> or <code>--save</code> is used.</p> -<p> If you don't specify a <em>commit-ish</em> then <code>master</code> will be used.</p> + optional and will not be saved in <code>package.json</code>.</p> +<p> As with regular git dependencies, <code>dependencies</code> and <code>devDependencies</code> will + be installed if the package has a <code>prepare</code> script, before the package is + done installing.</p> <p> Example:</p> <pre><code> npm install gist:101a11beef </code></pre></li> <li><p><code>npm install bitbucket:<bitbucketname>/<bitbucketrepo>[#<commit-ish>]</code>:</p> <p> Install the package at <code>https://bitbucket.org/bitbucketname/bitbucketrepo</code> by attempting to clone it using <code>git</code>.</p> -<p> If you don't specify a <em>commit-ish</em> then <code>master</code> will be used.</p> +<p> If <code>#<commit-ish></code> is provided, it will be used to clone exactly that + commit. If the commit-ish has the format <code>#semver:<semver></code>, <code><semver></code> can + be any valid semver range or exact version, and npm will look for any tags + or refs matching that range in the remote repository, much as it would for a + registry dependency. If neither <code>#<commit-ish></code> or <code>#semver:<semver></code> is + specified, then <code>master</code> is used.</p> +<p> As with regular git dependencies, <code>dependencies</code> and <code>devDependencies</code> will + be installed if the package has a <code>prepare</code> script, before the package is + done installing.</p> <p> Example:</p> <pre><code> npm install bitbucket:mybitbucketuser/myproject </code></pre></li> <li><p><code>npm install gitlab:<gitlabname>/<gitlabrepo>[#<commit-ish>]</code>:</p> <p> Install the package at <code>https://gitlab.com/gitlabname/gitlabrepo</code> by attempting to clone it using <code>git</code>.</p> -<p> If you don't specify a <em>commit-ish</em> then <code>master</code> will be used.</p> +<p> If <code>#<commit-ish></code> is provided, it will be used to clone exactly that + commit. If the commit-ish has the format <code>#semver:<semver></code>, <code><semver></code> can + be any valid semver range or exact version, and npm will look for any tags + or refs matching that range in the remote repository, much as it would for a + registry dependency. If neither <code>#<commit-ish></code> or <code>#semver:<semver></code> is + specified, then <code>master</code> is used.</p> +<p> As with regular git dependencies, <code>dependencies</code> and <code>devDependencies</code> will + be installed if the package has a <code>prepare</code> script, before the package is + done installing.</p> <p> Example:</p> <pre><code> npm install gitlab:mygitlabuser/myproject + npm install gitlab:myusr/myproj#semver:^5.0 </code></pre></li> </ul> <p>You may combine multiple arguments, and even multiple types of arguments. @@ -218,7 +265,7 @@ your local <code>node_modules</code> folder with the same layout it uses with th global <code>node_modules</code> folder. Only your direct dependencies will show in <code>node_modules</code> and everything they depend on will be flattened in their <code>node_modules</code> folders. This obviously will eliminate some deduping.</p> -<p>The <code>--ignore-scripts</code> argument will cause npm to not execute any +<p>The <code>--ignore-scripts</code> argument will cause npm to not execute any scripts defined in the package.json. See <code><a href="../misc/npm-scripts.html">npm-scripts(7)</a></code>.</p> <p>The <code>--legacy-bundling</code> argument will cause npm to install the package such that versions of npm prior to 1.4, such as the one included with node 0.8, @@ -230,7 +277,7 @@ any binaries the package might contain.</p> <p>The <code>--no-optional</code> argument will prevent optional dependencies from being installed.</p> <p>The <code>--no-shrinkwrap</code> argument, which will ignore an available -shrinkwrap file and use the package.json instead.</p> +package lock or shrinkwrap file and use the package.json instead.</p> <p>The <code>--nodedir=/path/to/node/source</code> argument will allow npm to find the node source code so that npm can compile native modules.</p> <p>The <code>--only={prod[uction]|dev[elopment]}</code> argument will cause either only @@ -265,7 +312,9 @@ at the top level because nothing conflicts with it.</p> `-- D@2 +-- D@1 </code></pre><p>Because B's D@1 will be installed in the top level, C now has to install D@2 -privately for itself.</p> +privately for itself. This algorithm is deterministic, but different trees may +be produced if two dependencies are requested for installation in a different +order.</p> <p>See <a href="../files/npm-folders.html">npm-folders(5)</a> for a more detailed description of the specific folder structures that npm creates.</p> <h3 id="limitations-of-npm-s-install-algorithm">Limitations of npm's Install Algorithm</h3> @@ -316,5 +365,5 @@ affects a real use-case, it will be investigated.</p> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-install — npm@5.0.0-beta.56</p> +<p id="footer">npm-install — npm@5.0.0</p> diff --git a/deps/npm/html/doc/cli/npm-link.html b/deps/npm/html/doc/cli/npm-link.html index f952876a71..b279ab4d3a 100644 --- a/deps/npm/html/doc/cli/npm-link.html +++ b/deps/npm/html/doc/cli/npm-link.html @@ -74,5 +74,5 @@ include that scope, e.g.</p> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-link — npm@5.0.0-beta.56</p> +<p id="footer">npm-link — npm@5.0.0</p> diff --git a/deps/npm/html/doc/cli/npm-logout.html b/deps/npm/html/doc/cli/npm-logout.html index 9a1393966a..3ecde84cc3 100644 --- a/deps/npm/html/doc/cli/npm-logout.html +++ b/deps/npm/html/doc/cli/npm-logout.html @@ -51,5 +51,5 @@ it takes precedence.</p> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-logout — npm@5.0.0-beta.56</p> +<p id="footer">npm-logout — npm@5.0.0</p> diff --git a/deps/npm/html/doc/cli/npm-ls.html b/deps/npm/html/doc/cli/npm-ls.html index 8bd4c70bee..af4103febf 100644 --- a/deps/npm/html/doc/cli/npm-ls.html +++ b/deps/npm/html/doc/cli/npm-ls.html @@ -21,7 +21,7 @@ installed, as well as their dependencies, in a tree-structure.</p> limit the results to only the paths to the packages named. Note that nested packages will <em>also</em> show the paths to the specified packages. For example, running <code>npm ls promzard</code> in npm's source tree will show:</p> -<pre><code>npm@5.0.0-beta.56 /path/to/npm +<pre><code>npm@5.0.0 /path/to/npm └─┬ init-package-json@0.0.4 └── promzard@0.1.5 </code></pre><p>It will print out extraneous, missing, and invalid packages.</p> @@ -104,5 +104,5 @@ project.</p> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-ls — npm@5.0.0-beta.56</p> +<p id="footer">npm-ls — npm@5.0.0</p> diff --git a/deps/npm/html/doc/cli/npm-outdated.html b/deps/npm/html/doc/cli/npm-outdated.html index e3d7a8540f..7b36dc7f5b 100644 --- a/deps/npm/html/doc/cli/npm-outdated.html +++ b/deps/npm/html/doc/cli/npm-outdated.html @@ -116,5 +116,5 @@ project.</p> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-outdated — npm@5.0.0-beta.56</p> +<p id="footer">npm-outdated — npm@5.0.0</p> diff --git a/deps/npm/html/doc/cli/npm-owner.html b/deps/npm/html/doc/cli/npm-owner.html index 920f5e5833..aeaa8acb89 100644 --- a/deps/npm/html/doc/cli/npm-owner.html +++ b/deps/npm/html/doc/cli/npm-owner.html @@ -51,5 +51,5 @@ that is not implemented at this time.</p> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-owner — npm@5.0.0-beta.56</p> +<p id="footer">npm-owner — npm@5.0.0</p> diff --git a/deps/npm/html/doc/cli/npm-pack.html b/deps/npm/html/doc/cli/npm-pack.html index 3956a2a491..d40a92437a 100644 --- a/deps/npm/html/doc/cli/npm-pack.html +++ b/deps/npm/html/doc/cli/npm-pack.html @@ -41,5 +41,5 @@ overwritten the second time.</p> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-pack — npm@5.0.0-beta.56</p> +<p id="footer">npm-pack — npm@5.0.0</p> diff --git a/deps/npm/html/doc/cli/npm-ping.html b/deps/npm/html/doc/cli/npm-ping.html index 084cfdd834..e9a9f97b20 100644 --- a/deps/npm/html/doc/cli/npm-ping.html +++ b/deps/npm/html/doc/cli/npm-ping.html @@ -32,5 +32,5 @@ <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-ping — npm@5.0.0-beta.56</p> +<p id="footer">npm-ping — npm@5.0.0</p> diff --git a/deps/npm/html/doc/cli/npm-prefix.html b/deps/npm/html/doc/cli/npm-prefix.html index d3c4f5af94..99dacb6660 100644 --- a/deps/npm/html/doc/cli/npm-prefix.html +++ b/deps/npm/html/doc/cli/npm-prefix.html @@ -38,5 +38,5 @@ to contain a package.json file unless <code>-g</code> is also specified.</p> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-prefix — npm@5.0.0-beta.56</p> +<p id="footer">npm-prefix — npm@5.0.0</p> diff --git a/deps/npm/html/doc/cli/npm-prune.html b/deps/npm/html/doc/cli/npm-prune.html index 97b39a188e..56e8b8ab29 100644 --- a/deps/npm/html/doc/cli/npm-prune.html +++ b/deps/npm/html/doc/cli/npm-prune.html @@ -40,5 +40,5 @@ negate <code>NODE_ENV</code> being set to <code>production</code>.</p> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-prune — npm@5.0.0-beta.56</p> +<p id="footer">npm-prune — npm@5.0.0</p> diff --git a/deps/npm/html/doc/cli/npm-publish.html b/deps/npm/html/doc/cli/npm-publish.html index b5f6229484..9b9cca3cb0 100644 --- a/deps/npm/html/doc/cli/npm-publish.html +++ b/deps/npm/html/doc/cli/npm-publish.html @@ -51,6 +51,9 @@ the specified registry.</p> <p>Once a package is published with a given name and version, that specific name and version combination can never be used again, even if it is removed with <a href="../cli/npm-unpublish.html">npm-unpublish(1)</a>.</p> +<p>As of <code>npm@5</code>, both a sha1sum and an integrity field with a sha512sum of the +tarball will be submitted to the registry during publication. Subsequent +installs will use the strongest supported algorithm to verify downloads.</p> <p>For a "dry run" that does everything except actually publishing to the registry, see <code><a href="../cli/npm-pack.html">npm-pack(1)</a></code>, which figures out the files to be included and packs them into a tarball to be uploaded to the registry.</p> @@ -76,5 +79,5 @@ packs them into a tarball to be uploaded to the registry.</p> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-publish — npm@5.0.0-beta.56</p> +<p id="footer">npm-publish — npm@5.0.0</p> diff --git a/deps/npm/html/doc/cli/npm-rebuild.html b/deps/npm/html/doc/cli/npm-rebuild.html index ac88ecab84..a2a1ad03ab 100644 --- a/deps/npm/html/doc/cli/npm-rebuild.html +++ b/deps/npm/html/doc/cli/npm-rebuild.html @@ -35,5 +35,5 @@ the new binary.</p> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-rebuild — npm@5.0.0-beta.56</p> +<p id="footer">npm-rebuild — npm@5.0.0</p> diff --git a/deps/npm/html/doc/cli/npm-repo.html b/deps/npm/html/doc/cli/npm-repo.html index ab7311df12..83ec73d5f5 100644 --- a/deps/npm/html/doc/cli/npm-repo.html +++ b/deps/npm/html/doc/cli/npm-repo.html @@ -41,5 +41,5 @@ a <code>package.json</code> in the current folder and use the <code>name</code> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-repo — npm@5.0.0-beta.56</p> +<p id="footer">npm-repo — npm@5.0.0</p> diff --git a/deps/npm/html/doc/cli/npm-restart.html b/deps/npm/html/doc/cli/npm-restart.html index 38607f97bb..c4d3296c25 100644 --- a/deps/npm/html/doc/cli/npm-restart.html +++ b/deps/npm/html/doc/cli/npm-restart.html @@ -53,5 +53,5 @@ behavior will be accompanied by an increase in major version number</p> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-restart — npm@5.0.0-beta.56</p> +<p id="footer">npm-restart — npm@5.0.0</p> diff --git a/deps/npm/html/doc/cli/npm-root.html b/deps/npm/html/doc/cli/npm-root.html index 3376f30e1b..9b115bb003 100644 --- a/deps/npm/html/doc/cli/npm-root.html +++ b/deps/npm/html/doc/cli/npm-root.html @@ -35,5 +35,5 @@ <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-root — npm@5.0.0-beta.56</p> +<p id="footer">npm-root — npm@5.0.0</p> diff --git a/deps/npm/html/doc/cli/npm-run-script.html b/deps/npm/html/doc/cli/npm-run-script.html index 9cc5c452f1..07e1c514d6 100644 --- a/deps/npm/html/doc/cli/npm-run-script.html +++ b/deps/npm/html/doc/cli/npm-run-script.html @@ -66,5 +66,5 @@ you will be given a warning to run <code>npm install</code>, just in case you <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-run-script — npm@5.0.0-beta.56</p> +<p id="footer">npm-run-script — npm@5.0.0</p> diff --git a/deps/npm/html/doc/cli/npm-search.html b/deps/npm/html/doc/cli/npm-search.html index 4989b4760b..02dc30d68e 100644 --- a/deps/npm/html/doc/cli/npm-search.html +++ b/deps/npm/html/doc/cli/npm-search.html @@ -109,5 +109,5 @@ setting.</p> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-search — npm@5.0.0-beta.56</p> +<p id="footer">npm-search — npm@5.0.0</p> diff --git a/deps/npm/html/doc/cli/npm-shrinkwrap.html b/deps/npm/html/doc/cli/npm-shrinkwrap.html index 53592eabe8..a1809977c5 100644 --- a/deps/npm/html/doc/cli/npm-shrinkwrap.html +++ b/deps/npm/html/doc/cli/npm-shrinkwrap.html @@ -9,163 +9,24 @@ <body> <div id="wrapper"> -<h1><a href="../cli/npm-shrinkwrap.html">npm-shrinkwrap</a></h1> <p>Lock down dependency versions</p> +<h1><a href="../cli/npm-shrinkwrap.html">npm-shrinkwrap</a></h1> <p>Lock down dependency versions for publication</p> <h2 id="synopsis">SYNOPSIS</h2> <pre><code>npm shrinkwrap </code></pre><h2 id="description">DESCRIPTION</h2> -<p>This command locks down the versions of a package's dependencies so -that you can control exactly which versions of each dependency will be -used when your package is installed. The <code>package.json</code> file is still -required if you want to use <code>npm install</code>.</p> -<p>By default, <code>npm install</code> recursively installs the target's -dependencies (as specified in <code>package.json</code>), choosing the latest -available version that satisfies the dependency's semver pattern. In -some situations, particularly when shipping software where each change -is tightly managed, it's desirable to fully specify each version of -each dependency recursively so that subsequent builds and deploys do -not inadvertently pick up newer versions of a dependency that satisfy -the semver pattern. Specifying specific semver patterns in each -dependency's <code>package.json</code> would facilitate this, but that's not always -possible or desirable, as when another author owns the npm package. -It's also possible to check dependencies directly into source control, -but that may be undesirable for other reasons.</p> -<p>As an example, consider package A:</p> -<pre><code>{ - "name": "A", - "version": "0.1.0", - "dependencies": { - "B": "<0.1.0" - } -} -</code></pre><p>package B:</p> -<pre><code>{ - "name": "B", - "version": "0.0.1", - "dependencies": { - "C": "<0.1.0" - } -} -</code></pre><p>and package C:</p> -<pre><code>{ - "name": "C", - "version": "0.0.1" -} -</code></pre><p>If these are the only versions of A, B, and C available in the -registry, then a normal <code>npm install A</code> will install:</p> -<pre><code>A@0.1.0 -`-- B@0.0.1 - `-- C@0.0.1 -</code></pre><p>However, if B@0.0.2 is published, then a fresh <code>npm install A</code> will -install:</p> -<pre><code>A@0.1.0 -`-- B@0.0.2 - `-- C@0.0.1 -</code></pre><p>assuming the new version did not modify B's dependencies. Of course, -the new version of B could include a new version of C and any number -of new dependencies. If such changes are undesirable, the author of A -could specify a dependency on B@0.0.1. However, if A's author and B's -author are not the same person, there's no way for A's author to say -that he or she does not want to pull in newly published versions of C -when B hasn't changed at all.</p> -<p>In this case, A's author can run</p> -<pre><code>npm shrinkwrap -</code></pre><p>This generates <code>npm-shrinkwrap.json</code>, which will look something like this:</p> -<pre><code>{ - "name": "A", - "version": "0.1.0", - "dependencies": { - "B": { - "version": "0.0.1", - "from": "B@^0.0.1", - "resolved": "https://registry.npmjs.org/B/-/B-0.0.1.tgz", - "dependencies": { - "C": { - "version": "0.0.1", - "from": "org/C#v0.0.1", - "resolved": "git://github.com/org/C.git#5c380ae319fc4efe9e7f2d9c78b0faa588fd99b4" - } - } - } - } -} -</code></pre><p>The shrinkwrap command has locked down the dependencies based on what's -currently installed in <code>node_modules</code>. The installation behavior is changed to:</p> -<ol> -<li><p>The module tree described by the shrinkwrap is reproduced. This means -reproducing the structure described in the file, using the specific files -referenced in "resolved" if available, falling back to normal package -resolution using "version" if one isn't.</p> -</li> -<li><p>The tree is walked and any missing dependencies are installed in the usual fashion.</p> -</li> -</ol> -<p>If <code>preshrinkwrap</code>, <code>shrinkwrap</code> or <code>postshrinkwrap</code> are in the <code>scripts</code> property of the -<code>package.json</code>, they will be executed by running <code>npm shrinkwrap</code>. -<code>preshrinkwrap</code> and <code>shrinkwrap</code> are executed before the shrinkwrap, <code>postshrinkwrap</code> is -executed afterwards. For example to run some postprocessing on the generated file:</p> -<pre><code>"scripts": { "postshrinkwrap": "node fix-shrinkwrap.js" } -</code></pre><h3 id="using-shrinkwrapped-packages">Using shrinkwrapped packages</h3> -<p>Using a shrinkwrapped package is no different than using any other -package: you can <code>npm install</code> it by hand, or add a dependency to your -<code>package.json</code> file and <code>npm install</code> it.</p> -<h3 id="building-shrinkwrapped-packages">Building shrinkwrapped packages</h3> -<p>To shrinkwrap an existing package:</p> -<ol> -<li>Run <code>npm install</code> in the package root to install the current -versions of all dependencies.</li> -<li>Validate that the package works as expected with these versions.</li> -<li>Run <code>npm shrinkwrap</code>, add <code>npm-shrinkwrap.json</code> to git, and publish -your package.</li> -</ol> -<p>To add or update a dependency in a shrinkwrapped package:</p> -<ol> -<li>Run <code>npm install</code> in the package root to install the current -versions of all dependencies.</li> -<li>Add or update dependencies. <code>npm install --save</code> or <code>npm install --save-dev</code> -each new or updated package individually to update the <code>package.json</code> and -the shrinkwrap. Note that they must be explicitly named in order to be -installed: running <code>npm install</code> with no arguments will merely reproduce -the existing shrinkwrap.</li> -<li>Validate that the package works as expected with the new -dependencies.</li> -<li>Commit the new <code>npm-shrinkwrap.json</code>, and publish your package.</li> -</ol> -<p>You can use <a href="../cli/npm-outdated.html">npm-outdated(1)</a> to view dependencies with newer versions -available.</p> -<h3 id="other-notes">Other Notes</h3> -<p>A shrinkwrap file must be consistent with the package's <code>package.json</code> -file. <code>npm shrinkwrap</code> will fail if required dependencies are not -already installed, since that would result in a shrinkwrap that -wouldn't actually work. Similarly, the command will fail if there are -extraneous packages (not referenced by <code>package.json</code>), since that would -indicate that <code>package.json</code> is not correct.</p> -<p>Starting with npm v4.0.1, <code>devDependencies</code> are included when you run -<code>npm shrinkwrap</code> and follow the usual rules as to when they're installed. -As of npm v3.10.8, if you run <code>npm install --only=production</code> or -<code>npm install --production</code> with a shrinkwrap including your development -dependencies they won't be installed. Similarly, if the environment -variable <code>NODE_ENV</code> is <code>production</code> then they won't be installed. If you -need compatibility with versions of npm prior to v3.10.8 or otherwise -don't want them in your shrinkwrap you can exclude development -dependencies with: -<code>npm shrinkwrap --only=prod</code> or <code>npm shrinkwrap --production</code>.</p> -<p>If shrinkwrapped package A depends on shrinkwrapped package B, B's -shrinkwrap will not be used as part of the installation of A. However, -because A's shrinkwrap is constructed from a valid installation of B -and recursively specifies all dependencies, the contents of B's -shrinkwrap will implicitly be included in A's shrinkwrap.</p> -<h3 id="caveats">Caveats</h3> -<p>If you wish to lock down the specific bytes included in a package, for -example to have 100% confidence in being able to reproduce a -deployment or build, then you ought to check your dependencies into -source control, or pursue some other mechanism that can verify -contents rather than versions.</p> +<p>This command repurposes <code>package-lock.json</code> into a publishable +<code>npm-shrinkwrap.json</code> or simply creates a new one. The file created and updated +by this command will then take precedence over any other existing or future +<code>package-lock.json</code> files. For a detailed explanation of the design and purpose +of package locks in npm, see <a href="../files/npm-package-locks.html">npm-package-locks(5)</a>.</p> <h2 id="see-also">SEE ALSO</h2> <ul> <li><a href="../cli/npm-install.html">npm-install(1)</a></li> <li><a href="../cli/npm-run-script.html">npm-run-script(1)</a></li> <li><a href="../misc/npm-scripts.html">npm-scripts(7)</a></li> <li><a href="../files/package.json.html">package.json(5)</a></li> +<li><a href="../files/npm-package-locks.html">npm-package-locks(5)</a></li> +<li><a href="../files/package-lock.json.html">package-lock.json(5)</a></li> +<li><a href="../files/npm-shrinkwrap.json.html">npm-shrinkwrap.json(5)</a></li> <li><a href="../cli/npm-ls.html">npm-ls(1)</a></li> </ul> @@ -180,5 +41,5 @@ contents rather than versions.</p> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-shrinkwrap — npm@5.0.0-beta.56</p> +<p id="footer">npm-shrinkwrap — npm@5.0.0</p> diff --git a/deps/npm/html/doc/cli/npm-star.html b/deps/npm/html/doc/cli/npm-star.html index 525da2c5e3..8fce919461 100644 --- a/deps/npm/html/doc/cli/npm-star.html +++ b/deps/npm/html/doc/cli/npm-star.html @@ -36,5 +36,5 @@ a vaguely positive way to show that you care.</p> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-star — npm@5.0.0-beta.56</p> +<p id="footer">npm-star — npm@5.0.0</p> diff --git a/deps/npm/html/doc/cli/npm-stars.html b/deps/npm/html/doc/cli/npm-stars.html index b702e065e6..db7f2e0633 100644 --- a/deps/npm/html/doc/cli/npm-stars.html +++ b/deps/npm/html/doc/cli/npm-stars.html @@ -36,5 +36,5 @@ you will most certainly enjoy this command.</p> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-stars — npm@5.0.0-beta.56</p> +<p id="footer">npm-stars — npm@5.0.0</p> diff --git a/deps/npm/html/doc/cli/npm-start.html b/deps/npm/html/doc/cli/npm-start.html index 81dfed2f63..756bc34e68 100644 --- a/deps/npm/html/doc/cli/npm-start.html +++ b/deps/npm/html/doc/cli/npm-start.html @@ -39,5 +39,5 @@ more details.</p> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-start — npm@5.0.0-beta.56</p> +<p id="footer">npm-start — npm@5.0.0</p> diff --git a/deps/npm/html/doc/cli/npm-stop.html b/deps/npm/html/doc/cli/npm-stop.html index 864bc7c563..31c18f4ba2 100644 --- a/deps/npm/html/doc/cli/npm-stop.html +++ b/deps/npm/html/doc/cli/npm-stop.html @@ -34,5 +34,5 @@ <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-stop — npm@5.0.0-beta.56</p> +<p id="footer">npm-stop — npm@5.0.0</p> diff --git a/deps/npm/html/doc/cli/npm-team.html b/deps/npm/html/doc/cli/npm-team.html index 4587cb2c75..13fd947488 100644 --- a/deps/npm/html/doc/cli/npm-team.html +++ b/deps/npm/html/doc/cli/npm-team.html @@ -67,5 +67,5 @@ use the <code>npm access</code> command to grant or revoke the appropriate permi <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-team — npm@5.0.0-beta.56</p> +<p id="footer">npm-team — npm@5.0.0</p> diff --git a/deps/npm/html/doc/cli/npm-test.html b/deps/npm/html/doc/cli/npm-test.html index 9befb62594..798519122a 100644 --- a/deps/npm/html/doc/cli/npm-test.html +++ b/deps/npm/html/doc/cli/npm-test.html @@ -36,5 +36,5 @@ <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-test — npm@5.0.0-beta.56</p> +<p id="footer">npm-test — npm@5.0.0</p> diff --git a/deps/npm/html/doc/cli/npm-uninstall.html b/deps/npm/html/doc/cli/npm-uninstall.html index 55a438b15e..147b6e563e 100644 --- a/deps/npm/html/doc/cli/npm-uninstall.html +++ b/deps/npm/html/doc/cli/npm-uninstall.html @@ -60,5 +60,5 @@ npm uninstall dtrace-provider --save-optional <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-uninstall — npm@5.0.0-beta.56</p> +<p id="footer">npm-uninstall — npm@5.0.0</p> diff --git a/deps/npm/html/doc/cli/npm-unpublish.html b/deps/npm/html/doc/cli/npm-unpublish.html index 82a74483db..587dad4259 100644 --- a/deps/npm/html/doc/cli/npm-unpublish.html +++ b/deps/npm/html/doc/cli/npm-unpublish.html @@ -51,5 +51,5 @@ contact support@npmjs.com.</p> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-unpublish — npm@5.0.0-beta.56</p> +<p id="footer">npm-unpublish — npm@5.0.0</p> diff --git a/deps/npm/html/doc/cli/npm-update.html b/deps/npm/html/doc/cli/npm-update.html index b5bf305bd5..ee1c38dc69 100644 --- a/deps/npm/html/doc/cli/npm-update.html +++ b/deps/npm/html/doc/cli/npm-update.html @@ -118,5 +118,5 @@ be <em>downgraded</em>.</p> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-update — npm@5.0.0-beta.56</p> +<p id="footer">npm-update — npm@5.0.0</p> diff --git a/deps/npm/html/doc/cli/npm-version.html b/deps/npm/html/doc/cli/npm-version.html index ab4f3bc1de..00361d5174 100644 --- a/deps/npm/html/doc/cli/npm-version.html +++ b/deps/npm/html/doc/cli/npm-version.html @@ -114,5 +114,5 @@ to the same value as the current version.</p> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-version — npm@5.0.0-beta.56</p> +<p id="footer">npm-version — npm@5.0.0</p> diff --git a/deps/npm/html/doc/cli/npm-view.html b/deps/npm/html/doc/cli/npm-view.html index 3427b1e1ac..9fa968fd63 100644 --- a/deps/npm/html/doc/cli/npm-view.html +++ b/deps/npm/html/doc/cli/npm-view.html @@ -86,5 +86,5 @@ the field name.</p> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-view — npm@5.0.0-beta.56</p> +<p id="footer">npm-view — npm@5.0.0</p> diff --git a/deps/npm/html/doc/cli/npm-whoami.html b/deps/npm/html/doc/cli/npm-whoami.html index 3f30703d85..c25ad77e59 100644 --- a/deps/npm/html/doc/cli/npm-whoami.html +++ b/deps/npm/html/doc/cli/npm-whoami.html @@ -33,5 +33,5 @@ <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-whoami — npm@5.0.0-beta.56</p> +<p id="footer">npm-whoami — npm@5.0.0</p> diff --git a/deps/npm/html/doc/cli/npm.html b/deps/npm/html/doc/cli/npm.html index 48c4396d74..5549514295 100644 --- a/deps/npm/html/doc/cli/npm.html +++ b/deps/npm/html/doc/cli/npm.html @@ -13,7 +13,7 @@ <h2 id="synopsis">SYNOPSIS</h2> <pre><code>npm <command> [args] </code></pre><h2 id="version">VERSION</h2> -<p>5.0.0-beta.56</p> +<p>5.0.0</p> <h2 id="description">DESCRIPTION</h2> <p>npm is the package manager for the Node JavaScript platform. It puts modules in place so that node can find them, and manages dependency @@ -126,7 +126,7 @@ will no doubt tell you to put the output in a gist or email.</p> <p><a href="http://blog.izs.me/">Isaac Z. Schlueter</a> :: <a href="https://github.com/isaacs/">isaacs</a> :: <a href="http://twitter.com/izs">@izs</a> :: -<a href="mailto:i@izs.me">i@izs.me</a></p> +<a href="mailto:i@izs.me">i@izs.me</a></p> <h2 id="see-also">SEE ALSO</h2> <ul> <li><a href="../cli/npm-help.html">npm-help(1)</a></li> @@ -150,5 +150,5 @@ will no doubt tell you to put the output in a gist or email.</p> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm — npm@5.0.0-beta.56</p> +<p id="footer">npm — npm@5.0.0</p> diff --git a/deps/npm/html/doc/files/npm-folders.html b/deps/npm/html/doc/files/npm-folders.html index 795e779c19..4f9656a922 100644 --- a/deps/npm/html/doc/files/npm-folders.html +++ b/deps/npm/html/doc/files/npm-folders.html @@ -182,5 +182,5 @@ cannot be found elsewhere. See <code><a href="../files/package.json.html">packa <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-folders — npm@5.0.0-beta.56</p> +<p id="footer">npm-folders — npm@5.0.0</p> diff --git a/deps/npm/html/doc/files/npm-global.html b/deps/npm/html/doc/files/npm-global.html index 795e779c19..4f9656a922 100644 --- a/deps/npm/html/doc/files/npm-global.html +++ b/deps/npm/html/doc/files/npm-global.html @@ -182,5 +182,5 @@ cannot be found elsewhere. See <code><a href="../files/package.json.html">packa <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-folders — npm@5.0.0-beta.56</p> +<p id="footer">npm-folders — npm@5.0.0</p> diff --git a/deps/npm/html/doc/files/npm-json.html b/deps/npm/html/doc/files/npm-json.html index bf65afd5e5..7d6ed1c78a 100644 --- a/deps/npm/html/doc/files/npm-json.html +++ b/deps/npm/html/doc/files/npm-json.html @@ -586,5 +586,5 @@ ignored.</p> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">package.json — npm@5.0.0-beta.56</p> +<p id="footer">package.json — npm@5.0.0</p> diff --git a/deps/npm/html/doc/files/npm-package-locks.html b/deps/npm/html/doc/files/npm-package-locks.html new file mode 100644 index 0000000000..7f8851781b --- /dev/null +++ b/deps/npm/html/doc/files/npm-package-locks.html @@ -0,0 +1,148 @@ +<!doctype html> +<html> + <title>npm-package-locks</title> + <meta charset="utf-8"> + <link rel="stylesheet" type="text/css" href="../../static/style.css"> + <link rel="canonical" href="https://www.npmjs.org/doc/files/npm-package-locks.html"> + <script async=true src="../../static/toc.js"></script> + + <body> + <div id="wrapper"> + +<h1><a href="../files/npm-package-locks.html">npm-package-locks</a></h1> <p>An explanation of npm lockfiles</p> +<h2 id="description">DESCRIPTION</h2> +<p>Conceptually, the "input" to <a href="../cli/npm-install.html">npm-install(1)</a> is a <a href="../files/package.json.html">package.json(5)</a>, while its +"output" is a fully-formed <code>node_modules</code> tree: a representation of the +dependencies you declared. In an ideal world, npm would work like a pure +function: the same <code>package.json</code> should produce the exact same <code>node_modules</code> +tree, any time. In some cases, this is indeed true. But in many others, npm is +unable to do this. There are multiple reasons for this:</p> +<ul> +<li><p>different versions of npm (or other package managers) may have been used to install a package, each using slightly different installation algorithms.</p> +</li> +<li><p>a new version of a direct semver-range package may have been published since the last time your packages were installed, and thus a newer version will be used.</p> +</li> +<li><p>A dependency of one of your dependencies may have published a new version, which will update even if you used pinned dependency specifiers (<code>1.2.3</code> instead of <code>^1.2.3</code>)</p> +</li> +<li><p>The registry you installed from is no longer available, or allows mutation of versions (unlike the primary npm registry), and a different version of a package exists under the same version number now.</p> +</li> +</ul> +<p>As an example, consider package A:</p> +<pre><code>{ + "name": "A", + "version": "0.1.0", + "dependencies": { + "B": "<0.1.0" + } +} +</code></pre><p>package B:</p> +<pre><code>{ + "name": "B", + "version": "0.0.1", + "dependencies": { + "C": "<0.1.0" + } +} +</code></pre><p>and package C:</p> +<pre><code>{ + "name": "C", + "version": "0.0.1" +} +</code></pre><p>If these are the only versions of A, B, and C available in the +registry, then a normal <code>npm install A</code> will install:</p> +<pre><code>A@0.1.0 +`-- B@0.0.1 + `-- C@0.0.1 +</code></pre><p>However, if B@0.0.2 is published, then a fresh <code>npm install A</code> will +install:</p> +<pre><code>A@0.1.0 +`-- B@0.0.2 + `-- C@0.0.1 +</code></pre><p>assuming the new version did not modify B's dependencies. Of course, +the new version of B could include a new version of C and any number +of new dependencies. If such changes are undesirable, the author of A +could specify a dependency on B@0.0.1. However, if A's author and B's +author are not the same person, there's no way for A's author to say +that he or she does not want to pull in newly published versions of C +when B hasn't changed at all.</p> +<p>To prevent this potential issue, npm uses <a href="../files/package-lock.json.html">package-lock.json(5)</a> or, if present, +n<a href="../files/pm-shrinkwrap.json.html">pm-shrinkwrap.json(5)</a>. These files are called package locks, or lockfiles.</p> +<p>Whenever you run <code>npm install</code>, npm generates or updates your package lock, +which will look something like this:</p> +<pre><code>{ + "name": "A", + "version": "0.1.0", + ...metadata fields... + "dependencies": { + "B": { + "version": "0.0.1", + "resolved": "https://registry.npmjs.org/B/-/B-0.0.1.tgz", + "integrity": "sha512-DeAdb33F+" + "dependencies": { + "C": { + "version": "git://github.com/org/C.git#5c380ae319fc4efe9e7f2d9c78b0faa588fd99b4" + } + } + } + } +} +</code></pre><p>This file describes an <em>exact</em>, and more importantly <em>reproducible</em> +<code>node_modules</code> tree. Once it's present, and future installation will base its +work off this file, instead of recalculating dependency versions off +p<a href="../files/ackage.json.html">ackage.json(5)</a>.</p> +<p>The presence of a package lock changes the installation behavior such that:</p> +<ol> +<li><p>The module tree described by the package lock is reproduced. This means +reproducing the structure described in the file, using the specific files +referenced in "resolved" if available, falling back to normal package resolution +using "version" if one isn't.</p> +</li> +<li><p>The tree is walked and any missing dependencies are installed in the usual +fashion.</p> +</li> +</ol> +<p>If <code>preshrinkwrap</code>, <code>shrinkwrap</code> or <code>postshrinkwrap</code> are in the <code>scripts</code> +property of the <code>package.json</code>, they will be executed in order. <code>preshrinkwrap</code> +and <code>shrinkwrap</code> are executed before the shrinkwrap, <code>postshrinkwrap</code> is +executed afterwards. These scripts run for both <code>package-lock.json</code> and +<code>npm-shrinkwrap.json</code>. For example to run some postprocessing on the generated +file:</p> +<pre><code>"scripts": { + "postshrinkwrap": "json -I -e \"this.myMetadata = $MY_APP_METADATA\"" +} +</code></pre><h3 id="using-locked-packages">Using locked packages</h3> +<p>Using a locked package is no different than using any package without a package +lock: any commands that update <code>node_modules</code> and/or <code>package.json</code>'s +dependencies will automatically sync the existing lockfile. This includes <code>npm +install</code>, <code>npm rm</code>, <code>npm update</code>, etc. To prevent this update from happening, +you can use the <code>--no-save</code> option to prevent saving altogether, or +<code>--no-shrinkwrap</code> to allow <code>package.json</code> to be updated while leaving +<code>package-lock.json</code> or <code>npm-shrinkwrap.json</code> intact.</p> +<p>It is highly recommended you commit the generated package lock to source +control: this will allow anyone else on your team, your deployments, your +CI/continuous integration, and anyone else who runs <code>npm install</code> in your +package source to get the exact same dependency tree that you were developing +on. Additionally, the diffs from these changes are human-readable and will +inform you of any changes npm has made to your <code>node_modules</code>, so you can notice +if any transitive dependencies were updated, hoisted, etc.</p> +<h2 id="see-also">SEE ALSO</h2> +<ul> +<li><a href="https://medium.com/@sdboyer/so-you-want-to-write-a-package-manager-4ae9c17d9527">https://medium.com/@sdboyer/so-you-want-to-write-a-package-manager-4ae9c17d9527</a></li> +<li><a href="../files/package.json.html">package.json(5)</a></li> +<li><a href="../files/package-lock.json.html">package-lock.json(5)</a></li> +<li><a href="../files/npm-shrinkwrap.json.html">npm-shrinkwrap.json(5)</a></li> +<li><a href="../cli/npm-shrinkwrap.html">npm-shrinkwrap(1)</a></li> +</ul> + +</div> + +<table border=0 cellspacing=0 cellpadding=0 id=npmlogo> +<tr><td style="width:180px;height:10px;background:rgb(237,127,127)" colspan=18> </td></tr> +<tr><td rowspan=4 style="width:10px;height:10px;background:rgb(237,127,127)"> </td><td style="width:40px;height:10px;background:#fff" colspan=4> </td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=4> </td><td style="width:40px;height:10px;background:#fff" colspan=4> </td><td rowspan=4 style="width:10px;height:10px;background:rgb(237,127,127)"> </td><td colspan=6 style="width:60px;height:10px;background:#fff"> </td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=4> </td></tr> +<tr><td colspan=2 style="width:20px;height:30px;background:#fff" rowspan=3> </td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=3> </td><td style="width:10px;height:10px;background:#fff" rowspan=3> </td><td style="width:20px;height:10px;background:#fff" rowspan=4 colspan=2> </td><td style="width:10px;height:20px;background:rgb(237,127,127)" rowspan=2> </td><td style="width:10px;height:10px;background:#fff" rowspan=3> </td><td style="width:20px;height:10px;background:#fff" rowspan=3 colspan=2> </td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=3> </td><td style="width:10px;height:10px;background:#fff" rowspan=3> </td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=3> </td></tr> +<tr><td style="width:10px;height:10px;background:#fff" rowspan=2> </td></tr> +<tr><td style="width:10px;height:10px;background:#fff"> </td></tr> +<tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> +<tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> +</table> +<p id="footer">npm-package-locks — npm@5.0.0</p> diff --git a/deps/npm/html/doc/files/npm-shrinkwrap.json.html b/deps/npm/html/doc/files/npm-shrinkwrap.json.html new file mode 100644 index 0000000000..3498af7921 --- /dev/null +++ b/deps/npm/html/doc/files/npm-shrinkwrap.json.html @@ -0,0 +1,45 @@ +<!doctype html> +<html> + <title>npm-shrinkwrap.json</title> + <meta charset="utf-8"> + <link rel="stylesheet" type="text/css" href="../../static/style.css"> + <link rel="canonical" href="https://www.npmjs.org/doc/files/npm-shrinkwrap.json.html"> + <script async=true src="../../static/toc.js"></script> + + <body> + <div id="wrapper"> + +<h1><a href="../files/npm-shrinkwrap.json.html">npm-shrinkwrap.json</a></h1> <p>A publishable lockfile</p> +<h2 id="description">DESCRIPTION</h2> +<p><code>npm-shrinkwrap.json</code> is a file created by <a href="../cli/npm-shrinkwrap.html">npm-shrinkwrap(1)</a>. It is identical to +<code>package-lock.json</code>, with one major caveat: Unlike <code>package-lock.json</code>, +<code>npm-shrinwkrap.json</code> may be included when publishing a package.</p> +<p>The recommended use-case for <code>npm-shrinkwrap.json</code> is applications deployed +through the publishing process on the registry: for example, daemons and +command-line tools intended as global installs or <code>devDependencies</code>. It's +strongly discouraged for library authors to publish this file, since that would +prevent end users from having control over transitive dependency updates.</p> +<p>Additionally, if both <code>package-lock.json</code> and <code>npm-shrinwkrap.json</code> are present +in a package root, <code>package-lock.json</code> will be ignored in favor of this file.</p> +<p>For full details and description of the <code>npm-shrinkwrap.json</code> file format, refer +to the manual page for <a href="../files/package-lock.json.html">package-lock.json(5)</a>.</p> +<h2 id="see-also">SEE ALSO</h2> +<ul> +<li><a href="../cli/npm-shrinkwrap.html">npm-shrinkwrap(1)</a></li> +<li><a href="../files/package-lock.json.html">package-lock.json(5)</a></li> +<li><a href="../files/package.json.html">package.json(5)</a></li> +<li><a href="../cli/npm-install.html">npm-install(1)</a></li> +</ul> + +</div> + +<table border=0 cellspacing=0 cellpadding=0 id=npmlogo> +<tr><td style="width:180px;height:10px;background:rgb(237,127,127)" colspan=18> </td></tr> +<tr><td rowspan=4 style="width:10px;height:10px;background:rgb(237,127,127)"> </td><td style="width:40px;height:10px;background:#fff" colspan=4> </td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=4> </td><td style="width:40px;height:10px;background:#fff" colspan=4> </td><td rowspan=4 style="width:10px;height:10px;background:rgb(237,127,127)"> </td><td colspan=6 style="width:60px;height:10px;background:#fff"> </td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=4> </td></tr> +<tr><td colspan=2 style="width:20px;height:30px;background:#fff" rowspan=3> </td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=3> </td><td style="width:10px;height:10px;background:#fff" rowspan=3> </td><td style="width:20px;height:10px;background:#fff" rowspan=4 colspan=2> </td><td style="width:10px;height:20px;background:rgb(237,127,127)" rowspan=2> </td><td style="width:10px;height:10px;background:#fff" rowspan=3> </td><td style="width:20px;height:10px;background:#fff" rowspan=3 colspan=2> </td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=3> </td><td style="width:10px;height:10px;background:#fff" rowspan=3> </td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=3> </td></tr> +<tr><td style="width:10px;height:10px;background:#fff" rowspan=2> </td></tr> +<tr><td style="width:10px;height:10px;background:#fff"> </td></tr> +<tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> +<tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> +</table> +<p id="footer">npm-shrinkwrap.json — npm@5.0.0</p> diff --git a/deps/npm/html/doc/files/npmrc.html b/deps/npm/html/doc/files/npmrc.html index 33b683292f..ef6d01b611 100644 --- a/deps/npm/html/doc/files/npmrc.html +++ b/deps/npm/html/doc/files/npmrc.html @@ -85,5 +85,5 @@ manner.</p> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npmrc — npm@5.0.0-beta.56</p> +<p id="footer">npmrc — npm@5.0.0</p> diff --git a/deps/npm/html/doc/files/package-lock.json.html b/deps/npm/html/doc/files/package-lock.json.html new file mode 100644 index 0000000000..57423161bd --- /dev/null +++ b/deps/npm/html/doc/files/package-lock.json.html @@ -0,0 +1,127 @@ +<!doctype html> +<html> + <title>package-lock.json</title> + <meta charset="utf-8"> + <link rel="stylesheet" type="text/css" href="../../static/style.css"> + <link rel="canonical" href="https://www.npmjs.org/doc/files/package-lock.json.html"> + <script async=true src="../../static/toc.js"></script> + + <body> + <div id="wrapper"> + +<h1><a href="../files/package-lock.json.html">package-lock.json</a></h1> <p>A manifestation of the manifest</p> +<h2 id="description">DESCRIPTION</h2> +<p><code>package-lock.json</code> is automatically generated for any operations where npm +modifies either the <code>node_modules</code> tree, or <code>package.json</code>. It describes the +exact tree that was generated, such that subsequent installs are able to +generate identical trees, regardless of intermediate dependency updates.</p> +<p>This file is intended to be committed into source repositories, and serves +various purposes:</p> +<ul> +<li><p>Describe a single representation of a dependency tree such that teammates, deployments, and continuous integration are guaranteed to install exactly the same dependencies.</p> +</li> +<li><p>Provide a facility for users to "time-travel" to previous states of <code>node_modules</code> without having to commit the directory itself.</p> +</li> +<li><p>To facilitate greater visibility of tree changes through readable source control diffs.</p> +</li> +<li><p>And optimize the installation process by allowing npm to skip repeated metadata resolutions for previously-installed packages.</p> +</li> +</ul> +<p>One key detail about <code>package-lock.json</code> is that it cannot be published, and it +will be ignored if found in any place other than the toplevel package. It shares +a format with <a href="../files/npm-shrinkwrap.json.html">npm-shrinkwrap.json(5)</a>, which is essentially the same file, but +allows publication. This is not recommended unless deploying a CLI tool or +otherwise using the publication process for producing production packages.</p> +<p>If both <code>package-lock.json</code> and <code>npm-shrinkwrap.json</code> are present in the root of +a package, <code>package-lock.json</code> will be completely ignored.</p> +<h2 id="file-format">FILE FORMAT</h2> +<h3 id="name">name</h3> +<p>The name of the package this is a package-lock for. This must match what's in +<code>package.json</code>.</p> +<h3 id="version">version</h3> +<p>The version of the package this is a package-lock for. This must match what's in +<code>package.json</code>.</p> +<h3 id="lockfileversion">lockfileVersion</h3> +<p>An integer version, starting at <code>1</code> with the version number of this document +whose semantics were used when generating this <code>package-lock.json</code>.</p> +<h3 id="packageintegrity">packageIntegrity</h3> +<p>This is a <a href="https://w3c.github.io/webappsec/specs/subresourceintegrity/">subresource +integrity</a> value +created from the <code>pacakge.json</code>. No preprocessing of the <code>package.json</code> should +be done. Subresource integrity strings can be produced by modules like +<a href="https://www.npmjs.com/package/ssri"><code>ssri</code></a>.</p> +<h3 id="preservesymlinks">preserveSymlinks</h3> +<p>Indicates that the install was done with the environment variable +<code>NODE_PRESERVE_SYMLINKS</code> enabled. The installer should insist that the value of +this property match that environment variable.</p> +<h3 id="dependencies">dependencies</h3> +<p>A mapping of package name to dependency object. Dependency objects have the +following properties:</p> +<h4 id="version">version</h4> +<p>This is a specifier that uniquely identifies this package and should be +usable in fetching a new copy of it.</p> +<ul> +<li>bundled dependencies: Regardless of source, this is a version number that is purely for informational purposes.</li> +<li>registry sources: This is a version number. (eg, <code>1.2.3</code>)</li> +<li>git sources: This is a git specifier with resolved committish. (eg, <code>git+https://example.com/foo/bar#115311855adb0789a0466714ed48a1499ffea97e</code>)</li> +<li>http tarball sources: This is the URL of the tarball. (eg, <code>https://example.com/example-1.3.0.tgz</code>)</li> +<li>local tarball sources: This is the file URL of the tarball. (eg <code>file:///opt/storage/example-1.3.0.tgz</code>)</li> +<li>local link sources: This is the file URL of the link. (eg <code>file:libs/our-module</code>)</li> +</ul> +<h4 id="integrity">integrity</h4> +<p>This is a <a href="https://w3c.github.io/webappsec/specs/subresourceintegrity/">Standard Subresource +Integrity</a> for this +resource.</p> +<ul> +<li>For bundled dependencies this is not included, regardless of source.</li> +<li>For registry sources, this is the <code>integrity</code> that the registry provided, or if one wasn't provided the SHA1 in <code>shasum</code>.</li> +<li>For git sources this is the specific commit hash we cloned from.</li> +<li>For remote tarball sources this is an integrity based on a SHA512 of +the file.</li> +<li>For local tarball sources: This is an integrity field based on the SHA512 of the file.</li> +</ul> +<h4 id="resolved">resolved</h4> +<ul> +<li>For bundled dependencies this is not included, regardless of source.</li> +<li>For registry sources this is path of the tarball relative to the registry +URL. If the tarball URL isn't on the same server as the registry URL then +this is a complete URL.</li> +</ul> +<h4 id="bundled">bundled</h4> +<p>If true, this is the bundled dependency and will be installed by the parent +module. When installing, this module will be extracted from the parent +module during the extract phase, not installed as a separate dependency.</p> +<h4 id="dev">dev</h4> +<p>If true then this dependency is either a development dependency ONLY of the +top level module or a transitive dependency of one. This is false for +dependencies that are both a development dependency of the top level and a +transitive dependency of a non-development dependency of the top level.</p> +<h4 id="optional">optional</h4> +<p>If true then this dependency is either an optional dependency ONLY of the +top level module or a transitive dependency of one. This is false for +dependencies that are both an optional dependency of the top level and a +transitive dependency of a non-optional dependency of the top level.</p> +<p>All optional dependencies should be included even if they're uninstallable +on the current platform.</p> +<h4 id="dependencies">dependencies</h4> +<p>The dependencies of this dependency, exactly as at the top level.</p> +<h2 id="see-also">SEE ALSO</h2> +<ul> +<li><a href="../cli/npm-shrinkwrap.html">npm-shrinkwrap(1)</a></li> +<li><a href="../files/package-lock.json.html">package-lock.json(5)</a></li> +<li><a href="../files/package.json.html">package.json(5)</a></li> +<li><a href="../cli/npm-install.html">npm-install(1)</a></li> +</ul> + +</div> + +<table border=0 cellspacing=0 cellpadding=0 id=npmlogo> +<tr><td style="width:180px;height:10px;background:rgb(237,127,127)" colspan=18> </td></tr> +<tr><td rowspan=4 style="width:10px;height:10px;background:rgb(237,127,127)"> </td><td style="width:40px;height:10px;background:#fff" colspan=4> </td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=4> </td><td style="width:40px;height:10px;background:#fff" colspan=4> </td><td rowspan=4 style="width:10px;height:10px;background:rgb(237,127,127)"> </td><td colspan=6 style="width:60px;height:10px;background:#fff"> </td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=4> </td></tr> +<tr><td colspan=2 style="width:20px;height:30px;background:#fff" rowspan=3> </td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=3> </td><td style="width:10px;height:10px;background:#fff" rowspan=3> </td><td style="width:20px;height:10px;background:#fff" rowspan=4 colspan=2> </td><td style="width:10px;height:20px;background:rgb(237,127,127)" rowspan=2> </td><td style="width:10px;height:10px;background:#fff" rowspan=3> </td><td style="width:20px;height:10px;background:#fff" rowspan=3 colspan=2> </td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=3> </td><td style="width:10px;height:10px;background:#fff" rowspan=3> </td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=3> </td></tr> +<tr><td style="width:10px;height:10px;background:#fff" rowspan=2> </td></tr> +<tr><td style="width:10px;height:10px;background:#fff"> </td></tr> +<tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> +<tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> +</table> +<p id="footer">package-lock.json — npm@5.0.0</p> diff --git a/deps/npm/html/doc/files/package.json.html b/deps/npm/html/doc/files/package.json.html index bf65afd5e5..7d6ed1c78a 100644 --- a/deps/npm/html/doc/files/package.json.html +++ b/deps/npm/html/doc/files/package.json.html @@ -586,5 +586,5 @@ ignored.</p> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">package.json — npm@5.0.0-beta.56</p> +<p id="footer">package.json — npm@5.0.0</p> diff --git a/deps/npm/html/doc/index.html b/deps/npm/html/doc/index.html index 39f5d8e028..75891616b8 100644 --- a/deps/npm/html/doc/index.html +++ b/deps/npm/html/doc/index.html @@ -91,7 +91,7 @@ <h3 id="npm-search-1-"><a href="cli/npm-search.html">npm-search(1)</a></h3> <p>Search for packages</p> <h3 id="npm-shrinkwrap-1-"><a href="cli/npm-shrinkwrap.html">npm-shrinkwrap(1)</a></h3> -<p>Lock down dependency versions</p> +<p>Lock down dependency versions for publication</p> <h3 id="npm-star-1-"><a href="cli/npm-star.html">npm-star(1)</a></h3> <p>Mark your favorite packages</p> <h3 id="npm-stars-1-"><a href="cli/npm-stars.html">npm-stars(1)</a></h3> @@ -122,8 +122,14 @@ <p>File system structures npm uses</p> <h3 id="npm-folders-5-"><a href="files/npm-folders.html">npm-folders(5)</a></h3> <p>Folder Structures Used by npm</p> +<h3 id="npm-package-locks-5-"><a href="files/npm-package-locks.html">npm-package-locks(5)</a></h3> +<p>An explanation of npm lockfiles</p> +<h3 id="npm-shrinkwrap-json-5-"><a href="files/npm-shrinkwrap.json.html">npm-shrinkwrap.json(5)</a></h3> +<p>A publishable lockfile</p> <h3 id="npmrc-5-"><a href="files/npmrc.html">npmrc(5)</a></h3> <p>The npm config files</p> +<h3 id="package-lock-json-5-"><a href="files/package-lock.json.html">package-lock.json(5)</a></h3> +<p>A manifestation of the manifest</p> <h3 id="package-json-5-"><a href="files/package.json.html">package.json(5)</a></h3> <p>Specifics of npm's package.json handling</p> <h2 id="misc">Misc</h2> @@ -162,5 +168,5 @@ <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-index — npm@5.0.0-beta.56</p> +<p id="footer">npm-index — npm@5.0.0</p> diff --git a/deps/npm/html/doc/misc/npm-coding-style.html b/deps/npm/html/doc/misc/npm-coding-style.html index 77e6735e7d..0048979e90 100644 --- a/deps/npm/html/doc/misc/npm-coding-style.html +++ b/deps/npm/html/doc/misc/npm-coding-style.html @@ -153,5 +153,5 @@ set to anything."</p> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-coding-style — npm@5.0.0-beta.56</p> +<p id="footer">npm-coding-style — npm@5.0.0</p> diff --git a/deps/npm/html/doc/misc/npm-config.html b/deps/npm/html/doc/misc/npm-config.html index 78e9569e5b..bed7aa0736 100644 --- a/deps/npm/html/doc/misc/npm-config.html +++ b/deps/npm/html/doc/misc/npm-config.html @@ -61,6 +61,7 @@ internal to npm, and are defaults if nothing else is specified.</p> <li><code>-f</code>: <code>--force</code></li> <li><code>-desc</code>: <code>--description</code></li> <li><code>-S</code>: <code>--save</code></li> +<li><code>-P</code>: <code>--save-prod</code></li> <li><code>-D</code>: <code>--save-dev</code></li> <li><code>-O</code>: <code>--save-optional</code></li> <li><code>-B</code>: <code>--save-bundle</code></li> @@ -586,6 +587,14 @@ installed.</p> <p>Attempt to install packages in the <code>optionalDependencies</code> object. Note that if these packages fail to install, the overall installation process is not aborted.</p> +<h3 id="package-lock">package-lock</h3> +<ul> +<li>Default: true</li> +<li>Type: Boolean</li> +</ul> +<p>If set to false, then ignore <code>package-lock.json</code> files when installing. This +will also prevent <em>writing</em> <code>package-lock.json</code> if <code>save</code> is true.</p> +<p>This option is an alias for <code>--shrinkwrap</code>.</p> <h3 id="parseable">parseable</h3> <ul> <li>Default: false</li> @@ -689,6 +698,16 @@ object.</p> <code>bundleDependencies</code> list.</p> <p>When used with the <code>npm rm</code> command, it removes it from the bundledDependencies list.</p> +<h3 id="save-prod">save-prod</h3> +<ul> +<li>Default: false</li> +<li>Type: Boolean</li> +</ul> +<p>Makes sure that a package will be saved into <code>dependencies</code> specifically. This +is useful if a package already exists in <code>devDependencies</code> or +<code>optionalDependencies</code>, but you want to move it to be a production dep. This is +also the default behavior if <code>--save</code> is true, and neither <code>--save-dev</code> or +<code>--save-optional</code> are true.</p> <h3 id="save-dev">save-dev</h3> <ul> <li>Default: false</li> @@ -800,8 +819,9 @@ Windows</li> <li>Default: true</li> <li>Type: Boolean</li> </ul> -<p>If set to false, then ignore <code>npm-shrinkwrap.json</code> files when -installing.</p> +<p>If set to false, then ignore <code>npm-shrinkwrap.json</code> files when installing. This +will also prevent <em>writing</em> <code>npm-shrinkwrap.json</code> if <code>save</code> is true.</p> +<p>This option is an alias for <code>--package-lock</code>.</p> <h3 id="sign-git-tag">sign-git-tag</h3> <ul> <li>Default: false</li> @@ -961,5 +981,5 @@ exit successfully.</p> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-config — npm@5.0.0-beta.56</p> +<p id="footer">npm-config — npm@5.0.0</p> diff --git a/deps/npm/html/doc/misc/npm-developers.html b/deps/npm/html/doc/misc/npm-developers.html index 52d1464490..d87e8c05fc 100644 --- a/deps/npm/html/doc/misc/npm-developers.html +++ b/deps/npm/html/doc/misc/npm-developers.html @@ -194,5 +194,5 @@ from a fresh checkout.</p> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-developers — npm@5.0.0-beta.56</p> +<p id="footer">npm-developers — npm@5.0.0</p> diff --git a/deps/npm/html/doc/misc/npm-disputes.html b/deps/npm/html/doc/misc/npm-disputes.html index f57404e375..e5d95529e6 100644 --- a/deps/npm/html/doc/misc/npm-disputes.html +++ b/deps/npm/html/doc/misc/npm-disputes.html @@ -20,7 +20,7 @@ Conduct.</p> <h2 id="tl-dr">TL;DR</h2> <ol> <li>Get the author email with <code>npm owner ls <pkgname></code></li> -<li>Email the author, CC <a href="mailto:support@npmjs.com">support@npmjs.com</a></li> +<li>Email the author, CC <a href="mailto:support@npmjs.com">support@npmjs.com</a></li> <li>After a few weeks, if there's no resolution, we'll sort it out.</li> </ol> <p>Don't squat on package names. Publish code or move out of the way.</p> @@ -55,12 +55,12 @@ because Yusuf's <code>foo</code> is in the way.</p> </li> <li>Alice emails Yusuf, explaining the situation <strong>as respectfully as possible</strong>, and what she would like to do with the module name. She adds the npm support -staff <a href="mailto:support@npmjs.com">support@npmjs.com</a> to the CC list of the email. Mention in the email +staff <a href="mailto:support@npmjs.com">support@npmjs.com</a> to the CC list of the email. Mention in the email that Yusuf can run npm owner <code>add alice foo</code> to add Alice as an owner of the foo package.</li> <li>After a reasonable amount of time, if Yusuf has not responded, or if Yusuf and Alice can't come to any sort of resolution, email support -<a href="mailto:support@npmjs.com">support@npmjs.com</a> and we'll sort it out. ("Reasonable" is usually at least +<a href="mailto:support@npmjs.com">support@npmjs.com</a> and we'll sort it out. ("Reasonable" is usually at least 4 weeks.)</li> </ol> <h2 id="reasoning">REASONING</h2> @@ -96,12 +96,12 @@ application database or otherwise putting non-packagey things into it.</li> <a href="https://www.npmjs.com/policies/conduct">Code of Conduct</a> such as hateful language, pornographic content, or harassment.</li> </ol> -<p>If you see bad behavior like this, please report it to <a href="mailto:abuse@npmjs.com">abuse@npmjs.com</a> right +<p>If you see bad behavior like this, please report it to <a href="mailto:abuse@npmjs.com">abuse@npmjs.com</a> right away. <strong>You are never expected to resolve abusive behavior on your own. We are here to help.</strong></p> <h2 id="trademarks">TRADEMARKS</h2> <p>If you think another npm publisher is infringing your trademark, such as by -using a confusingly similar package name, email <a href="mailto:abuse@npmjs.com">abuse@npmjs.com</a> with a link to +using a confusingly similar package name, email <a href="mailto:abuse@npmjs.com">abuse@npmjs.com</a> with a link to the package or user account on <a href="https://npmjs.com">https://npmjs.com</a>. Attach a copy of your trademark registration certificate.</p> <p>If we see that the package's publisher is intentionally misleading others by @@ -134,5 +134,5 @@ License.</p> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-disputes — npm@5.0.0-beta.56</p> +<p id="footer">npm-disputes — npm@5.0.0</p> diff --git a/deps/npm/html/doc/misc/npm-index.html b/deps/npm/html/doc/misc/npm-index.html index c2bd8c3574..75956cc368 100644 --- a/deps/npm/html/doc/misc/npm-index.html +++ b/deps/npm/html/doc/misc/npm-index.html @@ -91,7 +91,7 @@ <h3 id="npm-search-1-"><a href="../cli/npm-search.html">npm-search(1)</a></h3> <p>Search for packages</p> <h3 id="npm-shrinkwrap-1-"><a href="../cli/npm-shrinkwrap.html">npm-shrinkwrap(1)</a></h3> -<p>Lock down dependency versions</p> +<p>Lock down dependency versions for publication</p> <h3 id="npm-star-1-"><a href="../cli/npm-star.html">npm-star(1)</a></h3> <p>Mark your favorite packages</p> <h3 id="npm-stars-1-"><a href="../cli/npm-stars.html">npm-stars(1)</a></h3> @@ -122,8 +122,14 @@ <p>File system structures npm uses</p> <h3 id="npm-folders-5-"><a href="../files/npm-folders.html">npm-folders(5)</a></h3> <p>Folder Structures Used by npm</p> +<h3 id="npm-package-locks-5-"><a href="../files/npm-package-locks.html">npm-package-locks(5)</a></h3> +<p>An explanation of npm lockfiles</p> +<h3 id="npm-shrinkwrap-json-5-"><a href="../files/npm-shrinkwrap.json.html">npm-shrinkwrap.json(5)</a></h3> +<p>A publishable lockfile</p> <h3 id="npmrc-5-"><a href="../files/npmrc.html">npmrc(5)</a></h3> <p>The npm config files</p> +<h3 id="package-lock-json-5-"><a href="../files/package-lock.json.html">package-lock.json(5)</a></h3> +<p>A manifestation of the manifest</p> <h3 id="package-json-5-"><a href="../files/package.json.html">package.json(5)</a></h3> <p>Specifics of npm's package.json handling</p> <h2 id="misc">Misc</h2> @@ -162,5 +168,5 @@ <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-index — npm@5.0.0-beta.56</p> +<p id="footer">npm-index — npm@5.0.0</p> diff --git a/deps/npm/html/doc/misc/npm-orgs.html b/deps/npm/html/doc/misc/npm-orgs.html index 75c1850cc2..1c769d1495 100644 --- a/deps/npm/html/doc/misc/npm-orgs.html +++ b/deps/npm/html/doc/misc/npm-orgs.html @@ -86,5 +86,5 @@ <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-orgs — npm@5.0.0-beta.56</p> +<p id="footer">npm-orgs — npm@5.0.0</p> diff --git a/deps/npm/html/doc/misc/npm-registry.html b/deps/npm/html/doc/misc/npm-registry.html index 99e4d75926..aca3dc550c 100644 --- a/deps/npm/html/doc/misc/npm-registry.html +++ b/deps/npm/html/doc/misc/npm-registry.html @@ -90,5 +90,5 @@ effectively implement the entire CouchDB API anyway.</p> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-registry — npm@5.0.0-beta.56</p> +<p id="footer">npm-registry — npm@5.0.0</p> diff --git a/deps/npm/html/doc/misc/npm-scope.html b/deps/npm/html/doc/misc/npm-scope.html index 481e367a0d..f15285ba78 100644 --- a/deps/npm/html/doc/misc/npm-scope.html +++ b/deps/npm/html/doc/misc/npm-scope.html @@ -99,5 +99,5 @@ that registry instead.</p> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-scope — npm@5.0.0-beta.56</p> +<p id="footer">npm-scope — npm@5.0.0</p> diff --git a/deps/npm/html/doc/misc/npm-scripts.html b/deps/npm/html/doc/misc/npm-scripts.html index be6269f081..976695a05c 100644 --- a/deps/npm/html/doc/misc/npm-scripts.html +++ b/deps/npm/html/doc/misc/npm-scripts.html @@ -15,14 +15,20 @@ following scripts:</p> <ul> <li>prepublish: -Run BEFORE the package is published. (Also run on local <code>npm -install</code> without any arguments. See below.)</li> +Run BEFORE the package is packed and published, as well as on local <code>npm +install</code> without any arguments. (See below)</li> <li>prepare: -Run both BEFORE the package is published, and on local <code>npm -install</code> without any arguments. (See below.) This is run +Run both BEFORE the package is packed and published, and on local <code>npm +install</code> without any arguments (See below). This is run AFTER <code>prepublish</code>, but BEFORE <code>prepublishOnly</code>.</li> <li>prepublishOnly: -Run BEFORE the package is published. (See below.)</li> +Run BEFORE the package is prepared and packed, ONLY on <code>npm publish</code>. (See +below.)</li> +<li>prepack: +run BEFORE a tarball is packed (on <code>npm pack</code>, <code>npm publish</code>, and when +installing git dependencies)</li> +<li>postpack: +Run AFTER the tarball has been generated and moved to its final destination.</li> <li>publish, postpublish: Run AFTER the package is published.</li> <li>preinstall: @@ -237,5 +243,5 @@ scripts is for compilation which must be done on the target architecture.</li> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-scripts — npm@5.0.0-beta.56</p> +<p id="footer">npm-scripts — npm@5.0.0</p> diff --git a/deps/npm/html/doc/misc/removing-npm.html b/deps/npm/html/doc/misc/removing-npm.html index 532c44588d..8a7a51e4b0 100644 --- a/deps/npm/html/doc/misc/removing-npm.html +++ b/deps/npm/html/doc/misc/removing-npm.html @@ -57,5 +57,5 @@ modules. To track those down, you can do the following:</p> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">removing-npm — npm@5.0.0-beta.56</p> +<p id="footer">removing-npm — npm@5.0.0</p> diff --git a/deps/npm/html/doc/misc/semver.html b/deps/npm/html/doc/misc/semver.html index 80827586f1..5a8b556bca 100644 --- a/deps/npm/html/doc/misc/semver.html +++ b/deps/npm/html/doc/misc/semver.html @@ -325,5 +325,5 @@ range, use the <code>satisfies(version, range)</code> function.</p> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">semver — npm@5.0.0-beta.56</p> +<p id="footer">semver — npm@5.0.0</p> diff --git a/deps/npm/lib/config/cmd-list.js b/deps/npm/lib/config/cmd-list.js index a1abe80fb0..c54d105247 100644 --- a/deps/npm/lib/config/cmd-list.js +++ b/deps/npm/lib/config/cmd-list.js @@ -37,6 +37,7 @@ var affordances = { 'info': 'view', 'show': 'view', 'find': 'search', + 'add': 'install', 'unlink': 'uninstall', 'remove': 'uninstall', 'rm': 'uninstall', diff --git a/deps/npm/lib/config/defaults.js b/deps/npm/lib/config/defaults.js index 517d82ae1e..da019ac4d6 100644 --- a/deps/npm/lib/config/defaults.js +++ b/deps/npm/lib/config/defaults.js @@ -178,6 +178,7 @@ Object.defineProperty(exports, 'defaults', {get: function () { 'onload-script': false, only: null, optional: true, + 'package-lock': true, parseable: false, 'prefer-offline': false, 'prefer-online': false, @@ -200,6 +201,7 @@ Object.defineProperty(exports, 'defaults', {get: function () { 'save-exact': false, 'save-optional': false, 'save-prefix': '^', + 'save-prod': false, scope: '', 'scripts-prepend-node-path': 'warn-only', searchopts: '', @@ -304,6 +306,7 @@ exports.types = { 'onload-script': [null, String], only: [null, 'dev', 'development', 'prod', 'production'], optional: Boolean, + 'package-lock': Boolean, parseable: Boolean, 'prefer-offline': Boolean, 'prefer-online': Boolean, @@ -321,6 +324,7 @@ exports.types = { 'save-exact': Boolean, 'save-optional': Boolean, 'save-prefix': String, + 'save-prod': Boolean, scope: String, 'scripts-prepend-node-path': [false, true, 'auto', 'warn-only'], searchopts: String, @@ -404,6 +408,7 @@ exports.shorthands = { D: ['--save-dev'], E: ['--save-exact'], O: ['--save-optional'], + P: ['--save-prod'], y: ['--yes'], n: ['--no-yes'], B: ['--save-bundle'], diff --git a/deps/npm/lib/config/pacote.js b/deps/npm/lib/config/pacote.js index 13b7b53f52..705544fe3c 100644 --- a/deps/npm/lib/config/pacote.js +++ b/deps/npm/lib/config/pacote.js @@ -1,25 +1,24 @@ 'use strict' -const BB = require('bluebird') +const Buffer = require('safe-buffer').Buffer -const cp = require('child_process') const npm = require('../npm') const log = require('npmlog') -const packToStream = require('../utils/tar').packToStream +let pack const path = require('path') -const pipe = BB.promisify(require('mississippi').pipe) -const readJson = BB.promisify(require('read-package-json')) -const PassThrough = require('stream').PassThrough let effectiveOwner module.exports = pacoteOpts function pacoteOpts (moreOpts) { + if (!pack) { + pack = require('../pack.js') + } const ownerStats = calculateOwner() const opts = { cache: path.join(npm.config.get('cache'), '_cacache'), defaultTag: npm.config.get('tag'), - dirPacker: prepareAndPack, + dirPacker: pack.packGitDep, hashAlgorithm: 'sha1', localAddress: npm.config.get('local-address'), log: log, @@ -44,17 +43,34 @@ function pacoteOpts (moreOpts) { } if (ownerStats.uid || ownerStats.gid) { - Object.assign(opts, ownerStats, { - cacheUid: ownerStats.uid, - cacheGid: ownerStats.gid - }) + Object.assign(opts, ownerStats) } npm.config.keys.forEach(function (k) { - if (k[0] === '/' && k.match(/.*:_authToken$/)) { + const authMatch = k[0] === '/' && k.match( + /(.*):(_authToken|username|_password|password|email|always-auth)$/ + ) + if (authMatch) { + const nerfDart = authMatch[1] + const key = authMatch[2] + const val = npm.config.get(k) if (!opts.auth) { opts.auth = {} } - opts.auth[k.replace(/:_authToken$/, '')] = { - token: npm.config.get(k) + if (!opts.auth[nerfDart]) { + opts.auth[nerfDart] = { + alwaysAuth: !!npm.config.get('always-auth') + } + } + if (key === '_authToken') { + opts.auth[nerfDart].token = val + } else if (key.match(/password$/i)) { + opts.auth[nerfDart].password = + // the config file stores password auth already-encoded. pacote expects + // the actual username/password pair. + Buffer.from(val, 'base64').toString('utf8') + } else if (key === 'always-auth') { + opts.auth[nerfDart].alwaysAuth = val === 'false' ? false : !!val + } else { + opts.auth[nerfDart][key] = val } } if (k[0] === '@') { @@ -90,86 +106,3 @@ function calculateOwner () { return effectiveOwner } - -const PASSTHROUGH_OPTS = [ - 'always-auth', - 'auth-type', - 'ca', - 'cafile', - 'cert', - 'git', - 'local-address', - 'maxsockets', - 'offline', - 'prefer-offline', - 'prefer-online', - 'proxy', - 'https-proxy', - 'registry', - 'send-metrics', - 'sso-poll-frequency', - 'sso-type', - 'strict-ssl' -] - -function prepareAndPack (manifest, dir) { - const stream = new PassThrough() - readJson(path.join(dir, 'package.json')).then((pkg) => { - if (pkg.scripts && pkg.scripts.prepare) { - log.verbose('prepareGitDep', `${manifest._spec}: installing devDeps and running prepare script.`) - const cliArgs = PASSTHROUGH_OPTS.reduce((acc, opt) => { - if (npm.config.get(opt, 'cli') != null) { - acc.push(`--${opt}=${npm.config.get(opt)}`) - } - return acc - }, []) - const child = cp.spawn(process.env.NODE || process.execPath, [ - require.main.filename, - 'install', - '--ignore-prepublish', - '--no-progress', - '--no-save' - ].concat(cliArgs), { - cwd: dir, - env: process.env - }) - let errData = [] - let errDataLen = 0 - let outData = [] - let outDataLen = 0 - child.stdout.on('data', (data) => { - outData.push(data) - outDataLen += data.length - log.gauge.pulse('preparing git package') - }) - child.stderr.on('data', (data) => { - errData.push(data) - errDataLen += data.length - log.gauge.pulse('preparing git package') - }) - return BB.fromNode((cb) => { - child.on('error', cb) - child.on('exit', (code, signal) => { - if (code > 0) { - const err = new Error(`${signal}: npm exited with code ${code} while attempting to build ${manifest._requested}. Clone the repository manually and run 'npm install' in it for more information.`) - err.code = code - err.signal = signal - cb(err) - } else { - cb() - } - }) - }).then(() => { - if (outDataLen > 0) log.silly('prepareGitDep', '1>', Buffer.concat(outData, outDataLen).toString()) - if (errDataLen > 0) log.silly('prepareGitDep', '2>', Buffer.concat(errData, errDataLen).toString()) - }, (err) => { - if (outDataLen > 0) log.error('prepareGitDep', '1>', Buffer.concat(outData, outDataLen).toString()) - if (errDataLen > 0) log.error('prepareGitDep', '2>', Buffer.concat(errData, errDataLen).toString()) - throw err - }) - } - }).then(() => { - return pipe(packToStream(manifest, dir), stream) - }).catch((err) => stream.emit('error', err)) - return stream -} diff --git a/deps/npm/lib/fetch-package-metadata.js b/deps/npm/lib/fetch-package-metadata.js index 45d6acbfae..cca6dc64f4 100644 --- a/deps/npm/lib/fetch-package-metadata.js +++ b/deps/npm/lib/fetch-package-metadata.js @@ -12,7 +12,7 @@ const npmlog = require('npmlog') const limit = require('call-limit') const tempFilename = require('./utils/temp-filename') const pacote = require('pacote') -const pacoteOpts = require('./config/pacote') +let pacoteOpts const isWindows = require('./utils/is-windows.js') function andLogAndFinish (spec, tracker, done) { @@ -52,7 +52,9 @@ function fetchPackageMetadata (spec, where, opts, done) { err.code = 'EWINDOWSPATH' return logAndFinish(err) } - + if (!pacoteOpts) { + pacoteOpts = require('./config/pacote') + } pacote.manifest(dep, pacoteOpts({ annotate: true, fullMetadata: opts.fullMetadata, @@ -83,6 +85,9 @@ function fetchPackageMetadata (spec, where, opts, done) { module.exports.addBundled = addBundled function addBundled (pkg, next) { validate('OF', arguments) + if (!pacoteOpts) { + pacoteOpts = require('./config/pacote') + } if (pkg._bundled !== undefined) return next(null, pkg) if (!pkg.bundleDependencies && pkg._requested.type !== 'directory') return next(null, pkg) diff --git a/deps/npm/lib/install.js b/deps/npm/lib/install.js index c567f624f9..5d111b32c8 100644 --- a/deps/npm/lib/install.js +++ b/deps/npm/lib/install.js @@ -29,7 +29,7 @@ install.usage = usage( '\nnpm install <tarball url>' + '\nnpm install <git:// url>' + '\nnpm install <github username>/<github project>', - '[--save|--save-dev|--save-optional] [--save-exact]' + '[--save-prod|--save-dev|--save-optional] [--save-exact] [--no-save]' ) install.completion = function (opts, cb) { @@ -98,6 +98,7 @@ var path = require('path') // dependencies var log = require('npmlog') var readPackageTree = require('read-package-tree') +var readPackageJson = require('read-package-json') var chain = require('slide').chain var asyncMap = require('slide').asyncMap var archy = require('archy') @@ -137,10 +138,11 @@ var doReverseSerialActions = require('./install/actions.js').doReverseSerial var doParallelActions = require('./install/actions.js').doParallel var doOneAction = require('./install/actions.js').doOne var removeObsoleteDep = require('./install/deps.js').removeObsoleteDep +var removeExtraneous = require('./install/deps.js').removeExtraneous +var computeVersionSpec = require('./install/deps.js').computeVersionSpec var packageId = require('./utils/package-id.js') var moduleName = require('./utils/module-name.js') var errorMessage = require('./utils/error-message.js') -var removeDeps = require('./install/deps.js').removeDeps var isExtraneous = require('./install/is-extraneous.js') function unlockCB (lockPath, name, cb) { @@ -202,6 +204,11 @@ function Installer (where, dryrun, args) { this.where = where this.dryrun = dryrun this.args = args + // fakechildren are children created from the lockfile and lack relationship data + // the only exist when the tree does not match the lockfile + // this is fine when doing full tree installs/updates but not ok when modifying only + // a few deps via `npm install` or `npm uninstall`. + this.fakeChildren = true this.currentTree = null this.idealTree = null this.differences = [] @@ -245,6 +252,11 @@ Installer.prototype.run = function (_cb) { var installSteps = [] var postInstallSteps = [] + if (!this.dryrun) { + installSteps.push( + [this.newTracker(log, 'runTopLevelLifecycles', 2)], + [this, this.runPreinstallTopLevelLifecycles]) + } installSteps.push( [this.newTracker(log, 'loadCurrentTree', 4)], [this, this.loadCurrentTree], @@ -265,9 +277,6 @@ Installer.prototype.run = function (_cb) { [this, this.debugActions, 'decomposeActions', 'todo']) if (!this.dryrun) { installSteps.push( - [this.newTracker(log, 'runTopLevelLifecycles', 2)], - [this, this.runPreinstallTopLevelLifecycles], - [this.newTracker(log, 'executeActions', 8)], [this, this.executeActions], [this, this.finishTracker, 'executeActions']) @@ -313,9 +322,9 @@ Installer.prototype.run = function (_cb) { } Installer.prototype.loadArgMetadata = function (next) { - var self = this - getAllMetadata(this.args, this.currentTree, process.cwd(), iferr(next, function (args) { - self.args = args + getAllMetadata(this.args, this.currentTree, process.cwd(), iferr(next, (args) => { + this.args = args + if (args.length) this.fakeChildren = false next() })) } @@ -354,6 +363,14 @@ var flatNameFromTree = require('./install/flatten-tree.js').flatNameFromTree Installer.prototype.normalizeCurrentTree = function (cb) { this.currentTree.isTop = true normalizeTree(this.currentTree) + // If the user didn't have a package.json then fill in deps with what was on disk + if (this.currentTree.error) { + for (let child of this.currentTree.children) { + if (!child.fakeChild && isExtraneous(child)) { + this.currentTree.package.dependencies[child.package.name] = computeVersionSpec(this.currentTree, child) + } + } + } return cb() function normalizeTree (tree) { @@ -386,9 +403,9 @@ Installer.prototype.loadIdealTree = function (cb) { Installer.prototype.pruneIdealTree = function (cb) { var toPrune = this.idealTree.children - .filter((n) => !n.fromShrinkwrap && isExtraneous(n)) + .filter((n) => !n.fakeChild && isExtraneous(n)) .map((n) => ({name: moduleName(n)})) - return removeDeps(toPrune, this.idealTree, null, log.newGroup('pruneDeps'), cb) + return removeExtraneous(toPrune, this.idealTree, cb) } Installer.prototype.loadAllDepsIntoIdealTree = function (cb) { @@ -400,14 +417,14 @@ Installer.prototype.loadAllDepsIntoIdealTree = function (cb) { var installNewModules = !!this.args.length var steps = [] + const depsToPreload = Object.assign({}, + this.dev ? this.idealTree.package.devDependencies : {}, + this.prod ? this.idealTree.package.dependencies : {} + ) if (installNewModules) { steps.push([validateArgs, this.idealTree, this.args]) steps.push([loadRequestedDeps, this.args, this.idealTree, saveDeps, cg.newGroup('loadRequestedDeps')]) } else { - const depsToPreload = Object.assign({}, - this.dev ? this.idealTree.package.devDependencies : {}, - this.prod ? this.idealTree.package.dependencies : {} - ) if (this.prod || this.dev) { steps.push( [prefetchDeps, this.idealTree, depsToPreload, cg.newGroup('prefetchDeps')]) @@ -549,13 +566,16 @@ Installer.prototype.runPreinstallTopLevelLifecycles = function (cb) { if (this.failing) return cb() if (!this.topLevelLifecycles) return cb() log.silly('install', 'runPreinstallTopLevelLifecycles') - var steps = [] - var trackLifecycle = this.progress.runTopLevelLifecycles - steps.push( - [doOneAction, 'preinstall', this.idealTree.path, this.idealTree, trackLifecycle.newGroup('preinstall:.')] - ) - chain(steps, cb) + readPackageJson(path.join(this.where, 'package.json'), log, false, (err, data) => { + if (err) return cb() + this.currentTree = createNode({ + isTop: true, + package: data, + path: this.where + }) + doOneAction('preinstall', this.where, this.currentTree, log.newGroup('preinstall:.'), cb) + }) } Installer.prototype.runPostinstallTopLevelLifecycles = function (cb) { @@ -581,7 +601,7 @@ Installer.prototype.saveToDependencies = function (cb) { validate('F', arguments) if (this.failing) return cb() log.silly('install', 'saveToDependencies') - saveRequested(this.args, this.idealTree, cb) + saveRequested(this.idealTree, cb) } Installer.prototype.readGlobalPackageData = function (cb) { @@ -655,7 +675,7 @@ function isLink (child) { Installer.prototype.loadShrinkwrap = function (cb) { validate('F', arguments) log.silly('install', 'loadShrinkwrap') - readShrinkwrap.andInflate(this.idealTree, cb) + readShrinkwrap.andInflate(this.idealTree, {fakeChildren: this.fakeChildren}, cb) } Installer.prototype.getInstalledModules = function () { @@ -693,21 +713,22 @@ Installer.prototype.printInstalled = function (cb) { validate('F', arguments) if (this.failing) return cb() log.silly('install', 'printInstalled') + const diffs = this.differences.concat((this.idealTree.removedChildren || []).map((r) => ['remove', r])) if (npm.config.get('json')) { - return this.printInstalledForJSON(cb) + return this.printInstalledForJSON(diffs, cb) } else if (npm.config.get('parseable')) { - return this.printInstalledForParseable(cb) + return this.printInstalledForParseable(diffs, cb) } else { - return this.printInstalledForHuman(cb) + return this.printInstalledForHuman(diffs, cb) } } -Installer.prototype.printInstalledForHuman = function (cb) { +Installer.prototype.printInstalledForHuman = function (diffs, cb) { var removed = 0 var added = 0 var updated = 0 var moved = 0 - this.differences.forEach(function (action) { + diffs.forEach(function (action) { var mutation = action[0] if (mutation === 'remove') { ++removed @@ -743,7 +764,7 @@ Installer.prototype.printInstalledForHuman = function (cb) { } } -Installer.prototype.printInstalledForJSON = function (cb) { +Installer.prototype.printInstalledForJSON = function (diffs, cb) { var result = { added: [], removed: [], @@ -764,7 +785,7 @@ Installer.prototype.printInstalledForJSON = function (cb) { } result.warnings.push(message) }) - this.differences.forEach(function (action) { + diffs.forEach(function (action) { var mutation = action[0] var child = action[1] var record = recordAction(action) @@ -805,9 +826,9 @@ Installer.prototype.printInstalledForJSON = function (cb) { } } -Installer.prototype.printInstalledForParseable = function (cb) { +Installer.prototype.printInstalledForParseable = function (diffs, cb) { var self = this - this.differences.forEach(function (action) { + diffs.forEach(function (action) { var mutation = action[0] var child = action[1] if (mutation === 'move') { @@ -819,7 +840,7 @@ Installer.prototype.printInstalledForParseable = function (cb) { mutation + '\t' + moduleName(child) + '\t' + (child.package ? child.package.version : '') + '\t' + - path.relative(self.where, child.path) + '\t' + + (child.path ? path.relative(self.where, child.path) : '') + '\t' + (previousVersion || '') + '\t' + (previousPath || '')) }) diff --git a/deps/npm/lib/install/action/extract.js b/deps/npm/lib/install/action/extract.js index 7839177850..437d7e57f7 100644 --- a/deps/npm/lib/install/action/extract.js +++ b/deps/npm/lib/install/action/extract.js @@ -10,22 +10,19 @@ const moduleName = require('../../utils/module-name.js') const moduleStagingPath = require('../module-staging-path.js') const move = BB.promisify(require('../../utils/move.js')) const npa = require('npm-package-arg') -const npm = require('../../npm.js') const packageId = require('../../utils/package-id.js') const pacote = require('pacote') -const pacoteOpts = require('../../config/pacote') +let pacoteOpts const path = require('path') module.exports = extract function extract (staging, pkg, log) { log.silly('extract', packageId(pkg)) - const up = npm.config.get('unsafe-perm') - const user = up ? null : npm.config.get('user') - const group = up ? null : npm.config.get('group') const extractTo = moduleStagingPath(staging, pkg) + if (!pacoteOpts) { + pacoteOpts = require('../../config/pacote') + } const opts = pacoteOpts({ - uid: user, - gid: group, integrity: pkg.package._integrity }) return pacote.extract( diff --git a/deps/npm/lib/install/action/finalize.js b/deps/npm/lib/install/action/finalize.js index 1e86475710..ba38e602f8 100644 --- a/deps/npm/lib/install/action/finalize.js +++ b/deps/npm/lib/install/action/finalize.js @@ -23,10 +23,11 @@ module.exports = function (staging, pkg, log) { const requested = pkg.package._requested || getRequested(pkg) if (requested.type === 'directory') { + const relative = path.relative(path.dirname(pkg.path), pkg.realpath) return makeParentPath(pkg.path) - .then(() => symlink(pkg.realpath, pkg.path, 'junction')) + .then(() => symlink(relative, pkg.path, 'junction')) .catch((ex) => { - return rimraf(pkg.path).then(() => symlink(pkg.realpath, pkg.path, 'junction')) + return rimraf(pkg.path).then(() => symlink(relative, pkg.path, 'junction')) }) } else { return makeParentPath(pkg.realpath) diff --git a/deps/npm/lib/install/action/preinstall.js b/deps/npm/lib/install/action/preinstall.js index a6f85b0a5a..a16082ef73 100644 --- a/deps/npm/lib/install/action/preinstall.js +++ b/deps/npm/lib/install/action/preinstall.js @@ -1,9 +1,8 @@ 'use strict' var lifecycle = require('../../utils/lifecycle.js') var packageId = require('../../utils/package-id.js') -var moduleStagingPath = require('../module-staging-path.js') module.exports = function (staging, pkg, log, next) { log.silly('preinstall', packageId(pkg)) - lifecycle(pkg.package, 'preinstall', moduleStagingPath(staging, pkg), false, false, next) + lifecycle(pkg.package, 'preinstall', pkg.path, false, false, next) } diff --git a/deps/npm/lib/install/action/refresh-package-json.js b/deps/npm/lib/install/action/refresh-package-json.js index 337be0caf2..6910803451 100644 --- a/deps/npm/lib/install/action/refresh-package-json.js +++ b/deps/npm/lib/install/action/refresh-package-json.js @@ -10,13 +10,13 @@ module.exports = function (staging, pkg, log) { return readJson(path.join(pkg.path, 'package.json'), false).then((metadata) => { Object.keys(pkg.package).forEach(function (key) { - if (key !== '_injectedFromShrinkwrap' && !isEmpty(pkg.package[key])) { + if (!isEmpty(pkg.package[key])) { metadata[key] = pkg.package[key] - if (key === '_resolved' && metadata[key] == null && pkg.package._injectedFromShrinkwrap) { - metadata[key] = pkg.package._injectedFromShrinkwrap.resolved - } } }) + if (metadata._resolved == null && pkg.fakeChild) { + metadata._resolved = pkg.fakeChild.resolved + } // These two sneak in and it's awful delete metadata.readme delete metadata.readmeFilename diff --git a/deps/npm/lib/install/deps.js b/deps/npm/lib/install/deps.js index 3f3433535f..c0fe905d4b 100644 --- a/deps/npm/lib/install/deps.js +++ b/deps/npm/lib/install/deps.js @@ -183,7 +183,9 @@ function packageRelativePath (tree) { if (!tree) return '' var requested = tree.package._requested || {} var isLocal = requested.type === 'directory' || requested.type === 'file' - return isLocal ? requested.fetchSpec : tree.path + return isLocal ? requested.fetchSpec + : (tree.isLink || tree.isInLink) && !preserveSymlinks() ? tree.realpath + : tree.path } function matchingDep (tree, name) { @@ -227,14 +229,24 @@ exports.loadRequestedDeps = function (args, tree, saveToDependencies, log, next) } var childName = moduleName(child) child.saveSpec = computeVersionSpec(tree, child) - if (saveToDependencies) { - tree.package[getSaveType(tree, child)][childName] = child.saveSpec - } - if (getSaveType(tree, child) === 'optionalDependencies') { - tree.package.dependencies[childName] = child.saveSpec - } child.userRequired = true - child.save = saveToDependencies + child.save = getSaveType(tree, child) + const types = ['dependencies', 'devDependencies', 'optionalDependencies'] + if (child.save) { + tree.package[child.save][childName] = child.saveSpec + // Astute readers might notice that this exact same code exists in + // save.js under a different guise. That code is responsible for deps + // being removed from the final written `package.json`. The removal in + // this function is specifically to prevent "installed as both X and Y" + // warnings when moving an existing dep between different dep fields. + // + // Or, try it by removing this loop, and do `npm i -P x && npm i -D x` + for (let saveType of types) { + if (child.save !== saveType) { + delete tree.package[saveType][childName] + } + } + } // For things the user asked to install, that aren't a dependency (or // won't be when we're done), flag it as "depending" on the user @@ -246,9 +258,17 @@ exports.loadRequestedDeps = function (args, tree, saveToDependencies, log, next) }, andForEachChild(loadDeps, andFinishTracker(log, next))) } +module.exports.computeVersionSpec = computeVersionSpec function computeVersionSpec (tree, child) { validate('OO', arguments) - var requested = child.package._requested + var requested + if (child.package._requested) { + requested = child.package._requested + } else if (child.package._from) { + requested = npa(child.package._from) + } else { + requested = npa.resolve(child.package.name, child.package.version) + } if (requested.registry) { var version = child.package.version var rangeDescriptor = '' @@ -275,26 +295,38 @@ function noModuleNameMatches (name) { // while this implementation does not require async calling, doing so // gives this a consistent interface with loadDeps et al -exports.removeDeps = function (args, tree, saveToDependencies, log, next) { - validate('AOOF', [args, tree, log, next]) - args.forEach(function (pkg) { +exports.removeDeps = function (args, tree, saveToDependencies, next) { + validate('AOSF|AOZF', [args, tree, saveToDependencies, next]) + for (let pkg of args) { var pkgName = moduleName(pkg) var toRemove = tree.children.filter(moduleNameMatches(pkgName)) var pkgToRemove = toRemove[0] || createChild({package: {name: pkgName}}) - if (tree.isTop) { - if (saveToDependencies) { - pkgToRemove.save = getSaveType(tree, pkg) - delete tree.package[pkgToRemove.save][pkgName] - if (pkgToRemove.save === 'optionalDependencies') { - delete tree.package.dependencies[pkgName] - } - replaceModuleByPath(tree, 'removed', pkgToRemove) + var saveType = getSaveType(tree, pkg) || 'dependencies' + if (tree.isTop && saveToDependencies) { + pkgToRemove.save = saveType + } + if (tree.package[saveType][pkgName]) { + delete tree.package[saveType][pkgName] + if (saveType === 'optionalDependencies' && tree.package.dependencies[pkgName]) { + delete tree.package.dependencies[pkgName] } - pkgToRemove.requiredBy = pkgToRemove.requiredBy.filter((parent) => parent !== tree) } - if (pkgToRemove.requiredBy.length === 0) removeObsoleteDep(pkgToRemove) - }) - log.finish() + replaceModuleByPath(tree, 'removedChildren', pkgToRemove) + for (let parent of pkgToRemove.requiredBy) { + parent.requires = parent.requires.filter((child) => child !== pkgToRemove) + } + pkgToRemove.requiredBy = pkgToRemove.requiredBy.filter((parent) => parent !== tree) + } + next() +} +exports.removeExtraneous = function (args, tree, next) { + for (let pkg of args) { + var pkgName = moduleName(pkg) + var toRemove = tree.children.filter(moduleNameMatches(pkgName)) + if (toRemove.length) { + removeObsoleteDep(toRemove[0]) + } + } next() } @@ -639,6 +671,13 @@ var findRequirement = exports.findRequirement = function (tree, name, requested, return findRequirement(tree.parent, name, requested, requestor) } +function preserveSymlinks () { + if (!('NODE_PRESERVE_SYMLINKS' in process.env)) return false + const value = process.env.NODE_PRESERVE_SYMLINKS + if (value == null || value === '' || value === 'false' || value === 'no' || value === '0') return false + return true +} + // Find the highest level in the tree that we can install this module in. // If the module isn't installed above us yet, that'd be the very top. // If it is, then it's the level below where its installed. @@ -670,7 +709,7 @@ var earliestInstallable = exports.earliestInstallable = function (requiredBy, tr var devDeps = tree.package.devDependencies || {} if (tree.isTop && devDeps[pkg.name]) { - var requested = npa.resolve(pkg.name, devDeps[pkg.name], tree.path) + var requested = childDependencySpecifier(tree, pkg.name, devDeps[pkg.name]) if (!doesChildVersionMatch({package: pkg}, requested, tree)) { return null } @@ -684,7 +723,7 @@ var earliestInstallable = exports.earliestInstallable = function (requiredBy, tr if (npm.config.get('global-style') && tree.parent.isTop) return tree if (npm.config.get('legacy-bundling')) return tree - if (!process.env.NODE_PRESERVE_SYMLINKS && /^[.][.][\\/]/.test(path.relative(tree.parent.realpath, tree.realpath))) return tree + if (!preserveSymlinks() && /^[.][.][\\/]/.test(path.relative(tree.parent.realpath, tree.realpath))) return tree return (earliestInstallable(requiredBy, tree.parent, pkg) || tree) } diff --git a/deps/npm/lib/install/inflate-shrinkwrap.js b/deps/npm/lib/install/inflate-shrinkwrap.js index 9878b0f19a..8cb75626bb 100644 --- a/deps/npm/lib/install/inflate-shrinkwrap.js +++ b/deps/npm/lib/install/inflate-shrinkwrap.js @@ -2,10 +2,10 @@ const BB = require('bluebird') -const addBundled = BB.promisify(require('../fetch-package-metadata.js').addBundled) +let addBundled const childPath = require('../utils/child-path.js') const createChild = require('./node.js').create -const fetchPackageMetadata = BB.promisify(require('../fetch-package-metadata.js')) +let fetchPackageMetadata const inflateBundled = require('./inflate-bundled.js') const moduleName = require('../utils/module-name.js') const normalizePackageData = require('normalize-package-data') @@ -14,17 +14,28 @@ const realizeShrinkwrapSpecifier = require('./realize-shrinkwrap-specifier.js') const validate = require('aproba') const path = require('path') -module.exports = function (tree, swdeps, finishInflating) { - if (!npm.config.get('shrinkwrap')) return finishInflating() +module.exports = function (tree, swdeps, opts, finishInflating) { + if (!fetchPackageMetadata) { + fetchPackageMetadata = BB.promisify(require('../fetch-package-metadata.js')) + addBundled = BB.promisify(fetchPackageMetadata.addBundled) + } + if (!npm.config.get('shrinkwrap') || !npm.config.get('package-lock')) { + return finishInflating() + } + if (arguments.length === 3) { + finishInflating = opts + opts = {} + } tree.loaded = true - return inflateShrinkwrap(tree.path, tree, swdeps).then( + return inflateShrinkwrap(tree.path, tree, swdeps, opts).then( () => finishInflating(), finishInflating ) } -function inflateShrinkwrap (topPath, tree, swdeps) { - validate('SOO', arguments) +function inflateShrinkwrap (topPath, tree, swdeps, opts) { + validate('SOO|SOOO', arguments) + if (!opts) opts = {} const onDisk = {} tree.children.forEach((child) => { onDisk[moduleName(child)] = child @@ -43,7 +54,7 @@ function inflateShrinkwrap (topPath, tree, swdeps) { const dependencies = sw.dependencies || {} const requested = realizeShrinkwrapSpecifier(name, sw, topPath) return inflatableChild( - onDisk[name], name, topPath, tree, sw, requested + onDisk[name], name, topPath, tree, sw, requested, opts ).then((child) => { return inflateShrinkwrap(topPath, child, dependencies) }) @@ -58,8 +69,8 @@ function normalizePackageDataNoErrors (pkg) { } } -function inflatableChild (onDiskChild, name, topPath, tree, sw, requested) { - validate('OSSOOO|ZSSOOO', arguments) +function inflatableChild (onDiskChild, name, topPath, tree, sw, requested, opts) { + validate('OSSOOOO|ZSSOOOO', arguments) if (onDiskChild && childIsEquivalent(sw, requested, onDiskChild)) { // The version on disk matches the shrinkwrap entry. if (!onDiskChild.fromShrinkwrap) onDiskChild.fromShrinkwrap = true @@ -77,7 +88,7 @@ function inflatableChild (onDiskChild, name, topPath, tree, sw, requested) { normalizePackageDataNoErrors(onDiskChild.package) tree.children.push(onDiskChild) return BB.resolve(onDiskChild) - } else if (sw.version && sw.integrity) { + } else if (opts.fakeChildren !== false && sw.version && sw.integrity) { // The shrinkwrap entry has an integrity field. We can fake a pkg to get // the installer to do a content-address fetch from the cache, if possible. return BB.resolve(makeFakeChild(name, topPath, tree, sw, requested)) @@ -101,8 +112,7 @@ function makeFakeChild (name, topPath, tree, sw, requested) { _from: from, _spec: requested.rawSpec, _where: topPath, - _args: [[requested.toString(), topPath]], - _injectedFromShrinkwrap: sw + _args: [[requested.toString(), topPath]] } let bundleAdded = BB.resolve() if (Object.keys(sw.dependencies || {}).some((d) => { @@ -118,6 +128,7 @@ function makeFakeChild (name, topPath, tree, sw, requested) { parent: tree, children: pkg._bundled || [], fromShrinkwrap: true, + fakeChild: sw, fromBundle: sw.bundled ? tree.fromBundle || tree : null, path: childPath(tree.path, pkg), realpath: childPath(tree.realpath, pkg), diff --git a/deps/npm/lib/install/is-extraneous.js b/deps/npm/lib/install/is-extraneous.js index f0d599965f..a6477c2374 100644 --- a/deps/npm/lib/install/is-extraneous.js +++ b/deps/npm/lib/install/is-extraneous.js @@ -6,14 +6,6 @@ function isExtraneous (tree) { return result } -function isNotRequired (tree) { - return tree.requiredBy && tree.requiredBy.length === 0 -} - -function parentHasNoPjson (tree) { - return tree.parent && tree.parent.isTop && tree.parent.error -} - function topHasNoPjson (tree) { var top = tree while (!top.isTop) top = top.parent @@ -24,8 +16,6 @@ function isNotExtraneous (tree, isCycle) { if (!isCycle) isCycle = {} if (tree.isTop || tree.userRequired) { return true - } else if (isNotRequired(tree) && parentHasNoPjson(tree)) { - return true } else if (isCycle[tree.path]) { return topHasNoPjson(tree) } else { diff --git a/deps/npm/lib/install/mutate-into-logical-tree.js b/deps/npm/lib/install/mutate-into-logical-tree.js index 491f20913c..018745cc5f 100644 --- a/deps/npm/lib/install/mutate-into-logical-tree.js +++ b/deps/npm/lib/install/mutate-into-logical-tree.js @@ -7,6 +7,7 @@ var isExtraneous = require('./is-extraneous.js') var validateAllPeerDeps = require('./deps.js').validateAllPeerDeps var packageId = require('../utils/package-id.js') var moduleName = require('../utils/module-name.js') +var npm = require('../npm.js') // Return true if tree is a part of a cycle that: // A) Never connects to the top of the tree @@ -128,7 +129,7 @@ function translateTree_ (tree, seen) { pkg.path = tree.path pkg.error = tree.error - pkg.extraneous = isExtraneous(tree) + pkg.extraneous = !tree.isTop && (!tree.parent.isTop || !tree.parent.error) && !npm.config.get('global') && isExtraneous(tree) if (tree.target && tree.parent && !tree.parent.target) pkg.link = tree.realpath return pkg } diff --git a/deps/npm/lib/install/read-shrinkwrap.js b/deps/npm/lib/install/read-shrinkwrap.js index 913c303482..de398fb40b 100644 --- a/deps/npm/lib/install/read-shrinkwrap.js +++ b/deps/npm/lib/install/read-shrinkwrap.js @@ -9,7 +9,6 @@ const log = require('npmlog') const parseJSON = require('../utils/parse-json.js') const path = require('path') const PKGLOCK_VERSION = require('../npm.js').lockfileVersion -const pkgSri = require('../utils/package-integrity.js') const readFileAsync = BB.promisify(fs.readFile) @@ -34,14 +33,6 @@ function readShrinkwrap (child, next) { throw ex } } - if ( - pkgJson && - parsed && - parsed.packageIntegrity && - !pkgSri.check(JSON.parse(pkgJson), parsed.packageIntegrity) - ) { - log.info('read-shrinkwrap', `${name} will be updated because package.json does not match what it was generated against.`) - } if (parsed && parsed.lockfileVersion !== PKGLOCK_VERSION) { log.warn('read-shrinkwrap', `This version of npm is compatible with lockfileVersion@${PKGLOCK_VERSION}, but ${name} was generated for lockfileVersion@${parsed.lockfileVersion || 0}. I'll try to do my best with it!`) } @@ -56,10 +47,14 @@ function maybeReadFile (name, child) { ).catch({code: 'ENOENT'}, () => null) } -module.exports.andInflate = function (child, next) { +module.exports.andInflate = function (child, opts, next) { + if (arguments.length === 2) { + next = opts + opts = {} + } readShrinkwrap(child, iferr(next, function () { if (child.package._shrinkwrap) { - return inflateShrinkwrap(child, child.package._shrinkwrap.dependencies || {}, next) + return inflateShrinkwrap(child, child.package._shrinkwrap.dependencies || {}, opts, next) } else { return next() } diff --git a/deps/npm/lib/install/save.js b/deps/npm/lib/install/save.js index 5d5f4e7f7a..56a4a892ad 100644 --- a/deps/npm/lib/install/save.js +++ b/deps/npm/lib/install/save.js @@ -19,9 +19,9 @@ const writeFileAtomic = require('write-file-atomic') // if the -S|--save option is specified, then write installed packages // as dependencies to a package.json file. -exports.saveRequested = function (args, tree, andReturn) { - validate('AOF', arguments) - savePackageJson(args, tree, andWarnErrors(andSaveShrinkwrap(tree, andReturn))) +exports.saveRequested = function (tree, andReturn) { + validate('OF', arguments) + savePackageJson(tree, andWarnErrors(andSaveShrinkwrap(tree, andReturn))) } function andSaveShrinkwrap (tree, andReturn) { @@ -43,13 +43,14 @@ function andWarnErrors (cb) { function saveShrinkwrap (tree, next) { validate('OF', arguments) + if (!npm.config.get('shrinkwrap') || !npm.config.get('package-lock')) { + next() + } createShrinkwrap(tree, {silent: false}, next) } -function savePackageJson (args, tree, next) { - validate('AOF', arguments) - if (!args || !args.length) { return next() } - +function savePackageJson (tree, next) { + validate('OF', arguments) var saveBundle = npm.config.get('save-bundle') // each item in the tree is a top-level thing that should be saved @@ -84,8 +85,23 @@ function savePackageJson (args, tree, next) { }) log.verbose('saving', toSave) + const types = ['dependencies', 'devDependencies', 'optionalDependencies'] toSave.forEach(function (pkg) { tree.package[pkg.save][pkg.name] = pkg.spec + const movedFrom = [] + for (let saveType of types) { + if ( + pkg.save !== saveType && + tree.package[saveType] && + tree.package[saveType][pkg.name] + ) { + movedFrom.push(saveType) + delete tree.package[saveType][pkg.name] + } + } + if (movedFrom.length) { + log.notice('save', `${pkg.name} is being moved from ${movedFrom.join(' and ')} to ${pkg.save}`) + } if (saveBundle) { var ii = bundle.indexOf(pkg.name) if (ii === -1) bundle.push(pkg.name) @@ -116,6 +132,7 @@ exports.getSaveType = function (tree, arg) { var globalInstall = npm.config.get('global') var noSaveFlags = !npm.config.get('save') && !npm.config.get('save-dev') && + !npm.config.get('save-prod') && !npm.config.get('save-optional') if (globalInstall || noSaveFlags) return null @@ -123,6 +140,8 @@ exports.getSaveType = function (tree, arg) { return 'optionalDependencies' } else if (npm.config.get('save-dev')) { return 'devDependencies' + } else if (npm.config.get('save-prod')) { + return 'dependencies' } else { if (arg) { var name = moduleName(arg) @@ -152,8 +171,8 @@ function getThingsToSave (tree) { function getThingsToRemove (tree) { validate('O', arguments) - if (!tree.removed) return [] - var toRemove = tree.removed.map(function (child) { + if (!tree.removedChildren) return [] + var toRemove = tree.removedChildren.map(function (child) { return { name: moduleName(child), save: child.save diff --git a/deps/npm/lib/pack.js b/deps/npm/lib/pack.js index 68c6030ee8..075a672d66 100644 --- a/deps/npm/lib/pack.js +++ b/deps/npm/lib/pack.js @@ -8,16 +8,19 @@ const BB = require('bluebird') const cache = require('./cache') const cacache = require('cacache') +const cp = require('child_process') const deprCheck = require('./utils/depr-check') -const fpm = BB.promisify(require('./fetch-package-metadata')) +const fpm = require('./fetch-package-metadata') const fs = require('graceful-fs') const install = require('./install') const lifecycle = BB.promisify(require('./utils/lifecycle')) +const log = require('npmlog') const move = require('move-concurrently') const npm = require('./npm') const output = require('./utils/output') const pacoteOpts = require('./config/pacote') const path = require('path') +const PassThrough = require('stream').PassThrough const pathIsInside = require('path-is-inside') const pipe = BB.promisify(require('mississippi').pipe) const prepublishWarning = require('./utils/warn-deprecated')('prepublish-on-install') @@ -53,7 +56,7 @@ function pack (args, silent, cb) { // add to cache, then cp to the cwd function pack_ (pkg, dir) { - return fpm(pkg, dir).then((mani) => { + return BB.fromNode((cb) => fpm(pkg, dir, cb)).then((mani) => { let name = mani.name[0] === '@' // scoped packages get special treatment ? mani.name.substr(1).replace(/\//g, '-') @@ -108,10 +111,111 @@ function prepareDirectory (dir) { module.exports.packDirectory = packDirectory function packDirectory (mani, dir, target) { deprCheck(mani) - return cacache.tmp.withTmp(npm.tmp, {tmpPrefix: 'packing'}, (tmp) => { - const tmpTarget = path.join(tmp, path.basename(target)) - return tarPack(tmpTarget, dir, mani).then(() => { - return move(tmpTarget, target, {Promise: BB, fs}) - }).then(() => target) + return readJson(path.join(dir, 'package.json')).then((pkg) => { + return lifecycle(pkg, 'prepack', dir) + }).then(() => { + return readJson(path.join(dir, 'package.json')) + }).then((pkg) => { + return cacache.tmp.withTmp(npm.tmp, {tmpPrefix: 'packing'}, (tmp) => { + const tmpTarget = path.join(tmp, path.basename(target)) + return tarPack(tmpTarget, dir, pkg).then(() => { + return move(tmpTarget, target, {Promise: BB, fs}) + }).then(() => { + return lifecycle(pkg, 'postpack', dir) + }).then(() => target) + }) }) } + +const PASSTHROUGH_OPTS = [ + 'always-auth', + 'auth-type', + 'ca', + 'cafile', + 'cert', + 'git', + 'local-address', + 'maxsockets', + 'offline', + 'prefer-offline', + 'prefer-online', + 'proxy', + 'https-proxy', + 'registry', + 'send-metrics', + 'sso-poll-frequency', + 'sso-type', + 'strict-ssl' +] + +module.exports.packGitDep = packGitDep +function packGitDep (manifest, dir) { + const stream = new PassThrough() + readJson(path.join(dir, 'package.json')).then((pkg) => { + if (pkg.scripts && pkg.scripts.prepare) { + log.verbose('prepareGitDep', `${manifest._spec}: installing devDeps and running prepare script.`) + const cliArgs = PASSTHROUGH_OPTS.reduce((acc, opt) => { + if (npm.config.get(opt, 'cli') != null) { + acc.push(`--${opt}=${npm.config.get(opt)}`) + } + return acc + }, []) + const child = cp.spawn(process.env.NODE || process.execPath, [ + require.main.filename, + 'install', + '--ignore-prepublish', + '--no-progress', + '--no-save' + ].concat(cliArgs), { + cwd: dir, + env: process.env + }) + let errData = [] + let errDataLen = 0 + let outData = [] + let outDataLen = 0 + child.stdout.on('data', (data) => { + outData.push(data) + outDataLen += data.length + log.gauge.pulse('preparing git package') + }) + child.stderr.on('data', (data) => { + errData.push(data) + errDataLen += data.length + log.gauge.pulse('preparing git package') + }) + return BB.fromNode((cb) => { + child.on('error', cb) + child.on('exit', (code, signal) => { + if (code > 0) { + const err = new Error(`${signal}: npm exited with code ${code} while attempting to build ${manifest._requested}. Clone the repository manually and run 'npm install' in it for more information.`) + err.code = code + err.signal = signal + cb(err) + } else { + cb() + } + }) + }).then(() => { + if (outDataLen > 0) log.silly('prepareGitDep', '1>', Buffer.concat(outData, outDataLen).toString()) + if (errDataLen > 0) log.silly('prepareGitDep', '2>', Buffer.concat(errData, errDataLen).toString()) + }, (err) => { + if (outDataLen > 0) log.error('prepareGitDep', '1>', Buffer.concat(outData, outDataLen).toString()) + if (errDataLen > 0) log.error('prepareGitDep', '2>', Buffer.concat(errData, errDataLen).toString()) + throw err + }) + } + }).then(() => { + return readJson(path.join(dir, 'package.json')) + }).then((pkg) => { + return cacache.tmp.withTmp(npm.tmp, { + tmpPrefix: 'pacote-packing' + }, (tmp) => { + const tmpTar = path.join(tmp, 'package.tgz') + return packDirectory(manifest, dir, tmpTar).then(() => { + return pipe(fs.createReadStream(tmpTar), stream) + }) + }) + }).catch((err) => stream.emit('error', err)) + return stream +} diff --git a/deps/npm/lib/prune.js b/deps/npm/lib/prune.js index 39d1c8ffb7..6027745383 100644 --- a/deps/npm/lib/prune.js +++ b/deps/npm/lib/prune.js @@ -26,6 +26,7 @@ function prune (args, cb) { function Pruner (where, dryrun, args) { Installer.call(this, where, dryrun, args) + this.fakeChildren = false } util.inherits(Pruner, Installer) @@ -59,7 +60,7 @@ Pruner.prototype.loadAllDepsIntoIdealTree = function (cb) { var toPrune = this.idealTree.children.filter(shouldPrune).map(getModuleName).filter(matchesArg).map(nameObj) steps.push( - [removeDeps, toPrune, this.idealTree, null, cg.newGroup('removeDeps')], + [removeDeps, toPrune, this.idealTree, null], [loadExtraneous, this.idealTree, cg.newGroup('loadExtraneous')]) chain(steps, cb) } diff --git a/deps/npm/lib/publish.js b/deps/npm/lib/publish.js index 49c98fb8e6..5d99bfd089 100644 --- a/deps/npm/lib/publish.js +++ b/deps/npm/lib/publish.js @@ -76,15 +76,23 @@ function publish_ (arg) { } function publishFromDirectory (arg) { - return pack.prepareDirectory(arg).tap((pkg) => { + // All this readJson is because any of the given scripts might modify the + // package.json in question, so we need to refresh after every step. + return pack.prepareDirectory(arg).then(() => { + return readJson(path.join(arg, 'package.json')) + }).then((pkg) => { return lifecycle(pkg, 'prepublishOnly', arg) - }).tap((pkg) => { + }).then(() => { + return readJson(path.join(arg, 'package.json')) + }).then((pkg) => { return cacache.tmp.withTmp(npm.tmp, {tmpPrefix: 'fromDir'}, (tmpDir) => { const target = path.join(tmpDir, 'package.tgz') return pack.packDirectory(pkg, arg, target).then(() => { return upload(arg, pkg, false, target) }) }) + }).then(() => { + return readJson(path.join(arg, 'package.json')) }).tap((pkg) => { return lifecycle(pkg, 'publish', arg) }).tap((pkg) => { diff --git a/deps/npm/lib/shrinkwrap.js b/deps/npm/lib/shrinkwrap.js index 75fe0dd95d..428c12bba7 100644 --- a/deps/npm/lib/shrinkwrap.js +++ b/deps/npm/lib/shrinkwrap.js @@ -9,7 +9,6 @@ const getRequested = require('./install/get-requested.js') const id = require('./install/deps.js') const iferr = require('iferr') const isDevDep = require('./install/is-dev-dep.js') -const isExtraneous = require('./install/is-extraneous.js') const isOptDep = require('./install/is-opt-dep.js') const isProdDep = require('./install/is-prod-dep.js') const lifecycle = require('./utils/lifecycle.js') @@ -17,9 +16,7 @@ const log = require('npmlog') const moduleName = require('./utils/module-name.js') const move = require('move-concurrently') const npm = require('./npm.js') -const packageId = require('./utils/package-id.js') const path = require('path') -const pkgSri = require('./utils/package-integrity.js') const readPackageTree = BB.promisify(require('read-package-tree')) const ssri = require('ssri') const validate = require('aproba') @@ -92,33 +89,21 @@ function treeToShrinkwrap (tree) { var pkginfo = {} if (tree.package.name) pkginfo.name = tree.package.name if (tree.package.version) pkginfo.version = tree.package.version - var problems = [] if (tree.children.length) { - shrinkwrapDeps(problems, pkginfo.dependencies = {}, tree, tree) + shrinkwrapDeps(pkginfo.dependencies = {}, tree, tree) } - if (problems.length) pkginfo.problems = problems return pkginfo } -function shrinkwrapDeps (problems, deps, top, tree, seen) { - validate('AOOO', [problems, deps, top, tree]) +function shrinkwrapDeps (deps, top, tree, seen) { + validate('OOO', [deps, top, tree]) if (!seen) seen = {} if (seen[tree.path]) return seen[tree.path] = true - Object.keys(tree.missingDeps).forEach(function (name) { - var invalid = tree.children.filter(function (dep) { return moduleName(dep) === name })[0] - if (invalid) { - problems.push('invalid: have ' + invalid.package._id + ' (expected: ' + tree.missingDeps[name] + ') ' + invalid.path) - } else if (!tree.package.optionalDependencies || !tree.package.optionalDependencies[name]) { - var topname = packageId(tree) - problems.push('missing: ' + name + '@' + tree.package.dependencies[name] + - (topname ? ', required by ' + topname : '')) - } - }) tree.children.sort(function (aa, bb) { return moduleName(aa).localeCompare(moduleName(bb)) }).forEach(function (child) { var childIsOnlyDev = isOnlyDev(child) - if (child.package._injectedFromShrinkwrap) { - deps[moduleName(child)] = child.package._injectedFromShrinkwrap + if (child.fakeChild) { + deps[moduleName(child)] = child.fakeChild return } var pkginfo = deps[moduleName(child)] = {} @@ -148,16 +133,9 @@ function shrinkwrapDeps (problems, deps, top, tree, seen) { } if (childIsOnlyDev) pkginfo.dev = true if (isOptional(child)) pkginfo.optional = true - if (isExtraneous(child)) { - problems.push('extraneous: ' + child.package._id + ' ' + child.path) - } - id.validatePeerDeps(child, function (tree, pkgname, version) { - problems.push('peer invalid: ' + pkgname + '@' + version + - ', required by ' + child.package._id) - }) if (child.children.length) { pkginfo.dependencies = {} - shrinkwrapDeps(problems, pkginfo.dependencies, top, child, seen) + shrinkwrapDeps(pkginfo.dependencies, top, child, seen) } }) } @@ -205,7 +183,6 @@ function updateLockfileMetadata (pkginfo, pkgJson) { let metainfoWritten = false const metainfo = new Set([ 'lockfileVersion', - 'packageIntegrity', 'preserveSymlinks' ]) Object.keys(pkginfo).forEach((k) => { @@ -224,7 +201,6 @@ function updateLockfileMetadata (pkginfo, pkgJson) { } function writeMetainfo (pkginfo) { pkginfo.lockfileVersion = PKGLOCK_VERSION - pkginfo.packageIntegrity = pkgJson && pkgSri.hash(pkgJson) if (process.env.NODE_PRESERVE_SYMLINKS) { pkginfo.preserveSymlinks = process.env.NODE_PRESERVE_SYMLINKS } diff --git a/deps/npm/lib/uninstall.js b/deps/npm/lib/uninstall.js index 9e3d91ac40..c181fdc4e8 100644 --- a/deps/npm/lib/uninstall.js +++ b/deps/npm/lib/uninstall.js @@ -2,24 +2,21 @@ // remove a package. module.exports = uninstall -module.exports.Uninstaller = Uninstaller -var util = require('util') -var path = require('path') -var validate = require('aproba') -var chain = require('slide').chain -var readJson = require('read-package-json') -var npm = require('./npm.js') -var Installer = require('./install.js').Installer -var getSaveType = require('./install/save.js').getSaveType -var removeDeps = require('./install/deps.js').removeDeps -var loadExtraneous = require('./install/deps.js').loadExtraneous -var log = require('npmlog') -var usage = require('./utils/usage') +const path = require('path') +const validate = require('aproba') +const readJson = require('read-package-json') +const iferr = require('iferr') +const npm = require('./npm.js') +const Installer = require('./install.js').Installer +const getSaveType = require('./install/save.js').getSaveType +const removeDeps = require('./install/deps.js').removeDeps +const log = require('npmlog') +const usage = require('./utils/usage') uninstall.usage = usage( 'uninstall', - 'npm uninstall [<@scope>/]<pkg>[@<version>]... [--save|--save-dev|--save-optional]' + 'npm uninstall [<@scope>/]<pkg>[@<version>]... [--save-prod|--save-dev|--save-optional] [--no-save]' ) uninstall.completion = require('./utils/completion/installed-shallow.js') @@ -27,17 +24,18 @@ uninstall.completion = require('./utils/completion/installed-shallow.js') function uninstall (args, cb) { validate('AF', arguments) // the /path/to/node_modules/.. - var dryrun = !!npm.config.get('dry-run') + const dryrun = !!npm.config.get('dry-run') if (args.length === 1 && args[0] === '.') args = [] - args = args.filter(function (a) { - return path.resolve(a) !== where - }) - var where = npm.config.get('global') || !args.length + const where = npm.config.get('global') || !args.length ? path.resolve(npm.globalDir, '..') : npm.prefix + args = args.filter(function (a) { + return path.resolve(a) !== where + }) + if (args.length) { new Uninstaller(where, dryrun, args).run(cb) } else { @@ -50,29 +48,33 @@ function uninstall (args, cb) { } } -function Uninstaller (where, dryrun, args) { - validate('SBA', arguments) - Installer.call(this, where, dryrun, args) -} -util.inherits(Uninstaller, Installer) +class Uninstaller extends Installer { + constructor (where, dryrun, args) { + super(where, dryrun, args) + this.remove = [] + this.fakeChildren = false + } -Uninstaller.prototype.loadArgMetadata = function (next) { - this.args = this.args.map(function (arg) { return {name: arg} }) - next() -} + loadArgMetadata (next) { + this.args = this.args.map(function (arg) { return {name: arg} }) + next() + } -Uninstaller.prototype.loadAllDepsIntoIdealTree = function (cb) { - validate('F', arguments) - log.silly('uninstall', 'loadAllDepsIntoIdealTree') - var saveDeps = getSaveType() + loadAllDepsIntoIdealTree (cb) { + validate('F', arguments) + this.remove = this.args + this.args = [] + log.silly('uninstall', 'loadAllDepsIntoIdealTree') + const saveDeps = getSaveType() - var cg = this.progress['loadIdealTree:loadAllDepsIntoIdealTree'] - var steps = [] - steps.push( - [removeDeps, this.args, this.idealTree, saveDeps, cg.newGroup('removeDeps')], - [loadExtraneous, this.idealTree, cg.newGroup('loadExtraneous')]) - chain(steps, cb) + super.loadAllDepsIntoIdealTree(iferr(cb, () => { + removeDeps(this.remove, this.idealTree, saveDeps, cb) + })) + } + + // no top level lifecycles on rm + runPreinstallTopLevelLifecycles (cb) { cb() } + runPostinstallTopLevelLifecycles (cb) { cb() } } -Uninstaller.prototype.runPreinstallTopLevelLifecycles = function (cb) { cb() } -Uninstaller.prototype.runPostinstallTopLevelLifecycles = function (cb) { cb() } +module.exports.Uninstaller = Uninstaller diff --git a/deps/npm/lib/utils/error-handler.js b/deps/npm/lib/utils/error-handler.js index 8365f39d9d..5374d1feec 100644 --- a/deps/npm/lib/utils/error-handler.js +++ b/deps/npm/lib/utils/error-handler.js @@ -130,10 +130,12 @@ function exit (code, noLog) { itWorked = !code - // just emit a fake exit event. - // if we're really exiting, then let it exit on its own, so that - // in-process stuff can finish or clean up first. - if (!doExit) process.emit('exit', code) + // Exit directly -- nothing in the CLI should still be running in the + // background at this point, and this makes sure anything left dangling + // for whatever reason gets thrown away, instead of leaving the CLI open + // + // Commands that expect long-running actions should just delay `cb()` + process.exit(code) } } diff --git a/deps/npm/lib/utils/link.js b/deps/npm/lib/utils/link.js index 605b77402c..15331740a4 100644 --- a/deps/npm/lib/utils/link.js +++ b/deps/npm/lib/utils/link.js @@ -64,7 +64,7 @@ function link (from, to, gently, abs, cb) { [ [ensureFromIsNotSource, absTarget, to], [fs, 'stat', absTarget], - [rm, to, gently], + [rm, to, gently, path.dirname(to)], [mkdir, path.dirname(to)], [fs, 'symlink', target, to, 'junction'] ], diff --git a/deps/npm/lib/utils/package-integrity.js b/deps/npm/lib/utils/package-integrity.js deleted file mode 100644 index f9560d660e..0000000000 --- a/deps/npm/lib/utils/package-integrity.js +++ /dev/null @@ -1,21 +0,0 @@ -'use strict' - -// Utilities for generating and verifying the packageIntegrity field for -// package-lock -// -// Spec: https://github.com/npm/npm/pull/16441 - -const ssri = require('ssri') -const SSRI_OPTS = { - algorithms: ['sha512'] -} - -module.exports.check = check -function check (pkg, integrity) { - return ssri.checkData(JSON.stringify(pkg), integrity, SSRI_OPTS) -} - -module.exports.hash = hash -function hash (pkg) { - return ssri.fromData(JSON.stringify(pkg), SSRI_OPTS).toString() -} diff --git a/deps/npm/lib/utils/tar.js b/deps/npm/lib/utils/tar.js index 7ebc9d6875..ebbee025a2 100644 --- a/deps/npm/lib/utils/tar.js +++ b/deps/npm/lib/utils/tar.js @@ -3,8 +3,6 @@ // commands for packing and unpacking tarballs // this file is used by lib/cache.js -const BB = require('bluebird') - var fs = require('graceful-fs') var path = require('path') var writeFileAtomic = require('write-file-atomic') @@ -28,11 +26,6 @@ var moduleName = require('./module-name.js') var packageId = require('./package-id.js') var pulseTillDone = require('../utils/pulse-till-done.js') -const cacache = require('cacache') -const packAsync = BB.promisify(pack) -const PassThrough = require('stream').PassThrough -const pipe = BB.promisify(require('mississippi').pipe) - if (process.env.SUDO_UID && myUid === 0) { if (!isNaN(process.env.SUDO_UID)) myUid = +process.env.SUDO_UID if (!isNaN(process.env.SUDO_GID)) myGid = +process.env.SUDO_GID @@ -41,18 +34,6 @@ if (process.env.SUDO_UID && myUid === 0) { exports.pack = pack exports.unpack = unpack -module.exports.packToStream = packToStream -function packToStream (mani, dir) { - const stream = new PassThrough() - cacache.tmp.withTmp(npm.tmp, (tmp) => { - const tmpTarget = path.join(tmp, 'package.tgz') - return packAsync(tmpTarget, dir, mani).then(() => { - return pipe(fs.createReadStream(tmpTarget), stream) - }) - }).catch((err) => stream.emit('error', err)) - return stream -} - function pack (tarball, folder, pkg, cb) { log.verbose('tar pack', [tarball, folder]) diff --git a/deps/npm/man/man1/npm-cache.1 b/deps/npm/man/man1/npm-cache.1 index 2da4282950..cc8b1e2fae 100644 --- a/deps/npm/man/man1/npm-cache.1 +++ b/deps/npm/man/man1/npm-cache.1 @@ -10,10 +10,10 @@ npm cache add <folder> npm cache add <tarball url> npm cache add <name>@<version> -npm cache ls [<path>] - npm cache clean [<path>] aliases: npm cache clear, npm cache rm + +npm cache verify .fi .RE .SH DESCRIPTION @@ -26,40 +26,45 @@ Add the specified package to the local cache\. This command is primarily intended to be used internally by npm, but it can provide a way to add data to the local installation cache explicitly\. .IP \(bu 2 -ls: -Show the data in the cache\. Argument is a path to show in the cache -folder\. Works a bit like the \fBfind\fP program, but limited by the -\fBdepth\fP config\. -.IP \(bu 2 clean: -Delete data out of the cache folder\. If an argument is provided, then -it specifies a subpath to delete\. If no argument is provided, then -the entire cache is deleted\. +Delete all data out of the cache folder\. +.IP \(bu 2 +verify: +Verify the contents of the cache folder, garbage collecting any unneeded data, +and verifying the integrity of the cache index and all cached data\. .RE .SH DETAILS .P -npm stores cache data in the directory specified in \fBnpm config get cache\fP\|\. -For each package that is added to the cache, three pieces of information are -stored in \fB{cache}/{name}/{version}\fP: -.RS 0 -.IP \(bu 2 -\|\.\.\./package/package\.json: -The package\.json file, as npm sees it\. -.IP \(bu 2 -\|\.\.\./package\.tgz: -The tarball for that version\. - -.RE +npm stores cache data in an opaque directory within the configured \fBcache\fP, +named \fB_cacache\fP\|\. This directory is a \fBcacache\fP\-based content\-addressable cache +that stores all http request data as well as other package\-related data\. This +directory is primarily accessed through \fBpacote\fP, the library responsible for +all package fetching as of npm@5\. +.P +All data that passes through the cache is fully verified for integrity on both +insertion and extraction\. Cache corruption will either trigger an error, or +signal to \fBpacote\fP that the data must be refetched, which it will do +automatically\. For this reason, it should never be necessary to clear the cache +for any reason other than reclaiming disk space, thus why \fBclean\fP now requires +\fB\-\-force\fP to run\. +.P +There is currently no method exposed through npm to inspect or directly manage +the contents of this cache\. In order to access it, \fBcacache\fP must be used +directly\. .P -Additionally, whenever a registry request is made, a \fB\|\.cache\.json\fP file -is placed at the corresponding URI, to store the ETag and the requested -data\. This is stored in \fB{cache}/{hostname}/{path}/\.cache\.json\fP\|\. +npm will not remove data by itself: the cache will grow as new packages are +installed\. +.SH A NOTE ABOUT THE CACHE'S DESIGN .P -Commands that make non\-essential registry requests (such as \fBsearch\fP and -\fBview\fP, or the completion scripts) generally specify a minimum timeout\. -If the \fB\|\.cache\.json\fP file is younger than the specified timeout, then -they do not make an HTTP request to the registry\. +The npm cache is strictly a cache: it should not be relied upon as a persistent +and reliable data store for package data\. npm makes no guarantee that a +previously\-cached piece of data will be available later, and will automatically +delete corrupted contents\. The primary guarantee that the cache makes is that, +if it does return data, that data will be exactly the data that was inserted\. +.P +To run an offline verification of existing cache contents, use \fBnpm cache +verify\fP\|\. .SH CONFIGURATION .SS cache .P @@ -82,6 +87,10 @@ npm help install npm help publish .IP \(bu 2 npm help pack +.IP \(bu 2 +https://npm\.im/cacache +.IP \(bu 2 +https://npm\.im/pacote .RE diff --git a/deps/npm/man/man1/npm-install.1 b/deps/npm/man/man1/npm-install.1 index 2bacec4055..2dca6a4b8f 100644 --- a/deps/npm/man/man1/npm-install.1 +++ b/deps/npm/man/man1/npm-install.1 @@ -10,19 +10,22 @@ npm install [<@scope>/]<name> npm install [<@scope>/]<name>@<tag> npm install [<@scope>/]<name>@<version> npm install [<@scope>/]<name>@<version range> +npm install <git\-host>:<git\-user>/<repo\-name> +npm install <git repo url> npm install <tarball file> npm install <tarball url> npm install <folder> alias: npm i -common options: [\-S|\-\-save|\-D|\-\-save\-dev|\-O|\-\-save\-optional] [\-E|\-\-save\-exact] [\-B|\-\-save\-bundle] [\-\-dry\-run] +common options: [\-P|\-\-save\-prod|\-D|\-\-save\-dev|\-O|\-\-save\-optional] [\-E|\-\-save\-exact] [\-B|\-\-save\-bundle] [\-\-no\-save] [\-\-dry\-run] .fi .RE .SH DESCRIPTION .P This command installs a package, and any packages that it depends on\. If the -package has a shrinkwrap file, the installation of dependencies will be driven -by that\. See npm help shrinkwrap\. +package has a package\-lock or shrinkwrap file, the installation of dependencies +will be driven by that, with an \fBnpm\-shrinkwrap\.json\fP taking precedence if both +files exist\. See npm help 5 package\-lock\.json and npm help shrinkwrap\. .P A \fBpackage\fP is: .RS 0 @@ -61,12 +64,16 @@ after packing it up into a tarball (b)\. \fBdevDependencies\fP\|\. .IP \(bu 2 \fBnpm install <folder>\fP: - Install a package that is sitting in a folder on the filesystem\. + Install the package in the directory as a symlink in the current project\. + Its dependencies will be installed before it's linked\. If \fB<folder>\fP sits + inside the root of your project, its dependencies may be hoisted to the + toplevel \fBnode_modules\fP as they would for other types of dependencies\. .IP \(bu 2 \fBnpm install <tarball file>\fP: Install a package that is sitting on the filesystem\. Note: if you just want to link a dev directory into your npm root, you can do this more easily by - using \fBnpm link\fP\|\. + using \fBnpm link\fP\|\. The filename \fImust\fR use \fB\|\.tar\fP, \fB\|\.tar\.gz\fP, or \fB\|\.tgz\fP as + the extension\. Example: .P .RS 2 @@ -86,11 +93,11 @@ after packing it up into a tarball (b)\. .fi .RE .IP \(bu 2 -\fBnpm install [<@scope>/]<name> [\-S|\-\-save|\-D|\-\-save\-dev|\-O|\-\-save\-optional]\fP: +\fBnpm install [<@scope>/]<name>\fP: Do a \fB<name>@<tag>\fP install, where \fB<tag>\fP is the "tag" config\. (See npm help 7 \fBnpm\-config\fP\|\. The config's default value is \fBlatest\fP\|\.) - In most cases, this will install the latest version - of the module published on npm\. + In most cases, this will install the version of the modules tagged as + \fBlatest\fP on the npm registry\. Example: .P .RS 2 @@ -98,15 +105,24 @@ after packing it up into a tarball (b)\. npm install sax .fi .RE - \fBnpm install\fP takes 3 exclusive, optional flags which save or update - the package version in your main package\.json: + \fBnpm install\fP saves any specified packages into \fBdependencies\fP by default\. + Additionally, you can control where and how they get saved with some + additional flags: .RS 0 .IP \(bu 2 -\fB\-S, \-\-save\fP: Package will appear in your \fBdependencies\fP\|\. +\fB\-P, \-\-save\-prod\fP: Package will appear in your \fBdependencies\fP\|\. This is the +.P +.RS 2 +.nf + default unless `\-D` or `\-O` are present\. +.fi +.RE .IP \(bu 2 \fB\-D, \-\-save\-dev\fP: Package will appear in your \fBdevDependencies\fP\|\. .IP \(bu 2 \fB\-O, \-\-save\-optional\fP: Package will appear in your \fBoptionalDependencies\fP\|\. +.IP \(bu 2 +\fB\-\-no\-save\fP: Prevents saving to \fBdependencies\fP\|\. When using any of the above options to save dependencies to your package\.json, there are two additional, optional flags: .IP \(bu 2 @@ -115,8 +131,8 @@ exact version rather than using npm's default semver range operator\. .IP \(bu 2 \fB\-B, \-\-save\-bundle\fP: Saved dependencies will also be added to your \fBbundleDependencies\fP list\. -Further, if you have an \fBnpm\-shrinkwrap\.json\fP then it will be updated as -well\. +Further, if you have an \fBnpm\-shrinkwrap\.json\fP or \fBpackage\-lock\.json\fP then it +will be updated as well\. \fB<scope>\fP is optional\. The package will be downloaded from the registry associated with the specified scope\. If no registry is associated with the given scope the default registry is assumed\. See npm help 7 \fBnpm\-scope\fP\|\. @@ -127,13 +143,13 @@ Examples: .P .RS 2 .nf -npm install sax \-\-save +npm install sax npm install githubname/reponame npm install @myorg/privatepackage npm install node\-tap \-\-save\-dev npm install dtrace\-provider \-\-save\-optional -npm install readable\-stream \-\-save \-\-save\-exact -npm install ansi\-regex \-\-save \-\-save\-bundle +npm install readable\-stream \-\-save\-exact +npm install ansi\-regex \-\-save\-bundle .fi .RE @@ -190,21 +206,29 @@ fetch the package by name if it is not valid\. .RE .IP \(bu 2 \fBnpm install <git remote url>\fP: - Installs the package from the hosted git provider, cloning it with - \fBgit\fP\|\. First it tries via the https (git with github) and if that fails, via ssh\. + Installs the package from the hosted git provider, cloning it with \fBgit\fP\|\. + For a full git remote url, only that URL will be attempted\. .P .RS 2 .nf - <protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>[#<commit\-ish>] + <protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>[#<commit\-ish> | #semver:<semver>] .fi .RE - \fB<protocol>\fP is one of \fBgit\fP, \fBgit+ssh\fP, \fBgit+http\fP, \fBgit+https\fP, - or \fBgit+file\fP\|\. - If no \fB<commit\-ish>\fP is specified, then \fBmaster\fP is used\. - If the repository makes use of submodules, those submodules will - be cloned as well\. - The following git environment variables are recognized by npm and will be added - to the environment when running git: + \fB<protocol>\fP is one of \fBgit\fP, \fBgit+ssh\fP, \fBgit+http\fP, \fBgit+https\fP, or + \fBgit+file\fP\|\. + If \fB#<commit\-ish>\fP is provided, it will be used to clone exactly that + commit\. If the commit\-ish has the format \fB#semver:<semver>\fP, \fB<semver>\fP can + be any valid semver range or exact version, and npm will look for any tags + or refs matching that range in the remote repository, much as it would for a + registry dependency\. If neither \fB#<commit\-ish>\fP or \fB#semver:<semver>\fP is + specified, then \fBmaster\fP is used\. + If the repository makes use of submodules, those submodules will be cloned + as well\. + If the package being installed contains a \fBprepare\fP script, its + \fBdependencies\fP and \fBdevDependencies\fP will be installed, and the prepare + script will be run, before the package is packaged and installed\. + The following git environment variables are recognized by npm and will be + added to the environment when running git: .RS 0 .IP \(bu 2 \fBGIT_ASKPASS\fP @@ -226,6 +250,7 @@ Examples: .RS 2 .nf npm install git+ssh://git@github\.com:npm/npm\.git#v1\.0\.27 +npm install git+ssh://git@github\.com:npm/npm#semver:^5\.0 npm install git+https://isaacs@github\.com/npm/npm\.git npm install git://github\.com/npm/npm\.git#v1\.0\.27 GIT_SSH_COMMAND='ssh \-i ~/\.ssh/custom_ident' npm install git+ssh://git@github\.com:npm/npm\.git @@ -239,7 +264,15 @@ GIT_SSH_COMMAND='ssh \-i ~/\.ssh/custom_ident' npm install git+ssh://git@github\ \fBnpm install github:<githubname>/<githubrepo>[#<commit\-ish>]\fP: Install the package at \fBhttps://github\.com/githubname/githubrepo\fP by attempting to clone it using \fBgit\fP\|\. - If you don't specify a \fIcommit\-ish\fR then \fBmaster\fP will be used\. + If \fB#<commit\-ish>\fP is provided, it will be used to clone exactly that + commit\. If the commit\-ish has the format \fB#semver:<semver>\fP, \fB<semver>\fP can + be any valid semver range or exact version, and npm will look for any tags + or refs matching that range in the remote repository, much as it would for a + registry dependency\. If neither \fB#<commit\-ish>\fP or \fB#semver:<semver>\fP is + specified, then \fBmaster\fP is used\. + As with regular git dependencies, \fBdependencies\fP and \fBdevDependencies\fP will + be installed if the package has a \fBprepare\fP script, before the package is + done installing\. Examples: .P .RS 2 @@ -249,11 +282,13 @@ GIT_SSH_COMMAND='ssh \-i ~/\.ssh/custom_ident' npm install git+ssh://git@github\ .fi .RE .IP \(bu 2 -\fBnpm install gist:[<githubname>/]<gistID>[#<commit\-ish>]\fP: +\fBnpm install gist:[<githubname>/]<gistID>[#<commit\-ish>|#semver:<semver>]\fP: Install the package at \fBhttps://gist\.github\.com/gistID\fP by attempting to clone it using \fBgit\fP\|\. The GitHub username associated with the gist is - optional and will not be saved in \fBpackage\.json\fP if \fB\-S\fP or \fB\-\-save\fP is used\. - If you don't specify a \fIcommit\-ish\fR then \fBmaster\fP will be used\. + optional and will not be saved in \fBpackage\.json\fP\|\. + As with regular git dependencies, \fBdependencies\fP and \fBdevDependencies\fP will + be installed if the package has a \fBprepare\fP script, before the package is + done installing\. Example: .P .RS 2 @@ -265,7 +300,15 @@ GIT_SSH_COMMAND='ssh \-i ~/\.ssh/custom_ident' npm install git+ssh://git@github\ \fBnpm install bitbucket:<bitbucketname>/<bitbucketrepo>[#<commit\-ish>]\fP: Install the package at \fBhttps://bitbucket\.org/bitbucketname/bitbucketrepo\fP by attempting to clone it using \fBgit\fP\|\. - If you don't specify a \fIcommit\-ish\fR then \fBmaster\fP will be used\. + If \fB#<commit\-ish>\fP is provided, it will be used to clone exactly that + commit\. If the commit\-ish has the format \fB#semver:<semver>\fP, \fB<semver>\fP can + be any valid semver range or exact version, and npm will look for any tags + or refs matching that range in the remote repository, much as it would for a + registry dependency\. If neither \fB#<commit\-ish>\fP or \fB#semver:<semver>\fP is + specified, then \fBmaster\fP is used\. + As with regular git dependencies, \fBdependencies\fP and \fBdevDependencies\fP will + be installed if the package has a \fBprepare\fP script, before the package is + done installing\. Example: .P .RS 2 @@ -277,12 +320,21 @@ GIT_SSH_COMMAND='ssh \-i ~/\.ssh/custom_ident' npm install git+ssh://git@github\ \fBnpm install gitlab:<gitlabname>/<gitlabrepo>[#<commit\-ish>]\fP: Install the package at \fBhttps://gitlab\.com/gitlabname/gitlabrepo\fP by attempting to clone it using \fBgit\fP\|\. - If you don't specify a \fIcommit\-ish\fR then \fBmaster\fP will be used\. + If \fB#<commit\-ish>\fP is provided, it will be used to clone exactly that + commit\. If the commit\-ish has the format \fB#semver:<semver>\fP, \fB<semver>\fP can + be any valid semver range or exact version, and npm will look for any tags + or refs matching that range in the remote repository, much as it would for a + registry dependency\. If neither \fB#<commit\-ish>\fP or \fB#semver:<semver>\fP is + specified, then \fBmaster\fP is used\. + As with regular git dependencies, \fBdependencies\fP and \fBdevDependencies\fP will + be installed if the package has a \fBprepare\fP script, before the package is + done installing\. Example: .P .RS 2 .nf npm install gitlab:mygitlabuser/myproject + npm install gitlab:myusr/myproj#semver:^5\.0 .fi .RE @@ -322,7 +374,7 @@ global \fBnode_modules\fP folder\. Only your direct dependencies will show in \fBnode_modules\fP and everything they depend on will be flattened in their \fBnode_modules\fP folders\. This obviously will eliminate some deduping\. .P -The \fB\-\-ignore\-scripts\fP argument will cause npm to not execute any +The \fB\-\-ignore\-scripts\fP argument will cause npm to not execute any scripts defined in the package\.json\. See npm help 7 \fBnpm\-scripts\fP\|\. .P The \fB\-\-legacy\-bundling\fP argument will cause npm to install the package such @@ -339,7 +391,7 @@ The \fB\-\-no\-optional\fP argument will prevent optional dependencies from being installed\. .P The \fB\-\-no\-shrinkwrap\fP argument, which will ignore an available -shrinkwrap file and use the package\.json instead\. +package lock or shrinkwrap file and use the package\.json instead\. .P The \fB\-\-nodedir=/path/to/node/source\fP argument will allow npm to find the node source code so that npm can compile native modules\. @@ -397,7 +449,9 @@ A .RE .P Because B's D@1 will be installed in the top level, C now has to install D@2 -privately for itself\. +privately for itself\. This algorithm is deterministic, but different trees may +be produced if two dependencies are requested for installation in a different +order\. .P See npm help 5 folders for a more detailed description of the specific folder structures that npm creates\. diff --git a/deps/npm/man/man1/npm-ls.1 b/deps/npm/man/man1/npm-ls.1 index c886db5dc4..31cbd387aa 100644 --- a/deps/npm/man/man1/npm-ls.1 +++ b/deps/npm/man/man1/npm-ls.1 @@ -22,7 +22,7 @@ For example, running \fBnpm ls promzard\fP in npm's source tree will show: .P .RS 2 .nf -npm@5.0.0-beta.56 /path/to/npm +npm@5.0.0 /path/to/npm └─┬ init\-package\-json@0\.0\.4 └── promzard@0\.1\.5 .fi diff --git a/deps/npm/man/man1/npm-publish.1 b/deps/npm/man/man1/npm-publish.1 index 603031a4e6..603c79da7f 100644 --- a/deps/npm/man/man1/npm-publish.1 +++ b/deps/npm/man/man1/npm-publish.1 @@ -53,6 +53,10 @@ Once a package is published with a given name and version, that specific name and version combination can never be used again, even if it is removed with npm help unpublish\. .P +As of \fBnpm@5\fP, both a sha1sum and an integrity field with a sha512sum of the +tarball will be submitted to the registry during publication\. Subsequent +installs will use the strongest supported algorithm to verify downloads\. +.P For a "dry run" that does everything except actually publishing to the registry, see npm help \fBnpm\-pack\fP, which figures out the files to be included and packs them into a tarball to be uploaded to the registry\. diff --git a/deps/npm/man/man1/npm-shrinkwrap.1 b/deps/npm/man/man1/npm-shrinkwrap.1 index e36981c421..08ce497d20 100644 --- a/deps/npm/man/man1/npm-shrinkwrap.1 +++ b/deps/npm/man/man1/npm-shrinkwrap.1 @@ -1,6 +1,6 @@ .TH "NPM\-SHRINKWRAP" "1" "May 2017" "" "" .SH "NAME" -\fBnpm-shrinkwrap\fR \- Lock down dependency versions +\fBnpm-shrinkwrap\fR \- Lock down dependency versions for publication .SH SYNOPSIS .P .RS 2 @@ -10,222 +10,11 @@ npm shrinkwrap .RE .SH DESCRIPTION .P -This command locks down the versions of a package's dependencies so -that you can control exactly which versions of each dependency will be -used when your package is installed\. The \fBpackage\.json\fP file is still -required if you want to use \fBnpm install\fP\|\. -.P -By default, \fBnpm install\fP recursively installs the target's -dependencies (as specified in \fBpackage\.json\fP), choosing the latest -available version that satisfies the dependency's semver pattern\. In -some situations, particularly when shipping software where each change -is tightly managed, it's desirable to fully specify each version of -each dependency recursively so that subsequent builds and deploys do -not inadvertently pick up newer versions of a dependency that satisfy -the semver pattern\. Specifying specific semver patterns in each -dependency's \fBpackage\.json\fP would facilitate this, but that's not always -possible or desirable, as when another author owns the npm package\. -It's also possible to check dependencies directly into source control, -but that may be undesirable for other reasons\. -.P -As an example, consider package A: -.P -.RS 2 -.nf -{ - "name": "A", - "version": "0\.1\.0", - "dependencies": { - "B": "<0\.1\.0" - } -} -.fi -.RE -.P -package B: -.P -.RS 2 -.nf -{ - "name": "B", - "version": "0\.0\.1", - "dependencies": { - "C": "<0\.1\.0" - } -} -.fi -.RE -.P -and package C: -.P -.RS 2 -.nf -{ - "name": "C", - "version": "0\.0\.1" -} -.fi -.RE -.P -If these are the only versions of A, B, and C available in the -registry, then a normal \fBnpm install A\fP will install: -.P -.RS 2 -.nf -A@0\.1\.0 -`\-\- B@0\.0\.1 - `\-\- C@0\.0\.1 -.fi -.RE -.P -However, if B@0\.0\.2 is published, then a fresh \fBnpm install A\fP will -install: -.P -.RS 2 -.nf -A@0\.1\.0 -`\-\- B@0\.0\.2 - `\-\- C@0\.0\.1 -.fi -.RE -.P -assuming the new version did not modify B's dependencies\. Of course, -the new version of B could include a new version of C and any number -of new dependencies\. If such changes are undesirable, the author of A -could specify a dependency on B@0\.0\.1\. However, if A's author and B's -author are not the same person, there's no way for A's author to say -that he or she does not want to pull in newly published versions of C -when B hasn't changed at all\. -.P -In this case, A's author can run -.P -.RS 2 -.nf -npm shrinkwrap -.fi -.RE -.P -This generates \fBnpm\-shrinkwrap\.json\fP, which will look something like this: -.P -.RS 2 -.nf -{ - "name": "A", - "version": "0\.1\.0", - "dependencies": { - "B": { - "version": "0\.0\.1", - "from": "B@^0\.0\.1", - "resolved": "https://registry\.npmjs\.org/B/\-/B\-0\.0\.1\.tgz", - "dependencies": { - "C": { - "version": "0\.0\.1", - "from": "org/C#v0\.0\.1", - "resolved": "git://github\.com/org/C\.git#5c380ae319fc4efe9e7f2d9c78b0faa588fd99b4" - } - } - } - } -} -.fi -.RE -.P -The shrinkwrap command has locked down the dependencies based on what's -currently installed in \fBnode_modules\fP\|\. The installation behavior is changed to: -.RS 0 -.IP 1. 3 -The module tree described by the shrinkwrap is reproduced\. This means -reproducing the structure described in the file, using the specific files -referenced in "resolved" if available, falling back to normal package -resolution using "version" if one isn't\. -.IP 2. 3 -The tree is walked and any missing dependencies are installed in the usual fashion\. - -.RE -.P -If \fBpreshrinkwrap\fP, \fBshrinkwrap\fP or \fBpostshrinkwrap\fP are in the \fBscripts\fP property of the -\fBpackage\.json\fP, they will be executed by running \fBnpm shrinkwrap\fP\|\. -\fBpreshrinkwrap\fP and \fBshrinkwrap\fP are executed before the shrinkwrap, \fBpostshrinkwrap\fP is -executed afterwards\. For example to run some postprocessing on the generated file: -.P -.RS 2 -.nf -"scripts": { "postshrinkwrap": "node fix\-shrinkwrap\.js" } -.fi -.RE -.SS Using shrinkwrapped packages -.P -Using a shrinkwrapped package is no different than using any other -package: you can \fBnpm install\fP it by hand, or add a dependency to your -\fBpackage\.json\fP file and \fBnpm install\fP it\. -.SS Building shrinkwrapped packages -.P -To shrinkwrap an existing package: -.RS 0 -.IP 1. 3 -Run \fBnpm install\fP in the package root to install the current -versions of all dependencies\. -.IP 2. 3 -Validate that the package works as expected with these versions\. -.IP 3. 3 -Run \fBnpm shrinkwrap\fP, add \fBnpm\-shrinkwrap\.json\fP to git, and publish -your package\. - -.RE -.P -To add or update a dependency in a shrinkwrapped package: -.RS 0 -.IP 1. 3 -Run \fBnpm install\fP in the package root to install the current -versions of all dependencies\. -.IP 2. 3 -Add or update dependencies\. \fBnpm install \-\-save\fP or \fBnpm install \-\-save\-dev\fP -each new or updated package individually to update the \fBpackage\.json\fP and -the shrinkwrap\. Note that they must be explicitly named in order to be -installed: running \fBnpm install\fP with no arguments will merely reproduce -the existing shrinkwrap\. -.IP 3. 3 -Validate that the package works as expected with the new -dependencies\. -.IP 4. 3 -Commit the new \fBnpm\-shrinkwrap\.json\fP, and publish your package\. - -.RE -.P -You can use npm help outdated to view dependencies with newer versions -available\. -.SS Other Notes -.P -A shrinkwrap file must be consistent with the package's \fBpackage\.json\fP -file\. \fBnpm shrinkwrap\fP will fail if required dependencies are not -already installed, since that would result in a shrinkwrap that -wouldn't actually work\. Similarly, the command will fail if there are -extraneous packages (not referenced by \fBpackage\.json\fP), since that would -indicate that \fBpackage\.json\fP is not correct\. -.P -Starting with npm v4\.0\.1, \fBdevDependencies\fP are included when you run -\fBnpm shrinkwrap\fP and follow the usual rules as to when they're installed\. -As of npm v3\.10\.8, if you run \fBnpm install \-\-only=production\fP or -\fBnpm install \-\-production\fP with a shrinkwrap including your development -dependencies they won't be installed\. Similarly, if the environment -variable \fBNODE_ENV\fP is \fBproduction\fP then they won't be installed\. If you -need compatibility with versions of npm prior to v3\.10\.8 or otherwise -don't want them in your shrinkwrap you can exclude development -dependencies with: -\fBnpm shrinkwrap \-\-only=prod\fP or \fBnpm shrinkwrap \-\-production\fP\|\. -.P -If shrinkwrapped package A depends on shrinkwrapped package B, B's -shrinkwrap will not be used as part of the installation of A\. However, -because A's shrinkwrap is constructed from a valid installation of B -and recursively specifies all dependencies, the contents of B's -shrinkwrap will implicitly be included in A's shrinkwrap\. -.SS Caveats -.P -If you wish to lock down the specific bytes included in a package, for -example to have 100% confidence in being able to reproduce a -deployment or build, then you ought to check your dependencies into -source control, or pursue some other mechanism that can verify -contents rather than versions\. +This command repurposes \fBpackage\-lock\.json\fP into a publishable +\fBnpm\-shrinkwrap\.json\fP or simply creates a new one\. The file created and updated +by this command will then take precedence over any other existing or future +\fBpackage\-lock\.json\fP files\. For a detailed explanation of the design and purpose +of package locks in npm, see npm help 5 package\-locks\. .SH SEE ALSO .RS 0 .IP \(bu 2 @@ -237,6 +26,12 @@ npm help 7 scripts .IP \(bu 2 npm help 5 package\.json .IP \(bu 2 +npm help 5 package\-locks +.IP \(bu 2 +npm help 5 package\-lock\.json +.IP \(bu 2 +npm help 5 shrinkwrap\.json +.IP \(bu 2 npm help ls .RE diff --git a/deps/npm/man/man1/npm.1 b/deps/npm/man/man1/npm.1 index f2d5d75d66..8ce03075f1 100644 --- a/deps/npm/man/man1/npm.1 +++ b/deps/npm/man/man1/npm.1 @@ -10,7 +10,7 @@ npm <command> [args] .RE .SH VERSION .P -5.0.0-beta.56 +5.0.0 .SH DESCRIPTION .P npm is the package manager for the Node JavaScript platform\. It puts diff --git a/deps/npm/man/man5/npm-package-locks.5 b/deps/npm/man/man5/npm-package-locks.5 new file mode 100644 index 0000000000..d751dc5566 --- /dev/null +++ b/deps/npm/man/man5/npm-package-locks.5 @@ -0,0 +1,183 @@ +.TH "NPM\-PACKAGE\-LOCKS" "5" "May 2017" "" "" +.SH "NAME" +\fBnpm-package-locks\fR \- An explanation of npm lockfiles +.SH DESCRIPTION +.P +Conceptually, the "input" to npm help install is a npm help 5 package\.json, while its +"output" is a fully\-formed \fBnode_modules\fP tree: a representation of the +dependencies you declared\. In an ideal world, npm would work like a pure +function: the same \fBpackage\.json\fP should produce the exact same \fBnode_modules\fP +tree, any time\. In some cases, this is indeed true\. But in many others, npm is +unable to do this\. There are multiple reasons for this: +.RS 0 +.IP \(bu 2 +different versions of npm (or other package managers) may have been used to install a package, each using slightly different installation algorithms\. +.IP \(bu 2 +a new version of a direct semver\-range package may have been published since the last time your packages were installed, and thus a newer version will be used\. +.IP \(bu 2 +A dependency of one of your dependencies may have published a new version, which will update even if you used pinned dependency specifiers (\fB1\.2\.3\fP instead of \fB^1\.2\.3\fP) +.IP \(bu 2 +The registry you installed from is no longer available, or allows mutation of versions (unlike the primary npm registry), and a different version of a package exists under the same version number now\. + +.RE +.P +As an example, consider package A: +.P +.RS 2 +.nf +{ + "name": "A", + "version": "0\.1\.0", + "dependencies": { + "B": "<0\.1\.0" + } +} +.fi +.RE +.P +package B: +.P +.RS 2 +.nf +{ + "name": "B", + "version": "0\.0\.1", + "dependencies": { + "C": "<0\.1\.0" + } +} +.fi +.RE +.P +and package C: +.P +.RS 2 +.nf +{ + "name": "C", + "version": "0\.0\.1" +} +.fi +.RE +.P +If these are the only versions of A, B, and C available in the +registry, then a normal \fBnpm install A\fP will install: +.P +.RS 2 +.nf +A@0\.1\.0 +`\-\- B@0\.0\.1 + `\-\- C@0\.0\.1 +.fi +.RE +.P +However, if B@0\.0\.2 is published, then a fresh \fBnpm install A\fP will +install: +.P +.RS 2 +.nf +A@0\.1\.0 +`\-\- B@0\.0\.2 + `\-\- C@0\.0\.1 +.fi +.RE +.P +assuming the new version did not modify B's dependencies\. Of course, +the new version of B could include a new version of C and any number +of new dependencies\. If such changes are undesirable, the author of A +could specify a dependency on B@0\.0\.1\. However, if A's author and B's +author are not the same person, there's no way for A's author to say +that he or she does not want to pull in newly published versions of C +when B hasn't changed at all\. +.P +To prevent this potential issue, npm uses npm help 5 package\-lock\.json or, if present, +npm help 5 shrinkwrap\.json\. These files are called package locks, or lockfiles\. +.P +Whenever you run \fBnpm install\fP, npm generates or updates your package lock, +which will look something like this: +.P +.RS 2 +.nf +{ + "name": "A", + "version": "0\.1\.0", + \.\.\.metadata fields\.\.\. + "dependencies": { + "B": { + "version": "0\.0\.1", + "resolved": "https://registry\.npmjs\.org/B/\-/B\-0\.0\.1\.tgz", + "integrity": "sha512\-DeAdb33F+" + "dependencies": { + "C": { + "version": "git://github\.com/org/C\.git#5c380ae319fc4efe9e7f2d9c78b0faa588fd99b4" + } + } + } + } +} +.fi +.RE +.P +This file describes an \fIexact\fR, and more importantly \fIreproducible\fR +\fBnode_modules\fP tree\. Once it's present, and future installation will base its +work off this file, instead of recalculating dependency versions off +npm help 5 package\.json\. +.P +The presence of a package lock changes the installation behavior such that: +.RS 0 +.IP 1. 3 +The module tree described by the package lock is reproduced\. This means +reproducing the structure described in the file, using the specific files +referenced in "resolved" if available, falling back to normal package resolution +using "version" if one isn't\. +.IP 2. 3 +The tree is walked and any missing dependencies are installed in the usual +fashion\. + +.RE +.P +If \fBpreshrinkwrap\fP, \fBshrinkwrap\fP or \fBpostshrinkwrap\fP are in the \fBscripts\fP +property of the \fBpackage\.json\fP, they will be executed in order\. \fBpreshrinkwrap\fP +and \fBshrinkwrap\fP are executed before the shrinkwrap, \fBpostshrinkwrap\fP is +executed afterwards\. These scripts run for both \fBpackage\-lock\.json\fP and +\fBnpm\-shrinkwrap\.json\fP\|\. For example to run some postprocessing on the generated +file: +.P +.RS 2 +.nf +"scripts": { + "postshrinkwrap": "json \-I \-e \\"this\.myMetadata = $MY_APP_METADATA\\"" +} +.fi +.RE +.SS Using locked packages +.P +Using a locked package is no different than using any package without a package +lock: any commands that update \fBnode_modules\fP and/or \fBpackage\.json\fP\|'s +dependencies will automatically sync the existing lockfile\. This includes \fBnpm +install\fP, \fBnpm rm\fP, \fBnpm update\fP, etc\. To prevent this update from happening, +you can use the \fB\-\-no\-save\fP option to prevent saving altogether, or +\fB\-\-no\-shrinkwrap\fP to allow \fBpackage\.json\fP to be updated while leaving +\fBpackage\-lock\.json\fP or \fBnpm\-shrinkwrap\.json\fP intact\. +.P +It is highly recommended you commit the generated package lock to source +control: this will allow anyone else on your team, your deployments, your +CI/continuous integration, and anyone else who runs \fBnpm install\fP in your +package source to get the exact same dependency tree that you were developing +on\. Additionally, the diffs from these changes are human\-readable and will +inform you of any changes npm has made to your \fBnode_modules\fP, so you can notice +if any transitive dependencies were updated, hoisted, etc\. +.SH SEE ALSO +.RS 0 +.IP \(bu 2 +https://medium\.com/@sdboyer/so\-you\-want\-to\-write\-a\-package\-manager\-4ae9c17d9527 +.IP \(bu 2 +npm help 5 package\.json +.IP \(bu 2 +npm help 5 package\-lock\.json +.IP \(bu 2 +npm help 5 shrinkwrap\.json +.IP \(bu 2 +npm help shrinkwrap + +.RE diff --git a/deps/npm/man/man5/npm-shrinkwrap.json.5 b/deps/npm/man/man5/npm-shrinkwrap.json.5 new file mode 100644 index 0000000000..deb06a7244 --- /dev/null +++ b/deps/npm/man/man5/npm-shrinkwrap.json.5 @@ -0,0 +1,32 @@ +.TH "NPM\-SHRINKWRAP\.JSON" "5" "May 2017" "" "" +.SH "NAME" +\fBnpm-shrinkwrap.json\fR \- A publishable lockfile +.SH DESCRIPTION +.P +\fBnpm\-shrinkwrap\.json\fP is a file created by npm help shrinkwrap\. It is identical to +\fBpackage\-lock\.json\fP, with one major caveat: Unlike \fBpackage\-lock\.json\fP, +\fBnpm\-shrinwkrap\.json\fP may be included when publishing a package\. +.P +The recommended use\-case for \fBnpm\-shrinkwrap\.json\fP is applications deployed +through the publishing process on the registry: for example, daemons and +command\-line tools intended as global installs or \fBdevDependencies\fP\|\. It's +strongly discouraged for library authors to publish this file, since that would +prevent end users from having control over transitive dependency updates\. +.P +Additionally, if both \fBpackage\-lock\.json\fP and \fBnpm\-shrinwkrap\.json\fP are present +in a package root, \fBpackage\-lock\.json\fP will be ignored in favor of this file\. +.P +For full details and description of the \fBnpm\-shrinkwrap\.json\fP file format, refer +to the manual page for npm help 5 package\-lock\.json\. +.SH SEE ALSO +.RS 0 +.IP \(bu 2 +npm help shrinkwrap +.IP \(bu 2 +npm help 5 package\-lock\.json +.IP \(bu 2 +npm help 5 package\.json +.IP \(bu 2 +npm help install + +.RE diff --git a/deps/npm/man/man5/package-lock.json.5 b/deps/npm/man/man5/package-lock.json.5 new file mode 100644 index 0000000000..fb86d4d0c5 --- /dev/null +++ b/deps/npm/man/man5/package-lock.json.5 @@ -0,0 +1,144 @@ +.TH "PACKAGE\-LOCK\.JSON" "5" "May 2017" "" "" +.SH "NAME" +\fBpackage-lock.json\fR \- A manifestation of the manifest +.SH DESCRIPTION +.P +\fBpackage\-lock\.json\fP is automatically generated for any operations where npm +modifies either the \fBnode_modules\fP tree, or \fBpackage\.json\fP\|\. It describes the +exact tree that was generated, such that subsequent installs are able to +generate identical trees, regardless of intermediate dependency updates\. +.P +This file is intended to be committed into source repositories, and serves +various purposes: +.RS 0 +.IP \(bu 2 +Describe a single representation of a dependency tree such that teammates, deployments, and continuous integration are guaranteed to install exactly the same dependencies\. +.IP \(bu 2 +Provide a facility for users to "time\-travel" to previous states of \fBnode_modules\fP without having to commit the directory itself\. +.IP \(bu 2 +To facilitate greater visibility of tree changes through readable source control diffs\. +.IP \(bu 2 +And optimize the installation process by allowing npm to skip repeated metadata resolutions for previously\-installed packages\. + +.RE +.P +One key detail about \fBpackage\-lock\.json\fP is that it cannot be published, and it +will be ignored if found in any place other than the toplevel package\. It shares +a format with npm help 5 shrinkwrap\.json, which is essentially the same file, but +allows publication\. This is not recommended unless deploying a CLI tool or +otherwise using the publication process for producing production packages\. +.P +If both \fBpackage\-lock\.json\fP and \fBnpm\-shrinkwrap\.json\fP are present in the root of +a package, \fBpackage\-lock\.json\fP will be completely ignored\. +.SH FILE FORMAT +.SS name +.P +The name of the package this is a package\-lock for\. This must match what's in +\fBpackage\.json\fP\|\. +.SS version +.P +The version of the package this is a package\-lock for\. This must match what's in +\fBpackage\.json\fP\|\. +.SS lockfileVersion +.P +An integer version, starting at \fB1\fP with the version number of this document +whose semantics were used when generating this \fBpackage\-lock\.json\fP\|\. +.SS packageIntegrity +.P +This is a subresource +integrity \fIhttps://w3c\.github\.io/webappsec/specs/subresourceintegrity/\fR value +created from the \fBpacakge\.json\fP\|\. No preprocessing of the \fBpackage\.json\fP should +be done\. Subresource integrity strings can be produced by modules like +\fBssri\fP \fIhttps://www\.npmjs\.com/package/ssri\fR\|\. +.SS preserveSymlinks +.P +Indicates that the install was done with the environment variable +\fBNODE_PRESERVE_SYMLINKS\fP enabled\. The installer should insist that the value of +this property match that environment variable\. +.SS dependencies +.P +A mapping of package name to dependency object\. Dependency objects have the +following properties: +.SS version +.P +This is a specifier that uniquely identifies this package and should be +usable in fetching a new copy of it\. +.RS 0 +.IP \(bu 2 +bundled dependencies: Regardless of source, this is a version number that is purely for informational purposes\. +.IP \(bu 2 +registry sources: This is a version number\. (eg, \fB1\.2\.3\fP) +.IP \(bu 2 +git sources: This is a git specifier with resolved committish\. (eg, \fBgit+https://example\.com/foo/bar#115311855adb0789a0466714ed48a1499ffea97e\fP) +.IP \(bu 2 +http tarball sources: This is the URL of the tarball\. (eg, \fBhttps://example\.com/example\-1\.3\.0\.tgz\fP) +.IP \(bu 2 +local tarball sources: This is the file URL of the tarball\. (eg \fBfile:///opt/storage/example\-1\.3\.0\.tgz\fP) +.IP \(bu 2 +local link sources: This is the file URL of the link\. (eg \fBfile:libs/our\-module\fP) + +.RE +.SS integrity +.P +This is a Standard Subresource +Integrity \fIhttps://w3c\.github\.io/webappsec/specs/subresourceintegrity/\fR for this +resource\. +.RS 0 +.IP \(bu 2 +For bundled dependencies this is not included, regardless of source\. +.IP \(bu 2 +For registry sources, this is the \fBintegrity\fP that the registry provided, or if one wasn't provided the SHA1 in \fBshasum\fP\|\. +.IP \(bu 2 +For git sources this is the specific commit hash we cloned from\. +.IP \(bu 2 +For remote tarball sources this is an integrity based on a SHA512 of +the file\. +.IP \(bu 2 +For local tarball sources: This is an integrity field based on the SHA512 of the file\. + +.RE +.SS resolved +.RS 0 +.IP \(bu 2 +For bundled dependencies this is not included, regardless of source\. +.IP \(bu 2 +For registry sources this is path of the tarball relative to the registry +URL\. If the tarball URL isn't on the same server as the registry URL then +this is a complete URL\. + +.RE +.SS bundled +.P +If true, this is the bundled dependency and will be installed by the parent +module\. When installing, this module will be extracted from the parent +module during the extract phase, not installed as a separate dependency\. +.SS dev +.P +If true then this dependency is either a development dependency ONLY of the +top level module or a transitive dependency of one\. This is false for +dependencies that are both a development dependency of the top level and a +transitive dependency of a non\-development dependency of the top level\. +.SS optional +.P +If true then this dependency is either an optional dependency ONLY of the +top level module or a transitive dependency of one\. This is false for +dependencies that are both an optional dependency of the top level and a +transitive dependency of a non\-optional dependency of the top level\. +.P +All optional dependencies should be included even if they're uninstallable +on the current platform\. +.SS dependencies +.P +The dependencies of this dependency, exactly as at the top level\. +.SH SEE ALSO +.RS 0 +.IP \(bu 2 +npm help shrinkwrap +.IP \(bu 2 +npm help 5 package\-lock\.json +.IP \(bu 2 +npm help 5 package\.json +.IP \(bu 2 +npm help install + +.RE diff --git a/deps/npm/man/man7/npm-config.7 b/deps/npm/man/man7/npm-config.7 index 30a42afec6..67e8880659 100644 --- a/deps/npm/man/man7/npm-config.7 +++ b/deps/npm/man/man7/npm-config.7 @@ -81,6 +81,8 @@ The following shorthands are parsed on the command\-line: .IP \(bu 2 \fB\-S\fP: \fB\-\-save\fP .IP \(bu 2 +\fB\-P\fP: \fB\-\-save\-prod\fP +.IP \(bu 2 \fB\-D\fP: \fB\-\-save\-dev\fP .IP \(bu 2 \fB\-O\fP: \fB\-\-save\-optional\fP @@ -943,6 +945,19 @@ Type: Boolean Attempt to install packages in the \fBoptionalDependencies\fP object\. Note that if these packages fail to install, the overall installation process is not aborted\. +.SS package\-lock +.RS 0 +.IP \(bu 2 +Default: true +.IP \(bu 2 +Type: Boolean + +.RE +.P +If set to false, then ignore \fBpackage\-lock\.json\fP files when installing\. This +will also prevent \fIwriting\fR \fBpackage\-lock\.json\fP if \fBsave\fP is true\. +.P +This option is an alias for \fB\-\-shrinkwrap\fP\|\. .SS parseable .RS 0 .IP \(bu 2 @@ -1107,6 +1122,20 @@ If a package would be saved at install time by the use of \fB\-\-save\fP, .P When used with the \fBnpm rm\fP command, it removes it from the bundledDependencies list\. +.SS save\-prod +.RS 0 +.IP \(bu 2 +Default: false +.IP \(bu 2 +Type: Boolean + +.RE +.P +Makes sure that a package will be saved into \fBdependencies\fP specifically\. This +is useful if a package already exists in \fBdevDependencies\fP or +\fBoptionalDependencies\fP, but you want to move it to be a production dep\. This is +also the default behavior if \fB\-\-save\fP is true, and neither \fB\-\-save\-dev\fP or +\fB\-\-save\-optional\fP are true\. .SS save\-dev .RS 0 .IP \(bu 2 @@ -1278,8 +1307,10 @@ Type: Boolean .RE .P -If set to false, then ignore \fBnpm\-shrinkwrap\.json\fP files when -installing\. +If set to false, then ignore \fBnpm\-shrinkwrap\.json\fP files when installing\. This +will also prevent \fIwriting\fR \fBnpm\-shrinkwrap\.json\fP if \fBsave\fP is true\. +.P +This option is an alias for \fB\-\-package\-lock\fP\|\. .SS sign\-git\-tag .RS 0 .IP \(bu 2 diff --git a/deps/npm/man/man7/npm-index.7 b/deps/npm/man/man7/npm-index.7 index 2ed9981eb3..8ec9c15976 100644 --- a/deps/npm/man/man7/npm-index.7 +++ b/deps/npm/man/man7/npm-index.7 @@ -123,7 +123,7 @@ Run arbitrary package scripts Search for packages .SS npm help shrinkwrap .P -Lock down dependency versions +Lock down dependency versions for publication .SS npm help star .P Mark your favorite packages @@ -169,9 +169,18 @@ File system structures npm uses .SS npm help 5 folders .P Folder Structures Used by npm +.SS npm help 5 package\-locks +.P +An explanation of npm lockfiles +.SS npm help 5 shrinkwrap\.json +.P +A publishable lockfile .SS npm help 5 npmrc .P The npm config files +.SS npm help 5 package\-lock\.json +.P +A manifestation of the manifest .SS npm help 5 package\.json .P Specifics of npm's package\.json handling diff --git a/deps/npm/man/man7/npm-scripts.7 b/deps/npm/man/man7/npm-scripts.7 index 666953c5ce..f57a4c221f 100644 --- a/deps/npm/man/man7/npm-scripts.7 +++ b/deps/npm/man/man7/npm-scripts.7 @@ -8,16 +8,24 @@ following scripts: .RS 0 .IP \(bu 2 prepublish: -Run BEFORE the package is published\. (Also run on local \fBnpm -install\fP without any arguments\. See below\.) +Run BEFORE the package is packed and published, as well as on local \fBnpm +install\fP without any arguments\. (See below) .IP \(bu 2 prepare: -Run both BEFORE the package is published, and on local \fBnpm -install\fP without any arguments\. (See below\.) This is run +Run both BEFORE the package is packed and published, and on local \fBnpm +install\fP without any arguments (See below)\. This is run AFTER \fBprepublish\fP, but BEFORE \fBprepublishOnly\fP\|\. .IP \(bu 2 prepublishOnly: -Run BEFORE the package is published\. (See below\.) +Run BEFORE the package is prepared and packed, ONLY on \fBnpm publish\fP\|\. (See +below\.) +.IP \(bu 2 +prepack: +run BEFORE a tarball is packed (on \fBnpm pack\fP, \fBnpm publish\fP, and when +installing git dependencies) +.IP \(bu 2 +postpack: +Run AFTER the tarball has been generated and moved to its final destination\. .IP \(bu 2 publish, postpublish: Run AFTER the package is published\. diff --git a/deps/npm/node_modules/cacache/CHANGELOG.md b/deps/npm/node_modules/cacache/CHANGELOG.md index 3eeb55dbbb..8235212ade 100644 --- a/deps/npm/node_modules/cacache/CHANGELOG.md +++ b/deps/npm/node_modules/cacache/CHANGELOG.md @@ -2,6 +2,76 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +<a name="9.2.5"></a> +## [9.2.5](https://github.com/zkat/cacache/compare/v9.2.4...v9.2.5) (2017-05-25) + + +### Bug Fixes + +* **deps:** fix lockfile issues and bump ssri ([84e1d7e](https://github.com/zkat/cacache/commit/84e1d7e)) + + + +<a name="9.2.4"></a> +## [9.2.4](https://github.com/zkat/cacache/compare/v9.2.3...v9.2.4) (2017-05-24) + + +### Bug Fixes + +* **deps:** bumping deps ([bbccb12](https://github.com/zkat/cacache/commit/bbccb12)) + + + +<a name="9.2.3"></a> +## [9.2.3](https://github.com/zkat/cacache/compare/v9.2.2...v9.2.3) (2017-05-24) + + +### Bug Fixes + +* **rm:** stop crashing if content is missing on rm ([ac90bc0](https://github.com/zkat/cacache/commit/ac90bc0)) + + + +<a name="9.2.2"></a> +## [9.2.2](https://github.com/zkat/cacache/compare/v9.2.1...v9.2.2) (2017-05-14) + + +### Bug Fixes + +* **i18n:** lets pretend this didn't happen ([519b4ee](https://github.com/zkat/cacache/commit/519b4ee)) + + + +<a name="9.2.1"></a> +## [9.2.1](https://github.com/zkat/cacache/compare/v9.2.0...v9.2.1) (2017-05-14) + + +### Bug Fixes + +* **docs:** fixing translation messup ([bb9e4f9](https://github.com/zkat/cacache/commit/bb9e4f9)) + + + +<a name="9.2.0"></a> +# [9.2.0](https://github.com/zkat/cacache/compare/v9.1.0...v9.2.0) (2017-05-14) + + +### Features + +* **i18n:** add Spanish translation for API ([531f9a4](https://github.com/zkat/cacache/commit/531f9a4)) + + + +<a name="9.1.0"></a> +# [9.1.0](https://github.com/zkat/cacache/compare/v9.0.0...v9.1.0) (2017-05-14) + + +### Features + +* **i18n:** Add Spanish translation and i18n setup (#91) ([323b90c](https://github.com/zkat/cacache/commit/323b90c)) + + + <a name="9.0.0"></a> # [9.0.0](https://github.com/zkat/cacache/compare/v8.0.0...v9.0.0) (2017-04-28) diff --git a/deps/npm/node_modules/cacache/README.md b/deps/npm/node_modules/cacache/README.md index bb8f79e988..ea69b8f540 100644 --- a/deps/npm/node_modules/cacache/README.md +++ b/deps/npm/node_modules/cacache/README.md @@ -8,6 +8,8 @@ get corrupted or manipulated. It was originally written to be used as [npm](https://npm.im)'s local cache, but can just as easily be used on its own +_Translations: [español](README.es.md)_ + ## Install `$ npm install --save cacache` @@ -18,6 +20,7 @@ can just as easily be used on its own * [Features](#features) * [Contributing](#contributing) * [API](#api) + * [Using localized APIs](#localized-api) * Reading * [`ls`](#ls) * [`ls.stream`](#ls-stream) @@ -33,6 +36,7 @@ can just as easily be used on its own * [`rm.entry`](#rm-entry) * [`rm.content`](#rm-content) * Utilities + * [`setLocale`](#set-locale) * [`clearMemoized`](#clear-memoized) * [`tmp.mkdir`](#tmp-mkdir) * [`tmp.withTmp`](#with-tmp) @@ -44,7 +48,7 @@ can just as easily be used on its own ### Example ```javascript -const cacache = require('cacache') +const cacache = require('cacache/en') const fs = require('fs') const tarball = '/path/to/mytar.tgz' @@ -105,7 +109,22 @@ Happy hacking! ### API -#### <a name="ls"></a> `> cacache.ls(cache) -> Promise` +#### <a name="localized-api"></a> Using localized APIs + +cacache includes a complete API in English, with the same features as other +translations. To use the English API as documented in this README, use +`require('cacache/en')`. This is also currently the default if you do +`require('cacache')`, but may change in the future. + +cacache also supports other languages! You can find the list of currently +supported ones my looking in `./locales` in the source directory. You can use +the API in that language with `require('cacache/<lang>')`. + +Want to add support for a new language? Please go ahead! You should be able to +copy `./locales/en.js` and `./locales/en.json` and fill them in. Translating the +`README.md` is a bit more work, but also appreciated if you get around to it. 👍🏼 + +#### <a name="ls"></a> `> cacache.ls(cache) -> Promise<Object>` Lists info for all entries currently in the cache as a single large object. Each entry in the object will be keyed by the unique index key, with corresponding @@ -301,14 +320,6 @@ Looks up a [Subresource Integrity hash](#integrity) in the cache. If content exists for this `integrity`, it will return an object, with the specific single integrity hash that was found in `sri` key, and the size of the found content as `size`. If no content exists for this integrity, it will return `false`. -##### Fields - -* `source` - The [Subresource Integrity hash](#integrity) that was provided as an -argument and subsequently found in the cache. -* `algorithm` - The algorithm used in the hash. -* `digest` - The digest portion of the hash. -* `options` - ##### Example ```javascript @@ -422,9 +433,8 @@ If `opts.memoize` is an object or a `Map`-like (that is, an object with `get` and `set` methods), it will be written to instead of the global memoization cache. -Reading from existing memoized data can be forced by explicitly passing -`memoize: false` to the reader functions, but their default will be to read from -memory. +Reading from disk data can be forced by explicitly passing `memoize: false` to +the reader functions, but their default will be to read from memory. #### <a name="rm-all"></a> `> cacache.rm.all(cache) -> Promise` @@ -471,6 +481,14 @@ cacache.rm.content(cachePath, 'sha512-SoMeDIGest/IN+BaSE64==').then(() => { }) ``` +#### <a name="set-locale"></a> `> cacache.setLocale(locale)` + +Configure the language/locale used for messages and errors coming from cacache. +The list of available locales is in the `./locales` directory in the project +root. + +_Interested in contributing more languages! [Submit a PR](CONTRIBUTING.md)!_ + #### <a name="clear-memoized"></a> `> cacache.clearMemoized()` Completely resets the in-memory entry cache. diff --git a/deps/npm/node_modules/cacache/en.js b/deps/npm/node_modules/cacache/en.js new file mode 100644 index 0000000000..a3db581c9f --- /dev/null +++ b/deps/npm/node_modules/cacache/en.js @@ -0,0 +1,3 @@ +'use strict' + +module.exports = require('./locales/en.js') diff --git a/deps/npm/node_modules/cacache/es.js b/deps/npm/node_modules/cacache/es.js new file mode 100644 index 0000000000..6282363c3b --- /dev/null +++ b/deps/npm/node_modules/cacache/es.js @@ -0,0 +1,3 @@ +'use strict' + +module.exports = require('./locales/es.js') diff --git a/deps/npm/node_modules/cacache/index.js b/deps/npm/node_modules/cacache/index.js index c9b19c20f7..a3db581c9f 100644 --- a/deps/npm/node_modules/cacache/index.js +++ b/deps/npm/node_modules/cacache/index.js @@ -1,11 +1,3 @@ 'use strict' -module.exports = { - ls: require('./ls'), - get: require('./get'), - put: require('./put'), - rm: require('./rm'), - verify: require('./verify'), - clearMemoized: require('./lib/memoization').clearMemoized, - tmp: require('./lib/util/tmp') -} +module.exports = require('./locales/en.js') diff --git a/deps/npm/node_modules/cacache/lib/content/read.js b/deps/npm/node_modules/cacache/lib/content/read.js index 0ba19ac6e9..14ca7d905d 100644 --- a/deps/npm/node_modules/cacache/lib/content/read.js +++ b/deps/npm/node_modules/cacache/lib/content/read.js @@ -7,6 +7,7 @@ const fs = require('graceful-fs') const PassThrough = require('stream').PassThrough const pipe = BB.promisify(require('mississippi').pipe) const ssri = require('ssri') +const Y = require('../util/y.js') BB.promisifyAll(fs) @@ -86,7 +87,7 @@ function pickContentSri (cache, integrity) { } function sizeError (expected, found) { - var err = new Error('stream data size mismatch') + var err = new Error(Y`Bad data size: expected inserted data to be ${expected} bytes, but got ${found} instead`) err.expected = expected err.found = found err.code = 'EBADSIZE' @@ -94,7 +95,7 @@ function sizeError (expected, found) { } function integrityError (sri, path) { - var err = new Error(`Integrity verification failed for ${sri} (${path})`) + var err = new Error(Y`Integrity verification failed for ${sri} (${path})`) err.code = 'EINTEGRITY' err.sri = sri err.path = path diff --git a/deps/npm/node_modules/cacache/lib/content/rm.js b/deps/npm/node_modules/cacache/lib/content/rm.js index a8903dc0e3..12cf158235 100644 --- a/deps/npm/node_modules/cacache/lib/content/rm.js +++ b/deps/npm/node_modules/cacache/lib/content/rm.js @@ -9,9 +9,13 @@ const rimraf = BB.promisify(require('rimraf')) module.exports = rm function rm (cache, integrity) { return hasContent(cache, integrity).then(content => { - const sri = content.sri - if (sri) { - return rimraf(contentPath(cache, sri)) + if (content) { + const sri = content.sri + if (sri) { + return rimraf(contentPath(cache, sri)).then(() => true) + } + } else { + return false } }) } diff --git a/deps/npm/node_modules/cacache/lib/content/write.js b/deps/npm/node_modules/cacache/lib/content/write.js index 479d3e7f80..a79ae92902 100644 --- a/deps/npm/node_modules/cacache/lib/content/write.js +++ b/deps/npm/node_modules/cacache/lib/content/write.js @@ -13,6 +13,7 @@ const rimraf = BB.promisify(require('rimraf')) const ssri = require('ssri') const to = require('mississippi').to const uniqueFilename = require('unique-filename') +const Y = require('../util/y.js') const writeFileAsync = BB.promisify(fs.writeFile) @@ -21,7 +22,7 @@ function write (cache, data, opts) { opts = opts || {} if (opts.algorithms && opts.algorithms.length > 1) { throw new Error( - 'opts.algorithms only supports a single algorithm for now' + Y`opts.algorithms only supports a single algorithm for now` ) } if (typeof opts.size === 'number' && data.length !== opts.size) { @@ -58,7 +59,7 @@ function writeStream (cache, opts) { }, cb => { inputStream.end(() => { if (!allDone) { - const e = new Error('Input stream was empty') + const e = new Error(Y`Cache input stream was empty`) e.code = 'ENODATA' return ret.emit('error', e) } @@ -143,7 +144,7 @@ function moveToDestination (tmp, cache, sri, opts, errCheck) { } function sizeError (expected, found) { - var err = new Error('stream data size mismatch') + var err = new Error(Y`Bad data size: expected inserted data to be ${expected} bytes, but got ${found} instead`) err.expected = expected err.found = found err.code = 'EBADSIZE' @@ -151,7 +152,9 @@ function sizeError (expected, found) { } function checksumError (expected, found) { - var err = new Error('checksum failed') + var err = new Error(Y`Integrity check failed: + Wanted: ${expected} + Found: ${found}`) err.code = 'EINTEGRITY' err.expected = expected err.found = found diff --git a/deps/npm/node_modules/cacache/lib/entry-index.js b/deps/npm/node_modules/cacache/lib/entry-index.js index d95d0452a2..face0fe79c 100644 --- a/deps/npm/node_modules/cacache/lib/entry-index.js +++ b/deps/npm/node_modules/cacache/lib/entry-index.js @@ -10,6 +10,7 @@ const hashToSegments = require('./util/hash-to-segments') const ms = require('mississippi') const path = require('path') const ssri = require('ssri') +const Y = require('./util/y.js') const indexV = require('../package.json')['cache-version'].index @@ -21,7 +22,7 @@ const from = ms.from module.exports.NotFoundError = class NotFoundError extends Error { constructor (cache, key) { - super('content not found') + super(Y`No cache entry for \`${key}\` found in \`${cache}\``) this.code = 'ENOENT' this.cache = cache this.key = key @@ -214,7 +215,9 @@ function formatEntry (cache, entry) { } function readdirOrEmpty (dir) { - return readdirAsync(dir).catch({code: 'ENOENT'}, () => []) + return readdirAsync(dir) + .catch({code: 'ENOENT'}, () => []) + .catch({code: 'ENOTDIR'}, () => []) } function nop () { diff --git a/deps/npm/node_modules/cacache/lib/util/y.js b/deps/npm/node_modules/cacache/lib/util/y.js new file mode 100644 index 0000000000..d62bedacb3 --- /dev/null +++ b/deps/npm/node_modules/cacache/lib/util/y.js @@ -0,0 +1,25 @@ +'use strict' + +const path = require('path') +const y18n = require('y18n')({ + directory: path.join(__dirname, '../../locales'), + locale: 'en', + updateFiles: process.env.CACACHE_UPDATE_LOCALE_FILES === 'true' +}) + +module.exports = yTag +function yTag (parts) { + let str = '' + parts.forEach((part, i) => { + const arg = arguments[i + 1] + str += part + if (arg) { + str += '%s' + } + }) + return y18n.__.apply(null, [str].concat([].slice.call(arguments, 1))) +} + +module.exports.setLocale = locale => { + y18n.setLocale(locale) +} diff --git a/deps/npm/node_modules/cacache/locales/en.js b/deps/npm/node_modules/cacache/locales/en.js new file mode 100644 index 0000000000..22382c96b3 --- /dev/null +++ b/deps/npm/node_modules/cacache/locales/en.js @@ -0,0 +1,42 @@ +'use strict' + +const ls = require('../ls.js') +const get = require('../get.js') +const put = require('../put.js') +const rm = require('../rm.js') +const verify = require('../verify.js') +const setLocale = require('../lib/util/y.js').setLocale +const clearMemoized = require('../lib/memoization.js').clearMemoized +const tmp = require('../lib/util/tmp.js') + +setLocale('en') + +const x = module.exports + +x.ls = cache => ls(cache) +x.ls.stream = cache => ls.stream(cache) + +x.get = (cache, key, opts) => get(cache, key, opts) +x.get.byDigest = (cache, hash, opts) => get.byDigest(cache, hash, opts) +x.get.stream = (cache, key, opts) => get.stream(cache, key, opts) +x.get.stream.byDigest = (cache, hash, opts) => get.stream.byDigest(cache, hash, opts) +x.get.info = (cache, key) => get.info(cache, key) +x.get.hasContent = (cache, hash) => get.hasContent(cache, hash) + +x.put = (cache, key, data, opts) => put(cache, key, data, opts) +x.put.stream = (cache, key, opts) => put.stream(cache, key, opts) + +x.rm = (cache, key) => rm.entry(cache, key) +x.rm.all = cache => rm.all(cache) +x.rm.entry = x.rm +x.rm.content = (cache, hash) => rm.content(cache, hash) + +x.setLocale = lang => setLocale(lang) +x.clearMemoized = () => clearMemoized() + +x.tmp = {} +x.tmp.mkdir = (cache, opts) => tmp.mkdir(cache, opts) +x.tmp.withTmp = (cache, opts, cb) => tmp.withTmp(cache, opts, cb) + +x.verify = (cache, opts) => verify(cache, opts) +x.verify.lastRun = cache => verify.lastRun(cache) diff --git a/deps/npm/node_modules/cacache/locales/en.json b/deps/npm/node_modules/cacache/locales/en.json new file mode 100644 index 0000000000..82ecb08324 --- /dev/null +++ b/deps/npm/node_modules/cacache/locales/en.json @@ -0,0 +1,6 @@ +{ + "No cache entry for `%s` found in `%s`": "No cache entry for %s found in %s", + "Integrity verification failed for %s (%s)": "Integrity verification failed for %s (%s)", + "Bad data size: expected inserted data to be %s bytes, but got %s instead": "Bad data size: expected inserted data to be %s bytes, but got %s instead", + "Cache input stream was empty": "Cache input stream was empty" +} diff --git a/deps/npm/node_modules/cacache/locales/es.js b/deps/npm/node_modules/cacache/locales/es.js new file mode 100644 index 0000000000..6cb9d0c0d2 --- /dev/null +++ b/deps/npm/node_modules/cacache/locales/es.js @@ -0,0 +1,44 @@ +'use strict' + +const ls = require('../ls.js') +const get = require('../get.js') +const put = require('../put.js') +const rm = require('../rm.js') +const verify = require('../verify.js') +const setLocale = require('../lib/util/y.js').setLocale +const clearMemoized = require('../lib/memoization.js').clearMemoized +const tmp = require('../lib/util/tmp.js') + +setLocale('es') + +const x = module.exports + +x.ls = cache => ls(cache) +x.ls.flujo = cache => ls.stream(cache) + +x.saca = (cache, clave, ops) => get(cache, clave, ops) +x.saca.porHacheo = (cache, hacheo, ops) => get.byDigest(cache, hacheo, ops) +x.saca.flujo = (cache, clave, ops) => get.stream(cache, clave, ops) +x.saca.flujo.porHacheo = (cache, hacheo, ops) => get.stream.byDigest(cache, hacheo, ops) +x.saca.info = (cache, clave) => get.info(cache, clave) +x.saca.tieneDatos = (cache, hacheo) => get.hasContent(cache, hacheo) + +x.mete = (cache, clave, datos, ops) => put(cache, clave, datos, ops) +x.mete.flujo = (cache, clave, ops) => put.stream(cache, clave, ops) + +x.rm = (cache, clave) => rm.entry(cache, clave) +x.rm.todo = cache => rm.all(cache) +x.rm.entrada = x.rm +x.rm.datos = (cache, hacheo) => rm.content(cache, hacheo) + +x.ponLenguaje = lang => setLocale(lang) +x.limpiaMemoizado = () => clearMemoized() + +x.tmp = {} +x.tmp.mkdir = (cache, ops) => tmp.mkdir(cache, ops) +x.tmp.hazdir = x.tmp.mkdir +x.tmp.conTmp = (cache, ops, cb) => tmp.withTmp(cache, ops, cb) + +x.verifica = (cache, ops) => verify(cache, ops) +x.verifica.ultimaVez = cache => verify.lastRun(cache) +x.verifica.últimaVez = x.verifica.ultimaVez diff --git a/deps/npm/node_modules/cacache/locales/es.json b/deps/npm/node_modules/cacache/locales/es.json new file mode 100644 index 0000000000..a91d76225b --- /dev/null +++ b/deps/npm/node_modules/cacache/locales/es.json @@ -0,0 +1,6 @@ +{ + "No cache entry for `%s` found in `%s`": "No existe ninguna entrada para «%s» en «%s»", + "Integrity verification failed for %s (%s)": "Verificación de integridad falló para «%s» (%s)", + "Bad data size: expected inserted data to be %s bytes, but got %s instead": "Tamaño incorrecto de datos: los datos insertados debieron haber sido %s octetos, pero fueron %s", + "Cache input stream was empty": "El stream de entrada al caché estaba vacío" +} diff --git a/deps/npm/node_modules/cacache/node_modules/y18n/LICENSE b/deps/npm/node_modules/cacache/node_modules/y18n/LICENSE new file mode 100644 index 0000000000..3c157f0b9d --- /dev/null +++ b/deps/npm/node_modules/cacache/node_modules/y18n/LICENSE @@ -0,0 +1,13 @@ +Copyright (c) 2015, Contributors + +Permission to use, copy, modify, and/or distribute this software for any purpose +with or without fee is hereby granted, provided that the above copyright notice +and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH +REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND +FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, +INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS +OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER +TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF +THIS SOFTWARE. diff --git a/deps/npm/node_modules/cacache/node_modules/y18n/README.md b/deps/npm/node_modules/cacache/node_modules/y18n/README.md new file mode 100644 index 0000000000..9859458f20 --- /dev/null +++ b/deps/npm/node_modules/cacache/node_modules/y18n/README.md @@ -0,0 +1,91 @@ +# y18n + +[![Build Status][travis-image]][travis-url] +[![Coverage Status][coveralls-image]][coveralls-url] +[![NPM version][npm-image]][npm-url] +[![js-standard-style][standard-image]][standard-url] + +The bare-bones internationalization library used by yargs. + +Inspired by [i18n](https://www.npmjs.com/package/i18n). + +## Examples + +_simple string translation:_ + +```js +var __ = require('y18n').__ + +console.log(__('my awesome string %s', 'foo')) +``` + +output: + +`my awesome string foo` + +_pluralization support:_ + +```js +var __n = require('y18n').__n + +console.log(__n('one fish %s', '%d fishes %s', 2, 'foo')) +``` + +output: + +`2 fishes foo` + +## JSON Language Files + +The JSON language files should be stored in a `./locales` folder. +File names correspond to locales, e.g., `en.json`, `pirate.json`. + +When strings are observed for the first time they will be +added to the JSON file corresponding to the current locale. + +## Methods + +### require('y18n')(config) + +Create an instance of y18n with the config provided, options include: + +* `directory`: the locale directory, default `./locales`. +* `updateFiles`: should newly observed strings be updated in file, default `true`. +* `locale`: what locale should be used. +* `fallbackToLanguage`: should fallback to a language-only file (e.g. `en.json`) + be allowed if a file matching the locale does not exist (e.g. `en_US.json`), + default `true`. + +### y18n.\_\_(str, arg, arg, arg) + +Print a localized string, `%s` will be replaced with `arg`s. + +### y18n.\_\_n(singularString, pluralString, count, arg, arg, arg) + +Print a localized string with appropriate pluralization. If `%d` is provided +in the string, the `count` will replace this placeholder. + +### y18n.setLocale(str) + +Set the current locale being used. + +### y18n.getLocale() + +What locale is currently being used? + +### y18n.updateLocale(obj) + +Update the current locale with the key value pairs in `obj`. + +## License + +ISC + +[travis-url]: https://travis-ci.org/yargs/y18n +[travis-image]: https://img.shields.io/travis/yargs/y18n.svg +[coveralls-url]: https://coveralls.io/github/yargs/y18n +[coveralls-image]: https://img.shields.io/coveralls/yargs/y18n.svg +[npm-url]: https://npmjs.org/package/y18n +[npm-image]: https://img.shields.io/npm/v/y18n.svg +[standard-image]: https://img.shields.io/badge/code%20style-standard-brightgreen.svg +[standard-url]: https://github.com/feross/standard diff --git a/deps/npm/node_modules/cacache/node_modules/y18n/index.js b/deps/npm/node_modules/cacache/node_modules/y18n/index.js new file mode 100644 index 0000000000..91b159e342 --- /dev/null +++ b/deps/npm/node_modules/cacache/node_modules/y18n/index.js @@ -0,0 +1,172 @@ +var fs = require('fs') +var path = require('path') +var util = require('util') + +function Y18N (opts) { + // configurable options. + opts = opts || {} + this.directory = opts.directory || './locales' + this.updateFiles = typeof opts.updateFiles === 'boolean' ? opts.updateFiles : true + this.locale = opts.locale || 'en' + this.fallbackToLanguage = typeof opts.fallbackToLanguage === 'boolean' ? opts.fallbackToLanguage : true + + // internal stuff. + this.cache = {} + this.writeQueue = [] +} + +Y18N.prototype.__ = function () { + var args = Array.prototype.slice.call(arguments) + var str = args.shift() + var cb = function () {} // start with noop. + + if (typeof args[args.length - 1] === 'function') cb = args.pop() + cb = cb || function () {} // noop. + + if (!this.cache[this.locale]) this._readLocaleFile() + + // we've observed a new string, update the language file. + if (!this.cache[this.locale][str] && this.updateFiles) { + this.cache[this.locale][str] = str + + // include the current directory and locale, + // since these values could change before the + // write is performed. + this._enqueueWrite([this.directory, this.locale, cb]) + } else { + cb() + } + + return util.format.apply(util, [this.cache[this.locale][str] || str].concat(args)) +} + +Y18N.prototype._enqueueWrite = function (work) { + this.writeQueue.push(work) + if (this.writeQueue.length === 1) this._processWriteQueue() +} + +Y18N.prototype._processWriteQueue = function () { + var _this = this + var work = this.writeQueue[0] + + // destructure the enqueued work. + var directory = work[0] + var locale = work[1] + var cb = work[2] + + var languageFile = this._resolveLocaleFile(directory, locale) + var serializedLocale = JSON.stringify(this.cache[locale], null, 2) + + fs.writeFile(languageFile, serializedLocale, 'utf-8', function (err) { + _this.writeQueue.shift() + if (_this.writeQueue.length > 0) _this._processWriteQueue() + cb(err) + }) +} + +Y18N.prototype._readLocaleFile = function () { + var localeLookup = {} + var languageFile = this._resolveLocaleFile(this.directory, this.locale) + + try { + localeLookup = JSON.parse(fs.readFileSync(languageFile, 'utf-8')) + } catch (err) { + if (err instanceof SyntaxError) { + err.message = 'syntax error in ' + languageFile + } + + if (err.code === 'ENOENT') localeLookup = {} + else throw err + } + + this.cache[this.locale] = localeLookup +} + +Y18N.prototype._resolveLocaleFile = function (directory, locale) { + var file = path.resolve(directory, './', locale + '.json') + if (this.fallbackToLanguage && !this._fileExistsSync(file) && ~locale.lastIndexOf('_')) { + // attempt fallback to language only + var languageFile = path.resolve(directory, './', locale.split('_')[0] + '.json') + if (this._fileExistsSync(languageFile)) file = languageFile + } + return file +} + +// this only exists because fs.existsSync() "will be deprecated" +// see https://nodejs.org/api/fs.html#fs_fs_existssync_path +Y18N.prototype._fileExistsSync = function (file) { + try { + return fs.statSync(file).isFile() + } catch (err) { + return false + } +} + +Y18N.prototype.__n = function () { + var args = Array.prototype.slice.call(arguments) + var singular = args.shift() + var plural = args.shift() + var quantity = args.shift() + + var cb = function () {} // start with noop. + if (typeof args[args.length - 1] === 'function') cb = args.pop() + + if (!this.cache[this.locale]) this._readLocaleFile() + + var str = quantity === 1 ? singular : plural + if (this.cache[this.locale][singular]) { + str = this.cache[this.locale][singular][quantity === 1 ? 'one' : 'other'] + } + + // we've observed a new string, update the language file. + if (!this.cache[this.locale][singular] && this.updateFiles) { + this.cache[this.locale][singular] = { + one: singular, + other: plural + } + + // include the current directory and locale, + // since these values could change before the + // write is performed. + this._enqueueWrite([this.directory, this.locale, cb]) + } else { + cb() + } + + // if a %d placeholder is provided, add quantity + // to the arguments expanded by util.format. + var values = [str] + if (~str.indexOf('%d')) values.push(quantity) + + return util.format.apply(util, values.concat(args)) +} + +Y18N.prototype.setLocale = function (locale) { + this.locale = locale +} + +Y18N.prototype.getLocale = function () { + return this.locale +} + +Y18N.prototype.updateLocale = function (obj) { + if (!this.cache[this.locale]) this._readLocaleFile() + + for (var key in obj) { + this.cache[this.locale][key] = obj[key] + } +} + +module.exports = function (opts) { + var y18n = new Y18N(opts) + + // bind all functions to y18n, so that + // they can be used in isolation. + for (var key in y18n) { + if (typeof y18n[key] === 'function') { + y18n[key] = y18n[key].bind(y18n) + } + } + + return y18n +} diff --git a/deps/npm/node_modules/cacache/node_modules/y18n/package.json b/deps/npm/node_modules/cacache/node_modules/y18n/package.json new file mode 100644 index 0000000000..a96457708a --- /dev/null +++ b/deps/npm/node_modules/cacache/node_modules/y18n/package.json @@ -0,0 +1,65 @@ +{ + "_from": "y18n@^3.2.1", + "_id": "y18n@3.2.1", + "_inBundle": false, + "_integrity": "sha1-bRX7qITAhnnA136I53WegR4H+kE=", + "_location": "/cacache/y18n", + "_phantomChildren": {}, + "_requested": { + "type": "range", + "registry": true, + "raw": "y18n@^3.2.1", + "name": "y18n", + "escapedName": "y18n", + "rawSpec": "^3.2.1", + "saveSpec": null, + "fetchSpec": "^3.2.1" + }, + "_requiredBy": [ + "/cacache" + ], + "_resolved": "https://registry.npmjs.org/y18n/-/y18n-3.2.1.tgz", + "_shasum": "6d15fba884c08679c0d77e88e7759e811e07fa41", + "_spec": "y18n@^3.2.1", + "_where": "/Users/zkat/Documents/code/npm/node_modules/cacache", + "author": { + "name": "Ben Coe", + "email": "ben@npmjs.com" + }, + "bugs": { + "url": "https://github.com/yargs/y18n/issues" + }, + "bundleDependencies": false, + "deprecated": false, + "description": "the bare-bones internationalization library used by yargs", + "devDependencies": { + "chai": "^3.4.1", + "coveralls": "^2.11.6", + "mocha": "^2.3.4", + "nyc": "^6.1.1", + "rimraf": "^2.5.0", + "standard": "^5.4.1" + }, + "files": [ + "index.js" + ], + "homepage": "https://github.com/yargs/y18n", + "keywords": [ + "i18n", + "internationalization", + "yargs" + ], + "license": "ISC", + "main": "index.js", + "name": "y18n", + "repository": { + "type": "git", + "url": "git+ssh://git@github.com/yargs/y18n.git" + }, + "scripts": { + "coverage": "nyc report --reporter=text-lcov | coveralls", + "pretest": "standard", + "test": "nyc mocha" + }, + "version": "3.2.1" +} diff --git a/deps/npm/node_modules/cacache/package.json b/deps/npm/node_modules/cacache/package.json index b39b2d2104..26b8e826f2 100644 --- a/deps/npm/node_modules/cacache/package.json +++ b/deps/npm/node_modules/cacache/package.json @@ -1,34 +1,34 @@ { - "_from": "cacache@~9.0.0", - "_id": "cacache@9.0.0", - "_integrity": "sha1-7c9iADCw+/NwgZPwcYE27tshcKQ=", + "_from": "cacache@9.2.5", + "_id": "cacache@9.2.5", + "_inBundle": false, + "_integrity": "sha512-mURsTvkjbCSFRTdkuPhHUp9sbEHn3AVrvM4mveg/bhlKKYolfRm23TsFUVAssC9p622lwmh7pgpb+H5mSVpYcA==", "_location": "/cacache", "_phantomChildren": {}, "_requested": { - "type": "range", + "type": "version", "registry": true, - "raw": "cacache@~9.0.0", + "raw": "cacache@9.2.5", "name": "cacache", "escapedName": "cacache", - "rawSpec": "~9.0.0", + "rawSpec": "9.2.5", "saveSpec": null, - "fetchSpec": "~9.0.0" + "fetchSpec": "9.2.5" }, "_requiredBy": [ + "#USER", "/", "/pacote", "/pacote/make-fetch-happen" ], - "_resolved": "https://registry.npmjs.org/cacache/-/cacache-9.0.0.tgz", - "_shasum": "edcf620030b0fbf3708193f0718136eedb2170a4", - "_shrinkwrap": null, - "_spec": "cacache@~9.0.0", - "_where": "/Users/zkat/Documents/code/npm", + "_resolved": "https://registry.npmjs.org/cacache/-/cacache-9.2.5.tgz", + "_shasum": "cb401d0e59858532062de1f104097cb40c71c3bf", + "_spec": "cacache@9.2.5", + "_where": "/Users/rebecca/code/npm", "author": { "name": "Kat Marchán", "email": "kzm@sykosomatic.org" }, - "bin": null, "bugs": { "url": "https://github.com/zkat/cacache/issues" }, @@ -56,37 +56,40 @@ } ], "dependencies": { - "bluebird": "^3.4.7", + "bluebird": "^3.5.0", "chownr": "^1.0.1", - "glob": "^7.1.1", - "graceful-fs": "^4.1.10", + "glob": "^7.1.2", + "graceful-fs": "^4.1.11", "lru-cache": "^4.0.2", - "mississippi": "^1.2.0", + "mississippi": "^1.3.0", "mkdirp": "^0.5.1", - "move-concurrently": "^1.0.0", + "move-concurrently": "^1.0.1", "promise-inflight": "^1.0.1", "rimraf": "^2.6.1", - "ssri": "^4.1.2", - "unique-filename": "^1.1.0" + "ssri": "^4.1.3", + "unique-filename": "^1.1.0", + "y18n": "^3.2.1" }, "deprecated": false, "description": "Fast, fault-tolerant, cross-platform, disk-based, data-agnostic, content-addressable cache.", "devDependencies": { "benchmark": "^2.1.4", "chalk": "^1.1.3", - "nyc": "^10.2.0", + "cross-env": "^5.0.0", + "nyc": "^10.3.2", "require-inject": "^1.4.0", "safe-buffer": "^5.0.1", "standard": "^10.0.2", "standard-version": "^4.0.0", "tacks": "^1.2.2", "tap": "^10.3.2", - "weallbehave": "^1.0.0", + "weallbehave": "^1.2.0", "weallcontribute": "^1.0.8" }, "files": [ "*.js", - "lib" + "lib", + "locales" ], "homepage": "https://github.com/zkat/cacache#readme", "keywords": [ @@ -107,8 +110,6 @@ "license": "CC0-1.0", "main": "index.js", "name": "cacache", - "optionalDependencies": {}, - "peerDependencies": {}, "repository": { "type": "git", "url": "git+https://github.com/zkat/cacache.git" @@ -119,10 +120,10 @@ "prerelease": "npm t", "pretest": "standard lib test *.js", "release": "standard-version -s", - "test": "nyc --all -- tap -J test/*.js", + "test": "cross-env CACACHE_UPDATE_LOCALE_FILES=true nyc --all -- tap -J test/*.js", "test-docker": "docker run -it --rm --name pacotest -v \"$PWD\":/tmp -w /tmp node:latest npm test", "update-coc": "weallbehave -o . && git add CODE_OF_CONDUCT.md && git commit -m 'docs(coc): updated CODE_OF_CONDUCT.md'", "update-contrib": "weallcontribute -o . && git add CONTRIBUTING.md && git commit -m 'docs(contributing): updated CONTRIBUTING.md'" }, - "version": "9.0.0" + "version": "9.2.5" } diff --git a/deps/npm/node_modules/glob/glob.js b/deps/npm/node_modules/glob/glob.js index bfdd7a11b8..58dec0f6c2 100644 --- a/deps/npm/node_modules/glob/glob.js +++ b/deps/npm/node_modules/glob/glob.js @@ -153,9 +153,7 @@ function Glob (pattern, options, cb) { } var self = this - var n = this.minimatch.set.length this._processing = 0 - this.matches = new Array(n) this._emitQueue = [] this._processQueue = [] diff --git a/deps/npm/node_modules/glob/node_modules/minimatch/package.json b/deps/npm/node_modules/glob/node_modules/minimatch/package.json index aa259b0ee8..c329ba0534 100644 --- a/deps/npm/node_modules/glob/node_modules/minimatch/package.json +++ b/deps/npm/node_modules/glob/node_modules/minimatch/package.json @@ -1,45 +1,43 @@ { - "_from": "minimatch@^3.0.2", - "_id": "minimatch@3.0.3", - "_integrity": "sha1-Kk5AkLlrLbBqnX3wEFWmKnfJt3Q=", + "_from": "minimatch@^3.0.4", + "_id": "minimatch@3.0.4", + "_inBundle": false, + "_integrity": "sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA==", "_location": "/glob/minimatch", "_phantomChildren": {}, "_requested": { "type": "range", "registry": true, - "raw": "minimatch@^3.0.2", + "raw": "minimatch@^3.0.4", "name": "minimatch", "escapedName": "minimatch", - "rawSpec": "^3.0.2", + "rawSpec": "^3.0.4", "saveSpec": null, - "fetchSpec": "^3.0.2" + "fetchSpec": "^3.0.4" }, "_requiredBy": [ "/glob" ], - "_resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.3.tgz", - "_shasum": "2a4e4090b96b2db06a9d7df01055a62a77c9b774", - "_shrinkwrap": null, - "_spec": "minimatch@^3.0.2", + "_resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz", + "_shasum": "5166e286457f03306064be5497e8dbb0c3d32083", + "_spec": "minimatch@^3.0.4", "_where": "/Users/zkat/Documents/code/npm/node_modules/glob", "author": { "name": "Isaac Z. Schlueter", "email": "i@izs.me", "url": "http://blog.izs.me" }, - "bin": null, "bugs": { "url": "https://github.com/isaacs/minimatch/issues" }, "bundleDependencies": false, "dependencies": { - "brace-expansion": "^1.0.0" + "brace-expansion": "^1.1.7" }, "deprecated": false, "description": "a glob matcher in javascript", "devDependencies": { - "standard": "^3.7.2", - "tap": "^5.6.0" + "tap": "^10.3.2" }, "engines": { "node": "*" @@ -51,15 +49,15 @@ "license": "ISC", "main": "minimatch.js", "name": "minimatch", - "optionalDependencies": {}, - "peerDependencies": {}, "repository": { "type": "git", "url": "git://github.com/isaacs/minimatch.git" }, "scripts": { - "posttest": "standard minimatch.js test/*.js", - "test": "tap test/*.js" + "postpublish": "git push origin --all; git push origin --tags", + "postversion": "npm publish", + "preversion": "npm test", + "test": "tap test/*.js --cov" }, - "version": "3.0.3" + "version": "3.0.4" } diff --git a/deps/npm/node_modules/glob/package.json b/deps/npm/node_modules/glob/package.json index e218af7143..82971fc8bf 100644 --- a/deps/npm/node_modules/glob/package.json +++ b/deps/npm/node_modules/glob/package.json @@ -1,20 +1,22 @@ { - "_from": "glob@~7.1.1", - "_id": "glob@7.1.1", - "_integrity": "sha1-gFIR3wT6rxxjo2ADBs31reULLsg=", + "_from": "glob@7.1.2", + "_id": "glob@7.1.2", + "_inBundle": false, + "_integrity": "sha512-MJTUg1kjuLeQCJ+ccE4Vpa6kKVXkPYJ2mOCQyUuKLcLQsdrMCpBPUi8qVE6+YuaJkozeA9NusTAw3hLr8Xe5EQ==", "_location": "/glob", "_phantomChildren": {}, "_requested": { - "type": "range", + "type": "version", "registry": true, - "raw": "glob@~7.1.1", + "raw": "glob@7.1.2", "name": "glob", "escapedName": "glob", - "rawSpec": "~7.1.1", + "rawSpec": "7.1.2", "saveSpec": null, - "fetchSpec": "~7.1.1" + "fetchSpec": "7.1.2" }, "_requiredBy": [ + "#USER", "/", "/cacache", "/init-package-json", @@ -26,17 +28,15 @@ "/tap", "/tap/tap-mocha-reporter" ], - "_resolved": "https://registry.npmjs.org/glob/-/glob-7.1.1.tgz", - "_shasum": "805211df04faaf1c63a3600306cdf5ade50b2ec8", - "_shrinkwrap": null, - "_spec": "glob@~7.1.1", + "_resolved": "https://registry.npmjs.org/glob/-/glob-7.1.2.tgz", + "_shasum": "c19c9df9a028702d678612384a6552404c636d15", + "_spec": "glob@7.1.2", "_where": "/Users/zkat/Documents/code/npm", "author": { "name": "Isaac Z. Schlueter", "email": "i@izs.me", "url": "http://blog.izs.me/" }, - "bin": null, "bugs": { "url": "https://github.com/isaacs/node-glob/issues" }, @@ -45,7 +45,7 @@ "fs.realpath": "^1.0.0", "inflight": "^1.0.4", "inherits": "2", - "minimatch": "^3.0.2", + "minimatch": "^3.0.4", "once": "^1.3.0", "path-is-absolute": "^1.0.0" }, @@ -69,8 +69,6 @@ "license": "ISC", "main": "glob.js", "name": "glob", - "optionalDependencies": {}, - "peerDependencies": {}, "repository": { "type": "git", "url": "git://github.com/isaacs/node-glob.git" @@ -84,5 +82,5 @@ "test": "tap test/*.js --cov", "test-regen": "npm run profclean && TEST_REGEN=1 node test/00-setup.js" }, - "version": "7.1.1" + "version": "7.1.2" } diff --git a/deps/npm/node_modules/pacote/CHANGELOG.md b/deps/npm/node_modules/pacote/CHANGELOG.md index 4c24dd4be2..55c0cda686 100644 --- a/deps/npm/node_modules/pacote/CHANGELOG.md +++ b/deps/npm/node_modules/pacote/CHANGELOG.md @@ -2,6 +2,97 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +<a name="2.7.21"></a> +## [2.7.21](https://github.com/zkat/pacote/compare/v2.7.20...v2.7.21) (2017-05-25) + + +### Bug Fixes + +* **registry:** stop URIEncoding username/password ([011c9a2](https://github.com/zkat/pacote/commit/011c9a2)) + + + +<a name="2.7.20"></a> +## [2.7.20](https://github.com/zkat/pacote/compare/v2.7.19...v2.7.20) (2017-05-25) + + +### Bug Fixes + +* **registry:** encode username and password for auth ([c48b651](https://github.com/zkat/pacote/commit/c48b651)) + + + +<a name="2.7.19"></a> +## [2.7.19](https://github.com/zkat/pacote/compare/v2.7.18...v2.7.19) (2017-05-25) + + +### Bug Fixes + +* **registry:** respect alwaysAuth ([150788a](https://github.com/zkat/pacote/commit/150788a)) + + + +<a name="2.7.18"></a> +## [2.7.18](https://github.com/zkat/pacote/compare/v2.7.17...v2.7.18) (2017-05-25) + + +### Bug Fixes + +* **cache:** pass uid/gid settings through to mfh ([d8845df](https://github.com/zkat/pacote/commit/d8845df)) +* **deps:** update m-f-h for cache opts fix ([faab6cd](https://github.com/zkat/pacote/commit/faab6cd)) + + + +<a name="2.7.17"></a> +## [2.7.17](https://github.com/zkat/pacote/compare/v2.7.16...v2.7.17) (2017-05-25) + + +### Bug Fixes + +* **deps:** bump cacache ([34bd656](https://github.com/zkat/pacote/commit/34bd656)) + + + +<a name="2.7.16"></a> +## [2.7.16](https://github.com/zkat/pacote/compare/v2.7.15...v2.7.16) (2017-05-24) + + +### Bug Fixes + +* **deps:** pull in various fixes from deps ([4354703](https://github.com/zkat/pacote/commit/4354703)) + + + +<a name="2.7.15"></a> +## [2.7.15](https://github.com/zkat/pacote/compare/v2.7.14...v2.7.15) (2017-05-24) + + +### Bug Fixes + +* **proxy:** bump m-f-h with more patches ([26d4170](https://github.com/zkat/pacote/commit/26d4170)) + + + +<a name="2.7.14"></a> +## [2.7.14](https://github.com/zkat/pacote/compare/v2.7.13...v2.7.14) (2017-05-24) + + +### Bug Fixes + +* **proxy:** pull in new m-f-h with fixed http proxies ([d6a14e0](https://github.com/zkat/pacote/commit/d6a14e0)) + + + +<a name="2.7.13"></a> +## [2.7.13](https://github.com/zkat/pacote/compare/v2.7.12...v2.7.13) (2017-05-23) + + +### Bug Fixes + +* **deps:** bump dep versions to fix http redirect issues ([b23a9fa](https://github.com/zkat/pacote/commit/b23a9fa)) + + + <a name="2.7.12"></a> ## [2.7.12](https://github.com/zkat/pacote/compare/v2.7.11...v2.7.12) (2017-05-16) diff --git a/deps/npm/node_modules/pacote/lib/fetchers/registry/fetch.js b/deps/npm/node_modules/pacote/lib/fetchers/registry/fetch.js index 914053c79f..46a926a1a1 100644 --- a/deps/npm/node_modules/pacote/lib/fetchers/registry/fetch.js +++ b/deps/npm/node_modules/pacote/lib/fetchers/registry/fetch.js @@ -1,5 +1,6 @@ 'use strict' +const BB = require('bluebird') const Buffer = require('safe-buffer').Buffer const checkWarnings = require('./check-warning-header') @@ -19,10 +20,13 @@ function regFetch (uri, registry, opts) { integrity: opts.integrity, memoize: opts.memoize, noProxy: opts.noProxy, + Promise: BB, proxy: opts.proxy, referer: opts.refer, retry: opts.retry, - timeout: opts.timeout + timeout: opts.timeout, + uid: opts.uid, + gid: opts.gid }).then(res => { if (res.headers.has('npm-notice') && !res.headers.has('x-local-cache')) { opts.log.warn('notice', res.headers.get('npm-notice')) @@ -75,14 +79,17 @@ function getHeaders (uri, registry, opts) { }, opts.headers) const auth = ( opts.auth && - // If these two are on different hosts, don't send credentials. - // This is mainly used by the tarball fetcher. - url.parse(uri).host === url.parse(registry).host && opts.auth[registryKey(registry)] ) - if (auth && auth.token) { + // If a tarball is hosted on a different place than the manifest, only send + // credentials on `alwaysAuth` + const shouldAuth = auth && ( + auth.alwaysAuth || + url.parse(uri).host === url.parse(registry).host + ) + if (shouldAuth && auth.token) { headers.authorization = `Bearer ${auth.token}` - } else if (auth && opts.alwaysAuth && auth.username && auth.password) { + } else if (shouldAuth && auth.username && auth.password) { const encoded = Buffer.from( `${auth.username}:${auth.password}`, 'utf8' ).toString('base64') diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/CHANGELOG.md b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/CHANGELOG.md index 0164c37d81..854388027b 100644 --- a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/CHANGELOG.md +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/CHANGELOG.md @@ -2,6 +2,68 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +<a name="2.4.9"></a> +## [2.4.9](https://github.com/zkat/make-fetch-happen/compare/v2.4.8...v2.4.9) (2017-05-25) + + +### Bug Fixes + +* **cache:** use the passed-in promise for resolving cache stuff ([4c46257](https://github.com/zkat/make-fetch-happen/commit/4c46257)) + + + +<a name="2.4.8"></a> +## [2.4.8](https://github.com/zkat/make-fetch-happen/compare/v2.4.7...v2.4.8) (2017-05-25) + + +### Bug Fixes + +* **cache:** pass uid/gid/Promise through to cache ([a847c92](https://github.com/zkat/make-fetch-happen/commit/a847c92)) + + + +<a name="2.4.7"></a> +## [2.4.7](https://github.com/zkat/make-fetch-happen/compare/v2.4.6...v2.4.7) (2017-05-24) + + +### Bug Fixes + +* **deps:** pull in various fixes from deps ([fc2a587](https://github.com/zkat/make-fetch-happen/commit/fc2a587)) + + + +<a name="2.4.6"></a> +## [2.4.6](https://github.com/zkat/make-fetch-happen/compare/v2.4.5...v2.4.6) (2017-05-24) + + +### Bug Fixes + +* **proxy:** choose agent for http(s)-proxy by protocol of destUrl ([ea4832a](https://github.com/zkat/make-fetch-happen/commit/ea4832a)) +* **proxy:** make socks proxy working ([1de810a](https://github.com/zkat/make-fetch-happen/commit/1de810a)) +* **proxy:** revert previous proxy solution ([563b0d8](https://github.com/zkat/make-fetch-happen/commit/563b0d8)) + + + +<a name="2.4.5"></a> +## [2.4.5](https://github.com/zkat/make-fetch-happen/compare/v2.4.4...v2.4.5) (2017-05-24) + + +### Bug Fixes + +* **proxy:** use the destination url when determining agent ([1a714e7](https://github.com/zkat/make-fetch-happen/commit/1a714e7)) + + + +<a name="2.4.4"></a> +## [2.4.4](https://github.com/zkat/make-fetch-happen/compare/v2.4.3...v2.4.4) (2017-05-23) + + +### Bug Fixes + +* **redirect:** handle redirects explicitly (#27) ([4c4af54](https://github.com/zkat/make-fetch-happen/commit/4c4af54)) + + + <a name="2.4.3"></a> ## [2.4.3](https://github.com/zkat/make-fetch-happen/compare/v2.4.2...v2.4.3) (2017-05-06) diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/agent.js b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/agent.js index fb97208a02..0100498947 100644 --- a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/agent.js +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/agent.js @@ -34,7 +34,7 @@ function getAgent (uri, opts) { } if (pxuri) { - const proxy = getProxy(pxuri, opts) + const proxy = getProxy(pxuri, opts, isHttps) AGENT_CACHE.set(key, proxy) return proxy } @@ -120,7 +120,7 @@ function getProxyUri (uri, opts) { let HttpProxyAgent let HttpsProxyAgent let SocksProxyAgent -function getProxy (proxyUrl, opts) { +function getProxy (proxyUrl, opts, isHttps) { let popts = { host: proxyUrl.hostname, port: proxyUrl.port, @@ -134,21 +134,22 @@ function getProxy (proxyUrl, opts) { rejectUnauthorized: opts.strictSSL } - if (proxyUrl.protocol === 'http:') { - if (!HttpProxyAgent) { - HttpProxyAgent = require('http-proxy-agent') - } + if (proxyUrl.protocol === 'http:' || proxyUrl.protocol === 'https:') { + if (!isHttps) { + if (!HttpProxyAgent) { + HttpProxyAgent = require('http-proxy-agent') + } - return new HttpProxyAgent(popts) - } - if (proxyUrl.protocol === 'https:') { - if (!HttpsProxyAgent) { - HttpsProxyAgent = require('https-proxy-agent') - } + return new HttpProxyAgent(popts) + } else { + if (!HttpsProxyAgent) { + HttpsProxyAgent = require('https-proxy-agent') + } - return new HttpsProxyAgent(popts) + return new HttpsProxyAgent(popts) + } } - if (proxyUrl.startsWith('socks')) { + if (proxyUrl.protocol.startsWith('socks')) { if (!SocksProxyAgent) { SocksProxyAgent = require('socks-proxy-agent') } diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/cache.js b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/cache.js index 85d755e8a5..9aeae6b2f8 100644 --- a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/cache.js +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/cache.js @@ -95,7 +95,7 @@ module.exports = class Cache { } }) } - return Promise.resolve(new fetch.Response(body, { + return this.Promise.resolve(new fetch.Response(body, { url: req.url, headers: resHeaders, status: 200, diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/index.js b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/index.js index 1eadece3c9..18a2893538 100644 --- a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/index.js +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/index.js @@ -1,6 +1,7 @@ 'use strict' let Cache +const url = require('url') const CachePolicy = require('http-cache-semantics') const fetch = require('node-fetch-npm') const pkg = require('./package.json') @@ -10,6 +11,7 @@ const Stream = require('stream') const getAgent = require('./agent') const setWarning = require('./warning') +const isURL = /^https?:/ const USER_AGENT = `${pkg.name}/${pkg.version} (+https://npm.im/${pkg.name})` const RETRY_ERRORS = [ @@ -50,7 +52,7 @@ function initializeCache (opts) { Cache = require('./cache') } - opts.cacheManager = new Cache(opts.cacheManager) + opts.cacheManager = new Cache(opts.cacheManager, opts) } opts.cache = opts.cache || 'default' @@ -303,8 +305,9 @@ function remoteFetch (uri, opts) { follow: opts.follow, headers: new fetch.Headers(headers), method: opts.method, - redirect: opts.redirect, + redirect: 'manual', size: opts.size, + counter: opts.counter, timeout: opts.timeout } @@ -357,7 +360,59 @@ function remoteFetch (uri, opts) { return retryHandler(res) } - return res + if (!fetch.isRedirect(res.status) || opts.redirect === 'manual') { + return res + } + + // handle redirects - matches behavior of npm-fetch: https://github.com/bitinn/node-fetch + if (opts.redirect === 'error') { + const err = new Error(`redirect mode is set to error: ${uri}`) + err.code = 'ENOREDIRECT' + throw err + } + + if (!res.headers.get('location')) { + const err = new Error(`redirect location header missing at: ${uri}`) + err.code = 'EINVALIDREDIRECT' + throw err + } + + if (req.counter >= req.follow) { + const err = new Error(`maximum redirect reached at: ${uri}`) + err.code = 'EMAXREDIRECT' + throw err + } + + const resolvedUrl = url.resolve(req.url, res.headers.get('location')) + let redirectURL = url.parse(resolvedUrl) + + if (isURL.test(res.headers.get('location'))) { + redirectURL = url.parse(res.headers.get('location')) + } + + // Remove authorization if changing hostnames (but not if just + // changing ports or protocols). This matches the behavior of request: + // https://github.com/request/request/blob/b12a6245/lib/redirect.js#L134-L138 + if (url.parse(req.url).hostname !== redirectURL.hostname) { + req.headers.delete('authorization') + } + + // for POST request with 301/302 response, or any request with 303 response, + // use GET when following redirect + if (res.status === 303 || + ((res.status === 301 || res.status === 302) && req.method === 'POST')) { + opts.method = 'GET' + opts.body = null + req.headers.delete('content-length') + } + + opts.headers = {} + req.headers.forEach((value, name) => { + opts.headers[name] = value + }) + + opts.counter = ++req.counter + return cachingFetch(resolvedUrl, opts) }) .catch(err => { const code = err.code === 'EPROMISERETRY' ? err.retried.code : err.code diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/agentkeepalive/node_modules/humanize-ms/History.md b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/agentkeepalive/node_modules/humanize-ms/History.md index b1729dbc72..b159587050 100644 --- a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/agentkeepalive/node_modules/humanize-ms/History.md +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/agentkeepalive/node_modules/humanize-ms/History.md @@ -1,4 +1,9 @@ +1.2.1 / 2017-05-19 +================== + + * fix: package.json to reduce vulnerabilities (#3) + 1.2.0 / 2016-05-21 ================== diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/agentkeepalive/node_modules/humanize-ms/LICENSE b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/agentkeepalive/node_modules/humanize-ms/LICENSE new file mode 100644 index 0000000000..89de354795 --- /dev/null +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/agentkeepalive/node_modules/humanize-ms/LICENSE @@ -0,0 +1,17 @@ +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/agentkeepalive/node_modules/humanize-ms/node_modules/ms/index.js b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/agentkeepalive/node_modules/humanize-ms/node_modules/ms/index.js index e904c7054b..6a522b16b3 100644 --- a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/agentkeepalive/node_modules/humanize-ms/node_modules/ms/index.js +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/agentkeepalive/node_modules/humanize-ms/node_modules/ms/index.js @@ -2,11 +2,11 @@ * Helpers. */ -var s = 1000 -var m = s * 60 -var h = m * 60 -var d = h * 24 -var y = d * 365.25 +var s = 1000; +var m = s * 60; +var h = m * 60; +var d = h * 24; +var y = d * 365.25; /** * Parse or format the given `val`. @@ -22,18 +22,19 @@ var y = d * 365.25 * @api public */ -module.exports = function (val, options) { - options = options || {} - var type = typeof val +module.exports = function(val, options) { + options = options || {}; + var type = typeof val; if (type === 'string' && val.length > 0) { - return parse(val) + return parse(val); } else if (type === 'number' && isNaN(val) === false) { - return options.long ? - fmtLong(val) : - fmtShort(val) + return options.long ? fmtLong(val) : fmtShort(val); } - throw new Error('val is not a non-empty string or a valid number. val=' + JSON.stringify(val)) -} + throw new Error( + 'val is not a non-empty string or a valid number. val=' + + JSON.stringify(val) + ); +}; /** * Parse the given `str` and return milliseconds. @@ -44,53 +45,55 @@ module.exports = function (val, options) { */ function parse(str) { - str = String(str) - if (str.length > 10000) { - return + str = String(str); + if (str.length > 100) { + return; } - var match = /^((?:\d+)?\.?\d+) *(milliseconds?|msecs?|ms|seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|years?|yrs?|y)?$/i.exec(str) + var match = /^((?:\d+)?\.?\d+) *(milliseconds?|msecs?|ms|seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|years?|yrs?|y)?$/i.exec( + str + ); if (!match) { - return + return; } - var n = parseFloat(match[1]) - var type = (match[2] || 'ms').toLowerCase() + var n = parseFloat(match[1]); + var type = (match[2] || 'ms').toLowerCase(); switch (type) { case 'years': case 'year': case 'yrs': case 'yr': case 'y': - return n * y + return n * y; case 'days': case 'day': case 'd': - return n * d + return n * d; case 'hours': case 'hour': case 'hrs': case 'hr': case 'h': - return n * h + return n * h; case 'minutes': case 'minute': case 'mins': case 'min': case 'm': - return n * m + return n * m; case 'seconds': case 'second': case 'secs': case 'sec': case 's': - return n * s + return n * s; case 'milliseconds': case 'millisecond': case 'msecs': case 'msec': case 'ms': - return n + return n; default: - return undefined + return undefined; } } @@ -104,18 +107,18 @@ function parse(str) { function fmtShort(ms) { if (ms >= d) { - return Math.round(ms / d) + 'd' + return Math.round(ms / d) + 'd'; } if (ms >= h) { - return Math.round(ms / h) + 'h' + return Math.round(ms / h) + 'h'; } if (ms >= m) { - return Math.round(ms / m) + 'm' + return Math.round(ms / m) + 'm'; } if (ms >= s) { - return Math.round(ms / s) + 's' + return Math.round(ms / s) + 's'; } - return ms + 'ms' + return ms + 'ms'; } /** @@ -131,7 +134,7 @@ function fmtLong(ms) { plural(ms, h, 'hour') || plural(ms, m, 'minute') || plural(ms, s, 'second') || - ms + ' ms' + ms + ' ms'; } /** @@ -140,10 +143,10 @@ function fmtLong(ms) { function plural(ms, n, name) { if (ms < n) { - return + return; } if (ms < n * 1.5) { - return Math.floor(ms / n) + ' ' + name + return Math.floor(ms / n) + ' ' + name; } - return Math.ceil(ms / n) + ' ' + name + 's' + return Math.ceil(ms / n) + ' ' + name + 's'; } diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/agentkeepalive/node_modules/humanize-ms/node_modules/ms/package.json b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/agentkeepalive/node_modules/humanize-ms/node_modules/ms/package.json index 186ca293c9..5bf17fa25e 100644 --- a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/agentkeepalive/node_modules/humanize-ms/node_modules/ms/package.json +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/agentkeepalive/node_modules/humanize-ms/node_modules/ms/package.json @@ -1,72 +1,69 @@ { - "_from": "ms@~0.7.0", - "_id": "ms@0.7.3", - "_integrity": "sha1-cIFVpeROM/X9D8U+gdDUCpG+H/8=", + "_from": "ms@^2.0.0", + "_id": "ms@2.0.0", + "_inBundle": false, + "_integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=", "_location": "/pacote/make-fetch-happen/agentkeepalive/humanize-ms/ms", "_phantomChildren": {}, "_requested": { "type": "range", "registry": true, - "raw": "ms@~0.7.0", + "raw": "ms@^2.0.0", "name": "ms", "escapedName": "ms", - "rawSpec": "~0.7.0", + "rawSpec": "^2.0.0", "saveSpec": null, - "fetchSpec": "~0.7.0" + "fetchSpec": "^2.0.0" }, "_requiredBy": [ "/pacote/make-fetch-happen/agentkeepalive/humanize-ms" ], - "_resolved": "https://registry.npmjs.org/ms/-/ms-0.7.3.tgz", - "_shasum": "708155a5e44e33f5fd0fc53e81d0d40a91be1fff", - "_shrinkwrap": null, - "_spec": "ms@~0.7.0", + "_resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "_shasum": "5608aeadfc00be6c2901df5f9861788de0d597c8", + "_spec": "ms@^2.0.0", "_where": "/Users/zkat/Documents/code/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/agentkeepalive/node_modules/humanize-ms", - "bin": null, "bugs": { "url": "https://github.com/zeit/ms/issues" }, "bundleDependencies": false, - "component": { - "scripts": { - "ms/index.js": "index.js" - } - }, - "dependencies": {}, "deprecated": false, "description": "Tiny milisecond conversion utility", "devDependencies": { + "eslint": "3.19.0", "expect.js": "0.3.1", - "mocha": "3.0.2", - "serve": "5.0.1", - "xo": "0.17.0" + "husky": "0.13.3", + "lint-staged": "3.4.1", + "mocha": "3.4.1" + }, + "eslintConfig": { + "extends": "eslint:recommended", + "env": { + "node": true, + "es6": true + } }, "files": [ "index.js" ], "homepage": "https://github.com/zeit/ms#readme", "license": "MIT", + "lint-staged": { + "*.js": [ + "npm run lint", + "prettier --single-quote --write", + "git add" + ] + }, "main": "./index", "name": "ms", - "optionalDependencies": {}, - "peerDependencies": {}, "repository": { "type": "git", "url": "git+https://github.com/zeit/ms.git" }, "scripts": { - "test": "xo && mocha test/index.js", - "test-browser": "serve ./test" + "lint": "eslint lib/* bin/*", + "precommit": "lint-staged", + "test": "mocha tests.js" }, - "version": "0.7.3", - "xo": { - "space": true, - "semicolon": false, - "envs": [ - "mocha" - ], - "rules": { - "complexity": 0 - } - } + "version": "2.0.0" } diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/agentkeepalive/node_modules/humanize-ms/node_modules/ms/readme.md b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/agentkeepalive/node_modules/humanize-ms/node_modules/ms/readme.md index 5b475707d8..84a9974ccc 100644 --- a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/agentkeepalive/node_modules/humanize-ms/node_modules/ms/readme.md +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/agentkeepalive/node_modules/humanize-ms/node_modules/ms/readme.md @@ -1,8 +1,7 @@ # ms [](https://travis-ci.org/zeit/ms) -[](https://github.com/sindresorhus/xo) -[](https://zeit.chat/) +[](https://zeit.chat/) Use this package to easily convert various time formats to milliseconds. diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/agentkeepalive/node_modules/humanize-ms/package.json b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/agentkeepalive/node_modules/humanize-ms/package.json index a10e71dd99..14ea394c4b 100644 --- a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/agentkeepalive/node_modules/humanize-ms/package.json +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/agentkeepalive/node_modules/humanize-ms/package.json @@ -1,7 +1,8 @@ { "_from": "humanize-ms@^1.2.0", - "_id": "humanize-ms@1.2.0", - "_integrity": "sha1-TWkaH6G4eYl4mvjljN39VQYi5NQ=", + "_id": "humanize-ms@1.2.1", + "_inBundle": false, + "_integrity": "sha1-xG4xWaKT9riW2ikxbYtv6Lt5u+0=", "_location": "/pacote/make-fetch-happen/agentkeepalive/humanize-ms", "_phantomChildren": {}, "_requested": { @@ -17,9 +18,8 @@ "_requiredBy": [ "/pacote/make-fetch-happen/agentkeepalive" ], - "_resolved": "https://registry.npmjs.org/humanize-ms/-/humanize-ms-1.2.0.tgz", - "_shasum": "4d691a1fa1b87989789af8e58cddfd550622e4d4", - "_shrinkwrap": null, + "_resolved": "https://registry.npmjs.org/humanize-ms/-/humanize-ms-1.2.1.tgz", + "_shasum": "c46e3159a293f6b896da29316d8b6fe8bb79bbed", "_spec": "humanize-ms@^1.2.0", "_where": "/Users/zkat/Documents/code/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/agentkeepalive", "author": { @@ -27,13 +27,12 @@ "email": "dead_horse@qq.com", "url": "http://deadhorse.me" }, - "bin": null, "bugs": { "url": "https://github.com/node-modules/humanize-ms/issues" }, "bundleDependencies": false, "dependencies": { - "ms": "~0.7.0" + "ms": "^2.0.0" }, "deprecated": false, "description": "transform humanize time to ms", @@ -56,8 +55,6 @@ "license": "MIT", "main": "index.js", "name": "humanize-ms", - "optionalDependencies": {}, - "peerDependencies": {}, "repository": { "type": "git", "url": "git+https://github.com/node-modules/humanize-ms.git" @@ -65,5 +62,5 @@ "scripts": { "test": "make test" }, - "version": "1.2.0" + "version": "1.2.1" } diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/http-proxy-agent/node_modules/debug/CHANGELOG.md b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/http-proxy-agent/node_modules/debug/CHANGELOG.md index a9def50cf8..3dfb812968 100644 --- a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/http-proxy-agent/node_modules/debug/CHANGELOG.md +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/http-proxy-agent/node_modules/debug/CHANGELOG.md @@ -1,8 +1,15 @@ -2.6.6 / 2017-04-27 +2.6.8 / 2017-05-18 ================== - * Fix: regression from removal of undefined check (@thebigredgeek) + * Fix: Check for undefined on browser globals (#462, @marbemac) + +2.6.7 / 2017-05-16 +================== + + * Fix: Update ms to 2.0.0 to fix regular expression denial of service vulnerability (#458, @hubdotcom) + * Fix: Inline extend function in node implementation (#452, @dougwilson) + * Docs: Fix typo (#455, @msasad) 2.6.5 / 2017-04-27 ================== diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/http-proxy-agent/node_modules/debug/README.md b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/http-proxy-agent/node_modules/debug/README.md index 9b70a382f9..bc59ae86e8 100644 --- a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/http-proxy-agent/node_modules/debug/README.md +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/http-proxy-agent/node_modules/debug/README.md @@ -100,7 +100,7 @@ Then, run the program to be debugged as usual. | Name | Purpose | |-----------|-------------------------------------------------| -| `DEBUG` | Enables/disabled specific debugging namespaces. | +| `DEBUG` | Enables/disables specific debugging namespaces. | | `DEBUG_COLORS`| Whether or not to use colors in the debug output. | | `DEBUG_DEPTH` | Object inspection depth. | | `DEBUG_SHOW_HIDDEN` | Shows hidden properties on inspected objects. | diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/http-proxy-agent/node_modules/debug/component.json b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/http-proxy-agent/node_modules/debug/component.json index 0705b91aa7..94cd36d8b6 100644 --- a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/http-proxy-agent/node_modules/debug/component.json +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/http-proxy-agent/node_modules/debug/component.json @@ -2,7 +2,7 @@ "name": "debug", "repo": "visionmedia/debug", "description": "small debugging utility", - "version": "2.6.6", + "version": "2.6.8", "keywords": [ "debug", "log", diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/http-proxy-agent/node_modules/debug/node_modules/ms/index.js b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/http-proxy-agent/node_modules/debug/node_modules/ms/index.js index e904c7054b..6a522b16b3 100644 --- a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/http-proxy-agent/node_modules/debug/node_modules/ms/index.js +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/http-proxy-agent/node_modules/debug/node_modules/ms/index.js @@ -2,11 +2,11 @@ * Helpers. */ -var s = 1000 -var m = s * 60 -var h = m * 60 -var d = h * 24 -var y = d * 365.25 +var s = 1000; +var m = s * 60; +var h = m * 60; +var d = h * 24; +var y = d * 365.25; /** * Parse or format the given `val`. @@ -22,18 +22,19 @@ var y = d * 365.25 * @api public */ -module.exports = function (val, options) { - options = options || {} - var type = typeof val +module.exports = function(val, options) { + options = options || {}; + var type = typeof val; if (type === 'string' && val.length > 0) { - return parse(val) + return parse(val); } else if (type === 'number' && isNaN(val) === false) { - return options.long ? - fmtLong(val) : - fmtShort(val) + return options.long ? fmtLong(val) : fmtShort(val); } - throw new Error('val is not a non-empty string or a valid number. val=' + JSON.stringify(val)) -} + throw new Error( + 'val is not a non-empty string or a valid number. val=' + + JSON.stringify(val) + ); +}; /** * Parse the given `str` and return milliseconds. @@ -44,53 +45,55 @@ module.exports = function (val, options) { */ function parse(str) { - str = String(str) - if (str.length > 10000) { - return + str = String(str); + if (str.length > 100) { + return; } - var match = /^((?:\d+)?\.?\d+) *(milliseconds?|msecs?|ms|seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|years?|yrs?|y)?$/i.exec(str) + var match = /^((?:\d+)?\.?\d+) *(milliseconds?|msecs?|ms|seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|years?|yrs?|y)?$/i.exec( + str + ); if (!match) { - return + return; } - var n = parseFloat(match[1]) - var type = (match[2] || 'ms').toLowerCase() + var n = parseFloat(match[1]); + var type = (match[2] || 'ms').toLowerCase(); switch (type) { case 'years': case 'year': case 'yrs': case 'yr': case 'y': - return n * y + return n * y; case 'days': case 'day': case 'd': - return n * d + return n * d; case 'hours': case 'hour': case 'hrs': case 'hr': case 'h': - return n * h + return n * h; case 'minutes': case 'minute': case 'mins': case 'min': case 'm': - return n * m + return n * m; case 'seconds': case 'second': case 'secs': case 'sec': case 's': - return n * s + return n * s; case 'milliseconds': case 'millisecond': case 'msecs': case 'msec': case 'ms': - return n + return n; default: - return undefined + return undefined; } } @@ -104,18 +107,18 @@ function parse(str) { function fmtShort(ms) { if (ms >= d) { - return Math.round(ms / d) + 'd' + return Math.round(ms / d) + 'd'; } if (ms >= h) { - return Math.round(ms / h) + 'h' + return Math.round(ms / h) + 'h'; } if (ms >= m) { - return Math.round(ms / m) + 'm' + return Math.round(ms / m) + 'm'; } if (ms >= s) { - return Math.round(ms / s) + 's' + return Math.round(ms / s) + 's'; } - return ms + 'ms' + return ms + 'ms'; } /** @@ -131,7 +134,7 @@ function fmtLong(ms) { plural(ms, h, 'hour') || plural(ms, m, 'minute') || plural(ms, s, 'second') || - ms + ' ms' + ms + ' ms'; } /** @@ -140,10 +143,10 @@ function fmtLong(ms) { function plural(ms, n, name) { if (ms < n) { - return + return; } if (ms < n * 1.5) { - return Math.floor(ms / n) + ' ' + name + return Math.floor(ms / n) + ' ' + name; } - return Math.ceil(ms / n) + ' ' + name + 's' + return Math.ceil(ms / n) + ' ' + name + 's'; } diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/http-proxy-agent/node_modules/debug/node_modules/ms/package.json b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/http-proxy-agent/node_modules/debug/node_modules/ms/package.json index 28311e8bda..6c1e6fc3cc 100644 --- a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/http-proxy-agent/node_modules/debug/node_modules/ms/package.json +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/http-proxy-agent/node_modules/debug/node_modules/ms/package.json @@ -1,72 +1,69 @@ { - "_from": "ms@0.7.3", - "_id": "ms@0.7.3", - "_integrity": "sha1-cIFVpeROM/X9D8U+gdDUCpG+H/8=", + "_from": "ms@2.0.0", + "_id": "ms@2.0.0", + "_inBundle": false, + "_integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=", "_location": "/pacote/make-fetch-happen/http-proxy-agent/debug/ms", "_phantomChildren": {}, "_requested": { "type": "version", "registry": true, - "raw": "ms@0.7.3", + "raw": "ms@2.0.0", "name": "ms", "escapedName": "ms", - "rawSpec": "0.7.3", + "rawSpec": "2.0.0", "saveSpec": null, - "fetchSpec": "0.7.3" + "fetchSpec": "2.0.0" }, "_requiredBy": [ "/pacote/make-fetch-happen/http-proxy-agent/debug" ], - "_resolved": "https://registry.npmjs.org/ms/-/ms-0.7.3.tgz", - "_shasum": "708155a5e44e33f5fd0fc53e81d0d40a91be1fff", - "_shrinkwrap": null, - "_spec": "ms@0.7.3", + "_resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "_shasum": "5608aeadfc00be6c2901df5f9861788de0d597c8", + "_spec": "ms@2.0.0", "_where": "/Users/zkat/Documents/code/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/http-proxy-agent/node_modules/debug", - "bin": null, "bugs": { "url": "https://github.com/zeit/ms/issues" }, "bundleDependencies": false, - "component": { - "scripts": { - "ms/index.js": "index.js" - } - }, - "dependencies": {}, "deprecated": false, "description": "Tiny milisecond conversion utility", "devDependencies": { + "eslint": "3.19.0", "expect.js": "0.3.1", - "mocha": "3.0.2", - "serve": "5.0.1", - "xo": "0.17.0" + "husky": "0.13.3", + "lint-staged": "3.4.1", + "mocha": "3.4.1" + }, + "eslintConfig": { + "extends": "eslint:recommended", + "env": { + "node": true, + "es6": true + } }, "files": [ "index.js" ], "homepage": "https://github.com/zeit/ms#readme", "license": "MIT", + "lint-staged": { + "*.js": [ + "npm run lint", + "prettier --single-quote --write", + "git add" + ] + }, "main": "./index", "name": "ms", - "optionalDependencies": {}, - "peerDependencies": {}, "repository": { "type": "git", "url": "git+https://github.com/zeit/ms.git" }, "scripts": { - "test": "xo && mocha test/index.js", - "test-browser": "serve ./test" + "lint": "eslint lib/* bin/*", + "precommit": "lint-staged", + "test": "mocha tests.js" }, - "version": "0.7.3", - "xo": { - "space": true, - "semicolon": false, - "envs": [ - "mocha" - ], - "rules": { - "complexity": 0 - } - } + "version": "2.0.0" } diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/http-proxy-agent/node_modules/debug/node_modules/ms/readme.md b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/http-proxy-agent/node_modules/debug/node_modules/ms/readme.md index 5b475707d8..84a9974ccc 100644 --- a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/http-proxy-agent/node_modules/debug/node_modules/ms/readme.md +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/http-proxy-agent/node_modules/debug/node_modules/ms/readme.md @@ -1,8 +1,7 @@ # ms [](https://travis-ci.org/zeit/ms) -[](https://github.com/sindresorhus/xo) -[](https://zeit.chat/) +[](https://zeit.chat/) Use this package to easily convert various time formats to milliseconds. diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/http-proxy-agent/node_modules/debug/package.json b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/http-proxy-agent/node_modules/debug/package.json index dad9ab5dd0..1062dd985b 100644 --- a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/http-proxy-agent/node_modules/debug/package.json +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/http-proxy-agent/node_modules/debug/package.json @@ -1,7 +1,8 @@ { "_from": "debug@2", - "_id": "debug@2.6.6", - "_integrity": "sha1-qfpvvpykPPHnn3O3XAGJy7fW21o=", + "_id": "debug@2.6.8", + "_inBundle": false, + "_integrity": "sha1-5zFTHKLt4n0YgiJCfaF4IdaP9Pw=", "_location": "/pacote/make-fetch-happen/http-proxy-agent/debug", "_phantomChildren": {}, "_requested": { @@ -17,16 +18,14 @@ "_requiredBy": [ "/pacote/make-fetch-happen/http-proxy-agent" ], - "_resolved": "https://registry.npmjs.org/debug/-/debug-2.6.6.tgz", - "_shasum": "a9fa6fbe9ca43cf1e79f73b75c0189cbb7d6db5a", - "_shrinkwrap": null, + "_resolved": "https://registry.npmjs.org/debug/-/debug-2.6.8.tgz", + "_shasum": "e731531ca2ede27d188222427da17821d68ff4fc", "_spec": "debug@2", "_where": "/Users/zkat/Documents/code/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/http-proxy-agent", "author": { "name": "TJ Holowaychuk", "email": "tj@vision-media.ca" }, - "bin": null, "browser": "./src/browser.js", "bugs": { "url": "https://github.com/visionmedia/debug/issues" @@ -50,7 +49,7 @@ } ], "dependencies": { - "ms": "0.7.3" + "ms": "2.0.0" }, "deprecated": false, "description": "small debugging utility", @@ -81,11 +80,9 @@ "license": "MIT", "main": "./src/index.js", "name": "debug", - "optionalDependencies": {}, - "peerDependencies": {}, "repository": { "type": "git", "url": "git://github.com/visionmedia/debug.git" }, - "version": "2.6.6" + "version": "2.6.8" } diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/http-proxy-agent/node_modules/debug/src/browser.js b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/http-proxy-agent/node_modules/debug/src/browser.js index 053f4b898c..7106924934 100644 --- a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/http-proxy-agent/node_modules/debug/src/browser.js +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/http-proxy-agent/node_modules/debug/src/browser.js @@ -46,14 +46,14 @@ function useColors() { // is webkit? http://stackoverflow.com/a/16459606/376773 // document is undefined in react-native: https://github.com/facebook/react-native/pull/1632 - return (typeof document !== 'undefined' && document && document.documentElement && document.documentElement.style && document.documentElement.style.WebkitAppearance) || + return (typeof document !== 'undefined' && document.documentElement && document.documentElement.style && document.documentElement.style.WebkitAppearance) || // is firebug? http://stackoverflow.com/a/398120/376773 - (typeof window !== 'undefined' && window && window.console && (window.console.firebug || (window.console.exception && window.console.table))) || + (typeof window !== 'undefined' && window.console && (window.console.firebug || (window.console.exception && window.console.table))) || // is firefox >= v31? // https://developer.mozilla.org/en-US/docs/Tools/Web_Console#Styling_messages - (typeof navigator !== 'undefined' && navigator && navigator.userAgent && navigator.userAgent.toLowerCase().match(/firefox\/(\d+)/) && parseInt(RegExp.$1, 10) >= 31) || + (typeof navigator !== 'undefined' && navigator.userAgent && navigator.userAgent.toLowerCase().match(/firefox\/(\d+)/) && parseInt(RegExp.$1, 10) >= 31) || // double check webkit in userAgent just in case we are in a worker - (typeof navigator !== 'undefined' && navigator && navigator.userAgent && navigator.userAgent.toLowerCase().match(/applewebkit\/(\d+)/)); + (typeof navigator !== 'undefined' && navigator.userAgent && navigator.userAgent.toLowerCase().match(/applewebkit\/(\d+)/)); } /** diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/http-proxy-agent/node_modules/debug/src/node.js b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/http-proxy-agent/node_modules/debug/src/node.js index 3c7407b6b7..af61297683 100644 --- a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/http-proxy-agent/node_modules/debug/src/node.js +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/http-proxy-agent/node_modules/debug/src/node.js @@ -231,7 +231,12 @@ function createWritableStdioStream (fd) { */ function init (debug) { - debug.inspectOpts = util._extend({}, exports.inspectOpts); + debug.inspectOpts = {}; + + var keys = Object.keys(exports.inspectOpts); + for (var i = 0; i < keys.length; i++) { + debug.inspectOpts[keys[i]] = exports.inspectOpts[keys[i]]; + } } /** diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/https-proxy-agent/node_modules/debug/CHANGELOG.md b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/https-proxy-agent/node_modules/debug/CHANGELOG.md index a9def50cf8..3dfb812968 100644 --- a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/https-proxy-agent/node_modules/debug/CHANGELOG.md +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/https-proxy-agent/node_modules/debug/CHANGELOG.md @@ -1,8 +1,15 @@ -2.6.6 / 2017-04-27 +2.6.8 / 2017-05-18 ================== - * Fix: regression from removal of undefined check (@thebigredgeek) + * Fix: Check for undefined on browser globals (#462, @marbemac) + +2.6.7 / 2017-05-16 +================== + + * Fix: Update ms to 2.0.0 to fix regular expression denial of service vulnerability (#458, @hubdotcom) + * Fix: Inline extend function in node implementation (#452, @dougwilson) + * Docs: Fix typo (#455, @msasad) 2.6.5 / 2017-04-27 ================== diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/https-proxy-agent/node_modules/debug/README.md b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/https-proxy-agent/node_modules/debug/README.md index 9b70a382f9..bc59ae86e8 100644 --- a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/https-proxy-agent/node_modules/debug/README.md +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/https-proxy-agent/node_modules/debug/README.md @@ -100,7 +100,7 @@ Then, run the program to be debugged as usual. | Name | Purpose | |-----------|-------------------------------------------------| -| `DEBUG` | Enables/disabled specific debugging namespaces. | +| `DEBUG` | Enables/disables specific debugging namespaces. | | `DEBUG_COLORS`| Whether or not to use colors in the debug output. | | `DEBUG_DEPTH` | Object inspection depth. | | `DEBUG_SHOW_HIDDEN` | Shows hidden properties on inspected objects. | diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/https-proxy-agent/node_modules/debug/component.json b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/https-proxy-agent/node_modules/debug/component.json index 0705b91aa7..94cd36d8b6 100644 --- a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/https-proxy-agent/node_modules/debug/component.json +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/https-proxy-agent/node_modules/debug/component.json @@ -2,7 +2,7 @@ "name": "debug", "repo": "visionmedia/debug", "description": "small debugging utility", - "version": "2.6.6", + "version": "2.6.8", "keywords": [ "debug", "log", diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/https-proxy-agent/node_modules/debug/node_modules/ms/index.js b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/https-proxy-agent/node_modules/debug/node_modules/ms/index.js index e904c7054b..6a522b16b3 100644 --- a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/https-proxy-agent/node_modules/debug/node_modules/ms/index.js +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/https-proxy-agent/node_modules/debug/node_modules/ms/index.js @@ -2,11 +2,11 @@ * Helpers. */ -var s = 1000 -var m = s * 60 -var h = m * 60 -var d = h * 24 -var y = d * 365.25 +var s = 1000; +var m = s * 60; +var h = m * 60; +var d = h * 24; +var y = d * 365.25; /** * Parse or format the given `val`. @@ -22,18 +22,19 @@ var y = d * 365.25 * @api public */ -module.exports = function (val, options) { - options = options || {} - var type = typeof val +module.exports = function(val, options) { + options = options || {}; + var type = typeof val; if (type === 'string' && val.length > 0) { - return parse(val) + return parse(val); } else if (type === 'number' && isNaN(val) === false) { - return options.long ? - fmtLong(val) : - fmtShort(val) + return options.long ? fmtLong(val) : fmtShort(val); } - throw new Error('val is not a non-empty string or a valid number. val=' + JSON.stringify(val)) -} + throw new Error( + 'val is not a non-empty string or a valid number. val=' + + JSON.stringify(val) + ); +}; /** * Parse the given `str` and return milliseconds. @@ -44,53 +45,55 @@ module.exports = function (val, options) { */ function parse(str) { - str = String(str) - if (str.length > 10000) { - return + str = String(str); + if (str.length > 100) { + return; } - var match = /^((?:\d+)?\.?\d+) *(milliseconds?|msecs?|ms|seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|years?|yrs?|y)?$/i.exec(str) + var match = /^((?:\d+)?\.?\d+) *(milliseconds?|msecs?|ms|seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|years?|yrs?|y)?$/i.exec( + str + ); if (!match) { - return + return; } - var n = parseFloat(match[1]) - var type = (match[2] || 'ms').toLowerCase() + var n = parseFloat(match[1]); + var type = (match[2] || 'ms').toLowerCase(); switch (type) { case 'years': case 'year': case 'yrs': case 'yr': case 'y': - return n * y + return n * y; case 'days': case 'day': case 'd': - return n * d + return n * d; case 'hours': case 'hour': case 'hrs': case 'hr': case 'h': - return n * h + return n * h; case 'minutes': case 'minute': case 'mins': case 'min': case 'm': - return n * m + return n * m; case 'seconds': case 'second': case 'secs': case 'sec': case 's': - return n * s + return n * s; case 'milliseconds': case 'millisecond': case 'msecs': case 'msec': case 'ms': - return n + return n; default: - return undefined + return undefined; } } @@ -104,18 +107,18 @@ function parse(str) { function fmtShort(ms) { if (ms >= d) { - return Math.round(ms / d) + 'd' + return Math.round(ms / d) + 'd'; } if (ms >= h) { - return Math.round(ms / h) + 'h' + return Math.round(ms / h) + 'h'; } if (ms >= m) { - return Math.round(ms / m) + 'm' + return Math.round(ms / m) + 'm'; } if (ms >= s) { - return Math.round(ms / s) + 's' + return Math.round(ms / s) + 's'; } - return ms + 'ms' + return ms + 'ms'; } /** @@ -131,7 +134,7 @@ function fmtLong(ms) { plural(ms, h, 'hour') || plural(ms, m, 'minute') || plural(ms, s, 'second') || - ms + ' ms' + ms + ' ms'; } /** @@ -140,10 +143,10 @@ function fmtLong(ms) { function plural(ms, n, name) { if (ms < n) { - return + return; } if (ms < n * 1.5) { - return Math.floor(ms / n) + ' ' + name + return Math.floor(ms / n) + ' ' + name; } - return Math.ceil(ms / n) + ' ' + name + 's' + return Math.ceil(ms / n) + ' ' + name + 's'; } diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/https-proxy-agent/node_modules/debug/node_modules/ms/package.json b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/https-proxy-agent/node_modules/debug/node_modules/ms/package.json index e1a8785c3d..edaef6e355 100644 --- a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/https-proxy-agent/node_modules/debug/node_modules/ms/package.json +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/https-proxy-agent/node_modules/debug/node_modules/ms/package.json @@ -1,72 +1,69 @@ { - "_from": "ms@0.7.3", - "_id": "ms@0.7.3", - "_integrity": "sha1-cIFVpeROM/X9D8U+gdDUCpG+H/8=", + "_from": "ms@2.0.0", + "_id": "ms@2.0.0", + "_inBundle": false, + "_integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=", "_location": "/pacote/make-fetch-happen/https-proxy-agent/debug/ms", "_phantomChildren": {}, "_requested": { "type": "version", "registry": true, - "raw": "ms@0.7.3", + "raw": "ms@2.0.0", "name": "ms", "escapedName": "ms", - "rawSpec": "0.7.3", + "rawSpec": "2.0.0", "saveSpec": null, - "fetchSpec": "0.7.3" + "fetchSpec": "2.0.0" }, "_requiredBy": [ "/pacote/make-fetch-happen/https-proxy-agent/debug" ], - "_resolved": "https://registry.npmjs.org/ms/-/ms-0.7.3.tgz", - "_shasum": "708155a5e44e33f5fd0fc53e81d0d40a91be1fff", - "_shrinkwrap": null, - "_spec": "ms@0.7.3", + "_resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "_shasum": "5608aeadfc00be6c2901df5f9861788de0d597c8", + "_spec": "ms@2.0.0", "_where": "/Users/zkat/Documents/code/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/https-proxy-agent/node_modules/debug", - "bin": null, "bugs": { "url": "https://github.com/zeit/ms/issues" }, "bundleDependencies": false, - "component": { - "scripts": { - "ms/index.js": "index.js" - } - }, - "dependencies": {}, "deprecated": false, "description": "Tiny milisecond conversion utility", "devDependencies": { + "eslint": "3.19.0", "expect.js": "0.3.1", - "mocha": "3.0.2", - "serve": "5.0.1", - "xo": "0.17.0" + "husky": "0.13.3", + "lint-staged": "3.4.1", + "mocha": "3.4.1" + }, + "eslintConfig": { + "extends": "eslint:recommended", + "env": { + "node": true, + "es6": true + } }, "files": [ "index.js" ], "homepage": "https://github.com/zeit/ms#readme", "license": "MIT", + "lint-staged": { + "*.js": [ + "npm run lint", + "prettier --single-quote --write", + "git add" + ] + }, "main": "./index", "name": "ms", - "optionalDependencies": {}, - "peerDependencies": {}, "repository": { "type": "git", "url": "git+https://github.com/zeit/ms.git" }, "scripts": { - "test": "xo && mocha test/index.js", - "test-browser": "serve ./test" + "lint": "eslint lib/* bin/*", + "precommit": "lint-staged", + "test": "mocha tests.js" }, - "version": "0.7.3", - "xo": { - "space": true, - "semicolon": false, - "envs": [ - "mocha" - ], - "rules": { - "complexity": 0 - } - } + "version": "2.0.0" } diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/https-proxy-agent/node_modules/debug/node_modules/ms/readme.md b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/https-proxy-agent/node_modules/debug/node_modules/ms/readme.md index 5b475707d8..84a9974ccc 100644 --- a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/https-proxy-agent/node_modules/debug/node_modules/ms/readme.md +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/https-proxy-agent/node_modules/debug/node_modules/ms/readme.md @@ -1,8 +1,7 @@ # ms [](https://travis-ci.org/zeit/ms) -[](https://github.com/sindresorhus/xo) -[](https://zeit.chat/) +[](https://zeit.chat/) Use this package to easily convert various time formats to milliseconds. diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/https-proxy-agent/node_modules/debug/package.json b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/https-proxy-agent/node_modules/debug/package.json index 49f3bb4fd4..ac0f1e8a9b 100644 --- a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/https-proxy-agent/node_modules/debug/package.json +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/https-proxy-agent/node_modules/debug/package.json @@ -1,7 +1,8 @@ { "_from": "debug@2", - "_id": "debug@2.6.6", - "_integrity": "sha1-qfpvvpykPPHnn3O3XAGJy7fW21o=", + "_id": "debug@2.6.8", + "_inBundle": false, + "_integrity": "sha1-5zFTHKLt4n0YgiJCfaF4IdaP9Pw=", "_location": "/pacote/make-fetch-happen/https-proxy-agent/debug", "_phantomChildren": {}, "_requested": { @@ -17,16 +18,14 @@ "_requiredBy": [ "/pacote/make-fetch-happen/https-proxy-agent" ], - "_resolved": "https://registry.npmjs.org/debug/-/debug-2.6.6.tgz", - "_shasum": "a9fa6fbe9ca43cf1e79f73b75c0189cbb7d6db5a", - "_shrinkwrap": null, + "_resolved": "https://registry.npmjs.org/debug/-/debug-2.6.8.tgz", + "_shasum": "e731531ca2ede27d188222427da17821d68ff4fc", "_spec": "debug@2", "_where": "/Users/zkat/Documents/code/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/https-proxy-agent", "author": { "name": "TJ Holowaychuk", "email": "tj@vision-media.ca" }, - "bin": null, "browser": "./src/browser.js", "bugs": { "url": "https://github.com/visionmedia/debug/issues" @@ -50,7 +49,7 @@ } ], "dependencies": { - "ms": "0.7.3" + "ms": "2.0.0" }, "deprecated": false, "description": "small debugging utility", @@ -81,11 +80,9 @@ "license": "MIT", "main": "./src/index.js", "name": "debug", - "optionalDependencies": {}, - "peerDependencies": {}, "repository": { "type": "git", "url": "git://github.com/visionmedia/debug.git" }, - "version": "2.6.6" + "version": "2.6.8" } diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/https-proxy-agent/node_modules/debug/src/browser.js b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/https-proxy-agent/node_modules/debug/src/browser.js index 053f4b898c..7106924934 100644 --- a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/https-proxy-agent/node_modules/debug/src/browser.js +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/https-proxy-agent/node_modules/debug/src/browser.js @@ -46,14 +46,14 @@ function useColors() { // is webkit? http://stackoverflow.com/a/16459606/376773 // document is undefined in react-native: https://github.com/facebook/react-native/pull/1632 - return (typeof document !== 'undefined' && document && document.documentElement && document.documentElement.style && document.documentElement.style.WebkitAppearance) || + return (typeof document !== 'undefined' && document.documentElement && document.documentElement.style && document.documentElement.style.WebkitAppearance) || // is firebug? http://stackoverflow.com/a/398120/376773 - (typeof window !== 'undefined' && window && window.console && (window.console.firebug || (window.console.exception && window.console.table))) || + (typeof window !== 'undefined' && window.console && (window.console.firebug || (window.console.exception && window.console.table))) || // is firefox >= v31? // https://developer.mozilla.org/en-US/docs/Tools/Web_Console#Styling_messages - (typeof navigator !== 'undefined' && navigator && navigator.userAgent && navigator.userAgent.toLowerCase().match(/firefox\/(\d+)/) && parseInt(RegExp.$1, 10) >= 31) || + (typeof navigator !== 'undefined' && navigator.userAgent && navigator.userAgent.toLowerCase().match(/firefox\/(\d+)/) && parseInt(RegExp.$1, 10) >= 31) || // double check webkit in userAgent just in case we are in a worker - (typeof navigator !== 'undefined' && navigator && navigator.userAgent && navigator.userAgent.toLowerCase().match(/applewebkit\/(\d+)/)); + (typeof navigator !== 'undefined' && navigator.userAgent && navigator.userAgent.toLowerCase().match(/applewebkit\/(\d+)/)); } /** diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/https-proxy-agent/node_modules/debug/src/node.js b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/https-proxy-agent/node_modules/debug/src/node.js index 3c7407b6b7..af61297683 100644 --- a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/https-proxy-agent/node_modules/debug/src/node.js +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/https-proxy-agent/node_modules/debug/src/node.js @@ -231,7 +231,12 @@ function createWritableStdioStream (fd) { */ function init (debug) { - debug.inspectOpts = util._extend({}, exports.inspectOpts); + debug.inspectOpts = {}; + + var keys = Object.keys(exports.inspectOpts); + for (var i = 0; i < keys.length; i++) { + debug.inspectOpts[keys[i]] = exports.inspectOpts[keys[i]]; + } } /** diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/CHANGELOG.md b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/CHANGELOG.md index ec77cdd023..e007b99929 100644 --- a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/CHANGELOG.md +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/CHANGELOG.md @@ -2,6 +2,16 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +<a name="2.0.1"></a> +## [2.0.1](https://github.com/npm/node-fetch-npm/compare/v2.0.0...v2.0.1) (2017-05-24) + + +### Bug Fixes + +* **json:** improve JSON parse error reporting ([1c810df](https://github.com/npm/node-fetch-npm/commit/1c810df)) + + + <a name="2.0.0"></a> # [2.0.0](https://github.com/npm/node-fetch-npm/compare/v1.0.1...v2.0.0) (2017-05-06) diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/.editorconfig b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/.editorconfig new file mode 100644 index 0000000000..fb7f73a832 --- /dev/null +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/.editorconfig @@ -0,0 +1,14 @@ +root = true + +[*] +end_of_line = lf +insert_final_newline = true +trim_trailing_whitespace = true + +[*.js, **/*.js] +indent_size = 4 +indent_style = space + +[{package.json,.travis.yml}] +indent_size = 2 +indent_style = space diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/.npmignore b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/.npmignore new file mode 100644 index 0000000000..59d842baa8 --- /dev/null +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/.npmignore @@ -0,0 +1,28 @@ +# Logs +logs +*.log + +# Runtime data +pids +*.pid +*.seed + +# Directory for instrumented libs generated by jscoverage/JSCover +lib-cov + +# Coverage directory used by tools like istanbul +coverage + +# Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files) +.grunt + +# Compiled binary addons (http://nodejs.org/api/addons.html) +build/Release + +# Dependency directory +# Commenting this out is preferred by some people, see +# https://www.npmjs.org/doc/misc/npm-faq.html#should-i-check-my-node_modules-folder-into-git- +node_modules + +# Users Environment Variables +.lock-wscript diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/LICENSE b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/LICENSE new file mode 100644 index 0000000000..c3d2eb3550 --- /dev/null +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/LICENSE @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2015 Sam Mikes + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/README.md b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/README.md new file mode 100644 index 0000000000..ffad93584b --- /dev/null +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/README.md @@ -0,0 +1,29 @@ +# json-parse-helpfulerror + +A drop-in replacement for `JSON.parse` that uses +<https://npmjs.org/jju> to provide more useful error messages in the +event of a parse error. + +# Example + +## Installation + +``` +npm i -S json-parse-helpfulerror +``` + +## Use + +```js +var jph = require('json-parse-helpfulerror'); + +var notJSON = "{'foo': 3}"; // keys must be double-quoted in JSON + +JSON.parse(notJSON); // throws unhelpful error + +jph.parse("{'foo': 3}") // throws more helpful error: "Unexpected token '\''..." +``` + +# License + +MIT
\ No newline at end of file diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/index.js b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/index.js new file mode 100644 index 0000000000..15648b017b --- /dev/null +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/index.js @@ -0,0 +1,21 @@ +'use strict'; + +var jju = require('jju'); + +function parse(text, reviver) { + try { + return JSON.parse(text, reviver); + } catch (err) { + // we expect this to throw with a more informative message + jju.parse(text, { + mode: 'json', + reviver: reviver + }); + + // backup if jju is not as strict as JSON.parse; re-throw error + // data-dependent code path, I do not know how to cover it + throw err; + } +} + +exports.parse = parse; diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/node_modules/jju/.npmignore b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/node_modules/jju/.npmignore new file mode 100644 index 0000000000..5ae40150ee --- /dev/null +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/node_modules/jju/.npmignore @@ -0,0 +1,9 @@ +package.json +node_modules +test +benchmark +docs +examples +/.editorconfig +/.eslint* +/.travis.yml diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/node_modules/jju/LICENSE b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/node_modules/jju/LICENSE new file mode 100644 index 0000000000..5c93f45654 --- /dev/null +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/node_modules/jju/LICENSE @@ -0,0 +1,13 @@ + DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE + Version 2, December 2004 + + Copyright (C) 2004 Sam Hocevar <sam@hocevar.net> + + Everyone is permitted to copy and distribute verbatim or modified + copies of this license document, and changing it is allowed as long + as the name is changed. + + DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. You just DO WHAT THE FUCK YOU WANT TO. diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/node_modules/jju/README.md b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/node_modules/jju/README.md new file mode 100644 index 0000000000..3d61083fb0 --- /dev/null +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/node_modules/jju/README.md @@ -0,0 +1,242 @@ +`jju` - a set of utilities to work with JSON / JSON5 documents + +[](https://www.npmjs.org/package/jju) +[](https://travis-ci.org/rlidwka/jju) +[](https://www.npmjs.org/package/jju) + +## Installation + +``` +npm install jju +``` + +## Usage + +This module provides following functions: + +1. [jju.parse()](#jjuparse-function) parses json/json5 text and returns a javascript value it corresponds to +2. [jju.stringify()](#jjustringify-function) converts javascript value to an appropriate json/json5 text +3. [jju.tokenize()](#jjutokenize-function) parses json/json5 text and returns an array of tokens it consists of ([see demo](http://rlidwka.github.io/jju/tokenizer.html)) +4. [jju.analyze()](#jjuanalyze-function) parses json/json5 text and tries to guess indentation, quoting style, etc. +5. [jju.update()](#jjuupdate-function) changes json/json5 text, preserving original formatting as much as possible ([see demo](http://rlidwka.github.io/jju/editor.html)) + +All functions are able to work with a standard JSON documents. `jju.parse()` and `jju.stringify()` are better in some cases, but slower than native `JSON.parse()` and `JSON.stringify()` versions. Detailed description see below. + +### jju.parse() function + +```javascript +/* + * Main syntax: + * + * `text` - text to parse, type: String + * `options` - parser options, type: Object + */ +jju.parse(text[, options]) + +// compatibility syntax +jju.parse(text[, reviver]) +``` + +Options: + + - reserved\_keys - what to do with reserved keys (String, default="ignore") + - "ignore" - ignore reserved keys + - "throw" - throw SyntaxError in case of reserved keys + - "replace" - replace reserved keys, this is the default JSON.parse behaviour, unsafe + + Reserved keys are keys that exist in an empty object (`hasOwnProperty`, `__proto__`, etc.). + +```javascript +// 'ignore' will cause reserved keys to be ignored: +parse('{hasOwnProperty: 1}', {reserved_keys: 'ignore'}) == {} +parse('{hasOwnProperty: 1, x: 2}', {reserved_keys: 'ignore'}).hasOwnProperty('x') == true + +// 'throw' will cause SyntaxError in these cases: +parse('{hasOwnProperty: 1}', {reserved_keys: 'throw'}) == SyntaxError + +// 'replace' will replace reserved keys with new ones: +parse('{hasOwnProperty: 1}', {reserved_keys: 'throw'}) == {hasOwnProperty: 1} +parse('{hasOwnProperty: 1, x: 2}', {reserved_keys: 'ignore'}).hasOwnProperty('x') == TypeError +``` + + + - null\_prototype - create object as Object.create(null) instead of '{}' (Boolean) + + if `reserved_keys != 'replace'`, default is **false** + + if `reserved_keys == 'replace'`, default is **true** + + It is usually unsafe and not recommended to change this option to false in the last case. + + - reviver - reviver function - Function + + This function should follow JSON specification + + - mode - operation mode, set it to 'json' if you want to throw on non-strict json files (String) + +### jju.stringify() function + +```javascript +/* + * Main syntax: + * + * `value` - value to serialize, type: * + * `options` - serializer options, type: Object + */ +jju.stringify(value[, options]) + +// compatibility syntax +jju.stringify(value[, replacer [, indent]) +``` + +Options: + + - ascii - output ascii only (Boolean, default=false) + If this option is enabled, output will not have any characters except of 0x20-0x7f. + + - indent - indentation (String, Number or Boolean, default='\t') + This option follows JSON specification. + + - quote - enquoting char (String, "'" or '"', default="'") + - quote\_keys - whether keys quoting in objects is required or not (String, default=false) + If you want `{"q": 1}` instead of `{q: 1}`, set it to true. + + - sort\_keys - sort all keys while stringifying (Boolean or Function, default=false) + By default sort order will depend on implementation, with v8 it's insertion order. If set to `true`, all keys (but not arrays) will be sorted alphabetically. You can provide your own sorting function as well. + + - replacer - replacer function or array (Function or Array) + This option follows JSON specification. + + - no\_trailing\_comma = don't output trailing comma (Boolean, default=false) + If this option is set, arrays like this `[1,2,3,]` will never be generated. Otherwise they may be generated for pretty printing. + + - mode - operation mode, set it to 'json' if you want correct json in the output (String) + + Currently it's either 'json' or something else. If it is 'json', following options are implied: + + - options.quote = '"' + - options.no\_trailing\_comma = true + - options.quote\_keys = true + - '\x' literals are not used + +### jju.tokenize() function + +```javascript +/* + * Main syntax: + * + * `text` - text to tokenize, type: String + * `options` - parser options, type: Object + */ +jju.tokenize(text[, options]) +``` + +Options are the same as for the `jju.parse` function. + +Return value is an array of tokens, where each token is an object: + + - raw (String) - raw text of this token, if you join all raw's, you will get the original document + - type (String) - type of the token, can be `whitespace`, `comment`, `key`, `literal`, `separator` or `newline` + - stack (Array) - path to the current token in the syntax tree + - value - value of the token if token is a `key` or `literal` + +You can check tokenizer for yourself using [this demo](http://rlidwka.github.io/jju/tokenizer.html). + +### jju.analyze() function + +```javascript +/* + * Main syntax: + * + * `text` - text to analyze, type: String + * `options` - parser options, type: Object + */ +jju.analyze(text[, options]) +``` + +Options are the same as for the `jju.parse` function. + +Return value is an object defining a programming style in which the document was written. + + - indent (String) - preferred indentation + - newline (String) - preferred newline + - quote (String) - `"` or `'` depending on which quote is preferred + - quote\_keys (Boolean) - `true` if unquoted keys were used at least once + - has\_whitespace (Boolean) - `true` if input has a whitespace token + - has\_comments (Boolean) - `true` if input has a comment token + - has\_newlines (Boolean) - `true` if input has a newline token + - has\_trailing\_comma (Boolean) - `true` if input has at least one trailing comma + +### jju.update() function + +```javascript +/* + * Main syntax: + * + * `text` - original text, type: String + * `new_value` - new value you want to set + * `options` - parser or stringifier options, type: Object + */ +jju.update(text, new_value[, options]) +``` + +If you want to update a JSON document, here is the general approach: + +```javascript +// here is your original JSON document: +var input = '{"foo": "bar", "baz": 123}' + +// you need to parse it first: +var json = jju.parse(input, {mode: 'json'}) +// json is { foo: 'bar', baz: 123 } + +// then you can change it as you like: +json.foo = 'quux' +json.hello = 'world' + +// then you run an update function to change the original json: +var output = jju.update(input, json, {mode: 'json'}) +// output is '{"foo": "quux", "baz": 123, "hello": "world"}' +``` + +Look at [this demo](http://rlidwka.github.io/jju/editor.html) to test various types of json. + +## Advantages over existing JSON libraries + +In a few cases it makes sense to use this module instead of built-in JSON methods. + +Parser: + - better error reporting with source code and line numbers + +In case of syntax error, JSON.parse does not return any good information to the user. This module does: + +``` +$ node -e 'require("jju").parse("[1,1,1,1,invalid]")' + +SyntaxError: Unexpected token 'i' at 0:9 +[1,1,1,1,invalid] + ^ +``` + +This module is about 5 times slower, so if user experience matters to you more than performance, use this module. If you're working with a lot of machine-generated data, use JSON.parse instead. + +Stringifier: + - util.inspect-like pretty printing + +This module behaves more smart when dealing with object and arrays, and does not always print newlines in them: + +``` +$ node -e 'console.log(require("./").stringify([[,,,],,,[,,,,]], {mode:"json"}))' +[ + [null, null, null], + null, + null, + [null, null, null, null] +] +``` + +JSON.stringify will split this into 15 lines, and it's hard to read. + +Yet again, this feature comes with a performance hit, so if user experience matters to you more than performance, use this module. If your JSON will be consumed by machines, use JSON.stringify instead. + +As a rule of thumb, if you use "space" argument to indent your JSON, you'd better use this module instead. diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/node_modules/jju/index.js b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/node_modules/jju/index.js new file mode 100644 index 0000000000..50f1624963 --- /dev/null +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/node_modules/jju/index.js @@ -0,0 +1,32 @@ + +module.exports.__defineGetter__('parse', function() { + return require('./lib/parse').parse +}) + +module.exports.__defineGetter__('stringify', function() { + return require('./lib/stringify').stringify +}) + +module.exports.__defineGetter__('tokenize', function() { + return require('./lib/parse').tokenize +}) + +module.exports.__defineGetter__('update', function() { + return require('./lib/document').update +}) + +module.exports.__defineGetter__('analyze', function() { + return require('./lib/analyze').analyze +}) + +module.exports.__defineGetter__('utils', function() { + return require('./lib/utils') +}) + +/**package +{ "name": "jju", + "version": "0.0.0", + "dependencies": {"js-yaml": "*"}, + "scripts": {"postinstall": "js-yaml package.yaml > package.json ; npm install"} +} +**/ diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/node_modules/jju/lib/analyze.js b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/node_modules/jju/lib/analyze.js new file mode 100644 index 0000000000..39303b0969 --- /dev/null +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/node_modules/jju/lib/analyze.js @@ -0,0 +1,91 @@ +/* + * Author: Alex Kocharin <alex@kocharin.ru> + * GIT: https://github.com/rlidwka/jju + * License: WTFPL, grab your copy here: http://www.wtfpl.net/txt/copying/ + */ + +var tokenize = require('./parse').tokenize + +module.exports.analyze = function analyzeJSON(input, options) { + if (options == null) options = {} + + if (!Array.isArray(input)) { + input = tokenize(input, options) + } + + var result = { + has_whitespace: false, + has_comments: false, + has_newlines: false, + has_trailing_comma: false, + indent: '', + newline: '\n', + quote: '"', + quote_keys: true, + } + + var stats = { + indent: {}, + newline: {}, + quote: {}, + } + + for (var i=0; i<input.length; i++) { + if (input[i].type === 'newline') { + if (input[i+1] && input[i+1].type === 'whitespace') { + if (input[i+1].raw[0] === '\t') { + // if first is tab, then indent is tab + stats.indent['\t'] = (stats.indent['\t'] || 0) + 1 + } + if (input[i+1].raw.match(/^\x20+$/)) { + // if all are spaces, then indent is space + // this can fail with mixed indent (4, 2 would display 3) + var ws_len = input[i+1].raw.length + var indent_len = input[i+1].stack.length + 1 + if (ws_len % indent_len === 0) { + var t = Array(ws_len / indent_len + 1).join(' ') + stats.indent[t] = (stats.indent[t] || 0) + 1 + } + } + } + + stats.newline[input[i].raw] = (stats.newline[input[i].raw] || 0) + 1 + } + + if (input[i].type === 'newline') { + result.has_newlines = true + } + if (input[i].type === 'whitespace') { + result.has_whitespace = true + } + if (input[i].type === 'comment') { + result.has_comments = true + } + if (input[i].type === 'key') { + if (input[i].raw[0] !== '"' && input[i].raw[0] !== "'") result.quote_keys = false + } + + if (input[i].type === 'key' || input[i].type === 'literal') { + if (input[i].raw[0] === '"' || input[i].raw[0] === "'") { + stats.quote[input[i].raw[0]] = (stats.quote[input[i].raw[0]] || 0) + 1 + } + } + + if (input[i].type === 'separator' && input[i].raw === ',') { + for (var j=i+1; j<input.length; j++) { + if (input[j].type === 'literal' || input[j].type === 'key') break + if (input[j].type === 'separator') result.has_trailing_comma = true + } + } + } + + for (var k in stats) { + if (Object.keys(stats[k]).length) { + result[k] = Object.keys(stats[k]).reduce(function(a, b) { + return stats[k][a] > stats[k][b] ? a : b + }) + } + } + + return result +} diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/node_modules/jju/lib/document.js b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/node_modules/jju/lib/document.js new file mode 100644 index 0000000000..af1a01a03d --- /dev/null +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/node_modules/jju/lib/document.js @@ -0,0 +1,484 @@ +/* + * Author: Alex Kocharin <alex@kocharin.ru> + * GIT: https://github.com/rlidwka/jju + * License: WTFPL, grab your copy here: http://www.wtfpl.net/txt/copying/ + */ + +var assert = require('assert') +var tokenize = require('./parse').tokenize +var stringify = require('./stringify').stringify +var analyze = require('./analyze').analyze + +function isObject(x) { + return typeof(x) === 'object' && x !== null +} + +function value_to_tokenlist(value, stack, options, is_key, indent) { + options = Object.create(options) + options._stringify_key = !!is_key + + if (indent) { + options._prefix = indent.prefix.map(function(x) { + return x.raw + }).join('') + } + + if (options._splitMin == null) options._splitMin = 0 + if (options._splitMax == null) options._splitMax = 0 + + var stringified = stringify(value, options) + + if (is_key) { + return [ { raw: stringified, type: 'key', stack: stack, value: value } ] + } + + options._addstack = stack + var result = tokenize(stringified, { + _addstack: stack, + }) + result.data = null + return result +} + +// '1.2.3' -> ['1','2','3'] +function arg_to_path(path) { + // array indexes + if (typeof(path) === 'number') path = String(path) + + if (path === '') path = [] + if (typeof(path) === 'string') path = path.split('.') + + if (!Array.isArray(path)) throw Error('Invalid path type, string or array expected') + return path +} + +// returns new [begin, end] or false if not found +// +// {x:3, xxx: 111, y: [111, {q: 1, e: 2} ,333] } +// f('y',0) returns this B^^^^^^^^^^^^^^^^^^^^^^^^E +// then f('1',1) would reduce it to B^^^^^^^^^^E +function find_element_in_tokenlist(element, lvl, tokens, begin, end) { + while(tokens[begin].stack[lvl] != element) { + if (begin++ >= end) return false + } + while(tokens[end].stack[lvl] != element) { + if (end-- < begin) return false + } + return [begin, end] +} + +function is_whitespace(token_type) { + return token_type === 'whitespace' + || token_type === 'newline' + || token_type === 'comment' +} + +function find_first_non_ws_token(tokens, begin, end) { + while(is_whitespace(tokens[begin].type)) { + if (begin++ >= end) return false + } + return begin +} + +function find_last_non_ws_token(tokens, begin, end) { + while(is_whitespace(tokens[end].type)) { + if (end-- < begin) return false + } + return end +} + +/* + * when appending a new element of an object/array, we are trying to + * figure out the style used on the previous element + * + * return {prefix, sep1, sep2, suffix} + * + * ' "key" : "element" \r\n' + * prefix^^^^ sep1^ ^^sep2 ^^^^^^^^suffix + * + * begin - the beginning of the object/array + * end - last token of the last element (value or comma usually) + */ +function detect_indent_style(tokens, is_array, begin, end, level) { + var result = { + sep1: [], + sep2: [], + suffix: [], + prefix: [], + newline: [], + } + + if (tokens[end].type === 'separator' && tokens[end].stack.length !== level+1 && tokens[end].raw !== ',') { + // either a beginning of the array (no last element) or other weird situation + // + // just return defaults + return result + } + + // ' "key" : "value" ,' + // skipping last separator, we're now here ^^ + if (tokens[end].type === 'separator') + end = find_last_non_ws_token(tokens, begin, end - 1) + if (end === false) return result + + // ' "key" : "value" ,' + // skipping value ^^^^^^^ + while(tokens[end].stack.length > level) end-- + + if (!is_array) { + while(is_whitespace(tokens[end].type)) { + if (end < begin) return result + if (tokens[end].type === 'whitespace') { + result.sep2.unshift(tokens[end]) + } else { + // newline, comment or other unrecognized codestyle + return result + } + end-- + } + + // ' "key" : "value" ,' + // skipping separator ^ + assert.equal(tokens[end].type, 'separator') + assert.equal(tokens[end].raw, ':') + while(is_whitespace(tokens[--end].type)) { + if (end < begin) return result + if (tokens[end].type === 'whitespace') { + result.sep1.unshift(tokens[end]) + } else { + // newline, comment or other unrecognized codestyle + return result + } + } + + assert.equal(tokens[end].type, 'key') + end-- + } + + // ' "key" : "value" ,' + // skipping key ^^^^^ + while(is_whitespace(tokens[end].type)) { + if (end < begin) return result + if (tokens[end].type === 'whitespace') { + result.prefix.unshift(tokens[end]) + } else if (tokens[end].type === 'newline') { + result.newline.unshift(tokens[end]) + return result + } else { + // comment or other unrecognized codestyle + return result + } + end-- + } + + return result +} + +function Document(text, options) { + var self = Object.create(Document.prototype) + + if (options == null) options = {} + //options._structure = true + var tokens = self._tokens = tokenize(text, options) + self._data = tokens.data + tokens.data = null + self._options = options + + var stats = analyze(text, options) + if (options.indent == null) { + options.indent = stats.indent + } + if (options.quote == null) { + options.quote = stats.quote + } + if (options.quote_keys == null) { + options.quote_keys = stats.quote_keys + } + if (options.no_trailing_comma == null) { + options.no_trailing_comma = !stats.has_trailing_comma + } + return self +} + +// return true if it's a proper object +// throw otherwise +function check_if_can_be_placed(key, object, is_unset) { + //if (object == null) return false + function error(add) { + return Error("You can't " + (is_unset ? 'unset' : 'set') + " key '" + key + "'" + add) + } + + if (!isObject(object)) { + throw error(' of an non-object') + } + if (Array.isArray(object)) { + // array, check boundary + if (String(key).match(/^\d+$/)) { + key = Number(String(key)) + if (object.length < key || (is_unset && object.length === key)) { + throw error(', out of bounds') + } else if (is_unset && object.length !== key+1) { + throw error(' in the middle of an array') + } else { + return true + } + } else { + throw error(' of an array') + } + } else { + // object + return true + } +} + +// usage: document.set('path.to.something', 'value') +// or: document.set(['path','to','something'], 'value') +Document.prototype.set = function(path, value) { + path = arg_to_path(path) + + // updating this._data and check for errors + if (path.length === 0) { + if (value === undefined) throw Error("can't remove root document") + this._data = value + var new_key = false + + } else { + var data = this._data + + for (var i=0; i<path.length-1; i++) { + check_if_can_be_placed(path[i], data, false) + data = data[path[i]] + } + if (i === path.length-1) { + check_if_can_be_placed(path[i], data, value === undefined) + } + + var new_key = !(path[i] in data) + + if (value === undefined) { + if (Array.isArray(data)) { + data.pop() + } else { + delete data[path[i]] + } + } else { + data[path[i]] = value + } + } + + // for inserting document + if (!this._tokens.length) + this._tokens = [ { raw: '', type: 'literal', stack: [], value: undefined } ] + + var position = [ + find_first_non_ws_token(this._tokens, 0, this._tokens.length - 1), + find_last_non_ws_token(this._tokens, 0, this._tokens.length - 1), + ] + for (var i=0; i<path.length-1; i++) { + position = find_element_in_tokenlist(path[i], i, this._tokens, position[0], position[1]) + if (position == false) throw Error('internal error, please report this') + } + // assume that i == path.length-1 here + + if (path.length === 0) { + var newtokens = value_to_tokenlist(value, path, this._options) + // all good + + } else if (!new_key) { + // replace old value with a new one (or deleting something) + var pos_old = position + position = find_element_in_tokenlist(path[i], i, this._tokens, position[0], position[1]) + + if (value === undefined && position !== false) { + // deleting element (position !== false ensures there's something) + var newtokens = [] + + if (!Array.isArray(data)) { + // removing element from an object, `{x:1, key:CURRENT} -> {x:1}` + // removing sep, literal and optional sep + // ':' + var pos2 = find_last_non_ws_token(this._tokens, pos_old[0], position[0] - 1) + assert.equal(this._tokens[pos2].type, 'separator') + assert.equal(this._tokens[pos2].raw, ':') + position[0] = pos2 + + // key + var pos2 = find_last_non_ws_token(this._tokens, pos_old[0], position[0] - 1) + assert.equal(this._tokens[pos2].type, 'key') + assert.equal(this._tokens[pos2].value, path[path.length-1]) + position[0] = pos2 + } + + // removing comma in arrays and objects + var pos2 = find_last_non_ws_token(this._tokens, pos_old[0], position[0] - 1) + assert.equal(this._tokens[pos2].type, 'separator') + if (this._tokens[pos2].raw === ',') { + position[0] = pos2 + } else { + // beginning of the array/object, so we should remove trailing comma instead + pos2 = find_first_non_ws_token(this._tokens, position[1] + 1, pos_old[1]) + assert.equal(this._tokens[pos2].type, 'separator') + if (this._tokens[pos2].raw === ',') { + position[1] = pos2 + } + } + + } else { + var indent = pos2 !== false + ? detect_indent_style(this._tokens, Array.isArray(data), pos_old[0], position[1] - 1, i) + : {} + var newtokens = value_to_tokenlist(value, path, this._options, false, indent) + } + + } else { + // insert new key, that's tricky + var path_1 = path.slice(0, i) + + // find a last separator after which we're inserting it + var pos2 = find_last_non_ws_token(this._tokens, position[0] + 1, position[1] - 1) + assert(pos2 !== false) + + var indent = pos2 !== false + ? detect_indent_style(this._tokens, Array.isArray(data), position[0] + 1, pos2, i) + : {} + + var newtokens = value_to_tokenlist(value, path, this._options, false, indent) + + // adding leading whitespaces according to detected codestyle + var prefix = [] + if (indent.newline && indent.newline.length) + prefix = prefix.concat(indent.newline) + if (indent.prefix && indent.prefix.length) + prefix = prefix.concat(indent.prefix) + + // adding '"key":' (as in "key":"value") to object values + if (!Array.isArray(data)) { + prefix = prefix.concat(value_to_tokenlist(path[path.length-1], path_1, this._options, true)) + if (indent.sep1 && indent.sep1.length) + prefix = prefix.concat(indent.sep1) + prefix.push({raw: ':', type: 'separator', stack: path_1}) + if (indent.sep2 && indent.sep2.length) + prefix = prefix.concat(indent.sep2) + } + + newtokens.unshift.apply(newtokens, prefix) + + // check if prev token is a separator AND they're at the same level + if (this._tokens[pos2].type === 'separator' && this._tokens[pos2].stack.length === path.length-1) { + // previous token is either , or [ or { + if (this._tokens[pos2].raw === ',') { + // restore ending comma + newtokens.push({raw: ',', type: 'separator', stack: path_1}) + } + } else { + // previous token isn't a separator, so need to insert one + newtokens.unshift({raw: ',', type: 'separator', stack: path_1}) + } + + if (indent.suffix && indent.suffix.length) + newtokens.push.apply(newtokens, indent.suffix) + + assert.equal(this._tokens[position[1]].type, 'separator') + position[0] = pos2+1 + position[1] = pos2 + } + + newtokens.unshift(position[1] - position[0] + 1) + newtokens.unshift(position[0]) + this._tokens.splice.apply(this._tokens, newtokens) + + return this +} + +// convenience method +Document.prototype.unset = function(path) { + return this.set(path, undefined) +} + +Document.prototype.get = function(path) { + path = arg_to_path(path) + + var data = this._data + for (var i=0; i<path.length; i++) { + if (!isObject(data)) return undefined + data = data[path[i]] + } + return data +} + +Document.prototype.has = function(path) { + path = arg_to_path(path) + + var data = this._data + for (var i=0; i<path.length; i++) { + if (!isObject(data)) return false + data = data[path[i]] + } + return data !== undefined +} + +// compare old object and new one, and change differences only +Document.prototype.update = function(value) { + var self = this + change([], self._data, value) + return self + + function change(path, old_data, new_data) { + if (!isObject(new_data) || !isObject(old_data)) { + // if source or dest is primitive, just replace + if (new_data !== old_data) + self.set(path, new_data) + + } else if (Array.isArray(new_data) != Array.isArray(old_data)) { + // old data is an array XOR new data is an array, replace as well + self.set(path, new_data) + + } else if (Array.isArray(new_data)) { + // both values are arrays here + + if (new_data.length > old_data.length) { + // adding new elements, so going forward + for (var i=0; i<new_data.length; i++) { + path.push(String(i)) + change(path, old_data[i], new_data[i]) + path.pop() + } + + } else { + // removing something, so going backward + for (var i=old_data.length-1; i>=0; i--) { + path.push(String(i)) + change(path, old_data[i], new_data[i]) + path.pop() + } + } + + } else { + // both values are objects here + for (var i in new_data) { + path.push(String(i)) + change(path, old_data[i], new_data[i]) + path.pop() + } + + for (var i in old_data) { + if (i in new_data) continue + path.push(String(i)) + change(path, old_data[i], new_data[i]) + path.pop() + } + } + } +} + +Document.prototype.toString = function() { + return this._tokens.map(function(x) { + return x.raw + }).join('') +} + +module.exports.Document = Document + +module.exports.update = function updateJSON(source, new_value, options) { + return Document(source, options).update(new_value).toString() +} diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/node_modules/jju/lib/parse.js b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/node_modules/jju/lib/parse.js new file mode 100644 index 0000000000..025007f63b --- /dev/null +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/node_modules/jju/lib/parse.js @@ -0,0 +1,764 @@ +/* + * Author: Alex Kocharin <alex@kocharin.ru> + * GIT: https://github.com/rlidwka/jju + * License: WTFPL, grab your copy here: http://www.wtfpl.net/txt/copying/ + */ + +// RTFM: http://www.ecma-international.org/publications/files/ECMA-ST/Ecma-262.pdf + +var Uni = require('./unicode') + +function isHexDigit(x) { + return (x >= '0' && x <= '9') + || (x >= 'A' && x <= 'F') + || (x >= 'a' && x <= 'f') +} + +function isOctDigit(x) { + return x >= '0' && x <= '7' +} + +function isDecDigit(x) { + return x >= '0' && x <= '9' +} + +var unescapeMap = { + '\'': '\'', + '"' : '"', + '\\': '\\', + 'b' : '\b', + 'f' : '\f', + 'n' : '\n', + 'r' : '\r', + 't' : '\t', + 'v' : '\v', + '/' : '/', +} + +function formatError(input, msg, position, lineno, column, json5) { + var result = msg + ' at ' + (lineno + 1) + ':' + (column + 1) + , tmppos = position - column - 1 + , srcline = '' + , underline = '' + + var isLineTerminator = json5 ? Uni.isLineTerminator : Uni.isLineTerminatorJSON + + // output no more than 70 characters before the wrong ones + if (tmppos < position - 70) { + tmppos = position - 70 + } + + while (1) { + var chr = input[++tmppos] + + if (isLineTerminator(chr) || tmppos === input.length) { + if (position >= tmppos) { + // ending line error, so show it after the last char + underline += '^' + } + break + } + srcline += chr + + if (position === tmppos) { + underline += '^' + } else if (position > tmppos) { + underline += input[tmppos] === '\t' ? '\t' : ' ' + } + + // output no more than 78 characters on the string + if (srcline.length > 78) break + } + + return result + '\n' + srcline + '\n' + underline +} + +function parse(input, options) { + // parse as a standard JSON mode + var json5 = false; + var cjson = false; + + if (options.legacy || options.mode === 'json') { + // use json + } else if (options.mode === 'cjson') { + cjson = true; + } else if (options.mode === 'json5') { + json5 = true; + } else { + // use it by default + json5 = true; + } + + var isLineTerminator = json5 ? Uni.isLineTerminator : Uni.isLineTerminatorJSON + var isWhiteSpace = json5 ? Uni.isWhiteSpace : Uni.isWhiteSpaceJSON + + var length = input.length + , lineno = 0 + , linestart = 0 + , position = 0 + , stack = [] + + var tokenStart = function() {} + var tokenEnd = function(v) {return v} + + /* tokenize({ + raw: '...', + type: 'whitespace'|'comment'|'key'|'literal'|'separator'|'newline', + value: 'number'|'string'|'whatever', + path: [...], + }) + */ + if (options._tokenize) { + ;(function() { + var start = null + tokenStart = function() { + if (start !== null) throw Error('internal error, token overlap') + start = position + } + + tokenEnd = function(v, type) { + if (start != position) { + var hash = { + raw: input.substr(start, position-start), + type: type, + stack: stack.slice(0), + } + if (v !== undefined) hash.value = v + options._tokenize.call(null, hash) + } + start = null + return v + } + })() + } + + function fail(msg) { + var column = position - linestart + + if (!msg) { + if (position < length) { + var token = '\'' + + JSON + .stringify(input[position]) + .replace(/^"|"$/g, '') + .replace(/'/g, "\\'") + .replace(/\\"/g, '"') + + '\'' + + if (!msg) msg = 'Unexpected token ' + token + } else { + if (!msg) msg = 'Unexpected end of input' + } + } + + var error = SyntaxError(formatError(input, msg, position, lineno, column, json5)) + error.row = lineno + 1 + error.column = column + 1 + throw error + } + + function newline(chr) { + // account for <cr><lf> + if (chr === '\r' && input[position] === '\n') position++ + linestart = position + lineno++ + } + + function parseGeneric() { + var result + + while (position < length) { + tokenStart() + var chr = input[position++] + + if (chr === '"' || (chr === '\'' && json5)) { + return tokenEnd(parseString(chr), 'literal') + + } else if (chr === '{') { + tokenEnd(undefined, 'separator') + return parseObject() + + } else if (chr === '[') { + tokenEnd(undefined, 'separator') + return parseArray() + + } else if (chr === '-' + || chr === '.' + || isDecDigit(chr) + // + number Infinity NaN + || (json5 && (chr === '+' || chr === 'I' || chr === 'N')) + ) { + return tokenEnd(parseNumber(), 'literal') + + } else if (chr === 'n') { + parseKeyword('null') + return tokenEnd(null, 'literal') + + } else if (chr === 't') { + parseKeyword('true') + return tokenEnd(true, 'literal') + + } else if (chr === 'f') { + parseKeyword('false') + return tokenEnd(false, 'literal') + + } else { + position-- + return tokenEnd(undefined) + } + } + } + + function parseKey() { + var result + + while (position < length) { + tokenStart() + var chr = input[position++] + + if (chr === '"' || (chr === '\'' && json5)) { + return tokenEnd(parseString(chr), 'key') + + } else if (chr === '{') { + tokenEnd(undefined, 'separator') + return parseObject() + + } else if (chr === '[') { + tokenEnd(undefined, 'separator') + return parseArray() + + } else if (chr === '.' + || isDecDigit(chr) + ) { + return tokenEnd(parseNumber(true), 'key') + + } else if (json5 + && Uni.isIdentifierStart(chr) || (chr === '\\' && input[position] === 'u')) { + // unicode char or a unicode sequence + var rollback = position - 1 + var result = parseIdentifier() + + if (result === undefined) { + position = rollback + return tokenEnd(undefined) + } else { + return tokenEnd(result, 'key') + } + + } else { + position-- + return tokenEnd(undefined) + } + } + } + + function skipWhiteSpace() { + tokenStart() + while (position < length) { + var chr = input[position++] + + if (isLineTerminator(chr)) { + position-- + tokenEnd(undefined, 'whitespace') + tokenStart() + position++ + newline(chr) + tokenEnd(undefined, 'newline') + tokenStart() + + } else if (isWhiteSpace(chr)) { + // nothing + + } else if (chr === '/' + && (json5 || cjson) + && (input[position] === '/' || input[position] === '*') + ) { + position-- + tokenEnd(undefined, 'whitespace') + tokenStart() + position++ + skipComment(input[position++] === '*') + tokenEnd(undefined, 'comment') + tokenStart() + + } else { + position-- + break + } + } + return tokenEnd(undefined, 'whitespace') + } + + function skipComment(multi) { + while (position < length) { + var chr = input[position++] + + if (isLineTerminator(chr)) { + // LineTerminator is an end of singleline comment + if (!multi) { + // let parent function deal with newline + position-- + return + } + + newline(chr) + + } else if (chr === '*' && multi) { + // end of multiline comment + if (input[position] === '/') { + position++ + return + } + + } else { + // nothing + } + } + + if (multi) { + fail('Unclosed multiline comment') + } + } + + function parseKeyword(keyword) { + // keyword[0] is not checked because it should've checked earlier + var _pos = position + var len = keyword.length + for (var i=1; i<len; i++) { + if (position >= length || keyword[i] != input[position]) { + position = _pos-1 + fail() + } + position++ + } + } + + function parseObject() { + var result = options.null_prototype ? Object.create(null) : {} + , empty_object = {} + , is_non_empty = false + + while (position < length) { + skipWhiteSpace() + var item1 = parseKey() + skipWhiteSpace() + tokenStart() + var chr = input[position++] + tokenEnd(undefined, 'separator') + + if (chr === '}' && item1 === undefined) { + if (!json5 && is_non_empty) { + position-- + fail('Trailing comma in object') + } + return result + + } else if (chr === ':' && item1 !== undefined) { + skipWhiteSpace() + stack.push(item1) + var item2 = parseGeneric() + stack.pop() + + if (item2 === undefined) fail('No value found for key ' + item1) + if (typeof(item1) !== 'string') { + if (!json5 || typeof(item1) !== 'number') { + fail('Wrong key type: ' + item1) + } + } + + if ((item1 in empty_object || empty_object[item1] != null) && options.reserved_keys !== 'replace') { + if (options.reserved_keys === 'throw') { + fail('Reserved key: ' + item1) + } else { + // silently ignore it + } + } else { + if (typeof(options.reviver) === 'function') { + item2 = options.reviver.call(null, item1, item2) + } + + if (item2 !== undefined) { + is_non_empty = true + Object.defineProperty(result, item1, { + value: item2, + enumerable: true, + configurable: true, + writable: true, + }) + } + } + + skipWhiteSpace() + + tokenStart() + var chr = input[position++] + tokenEnd(undefined, 'separator') + + if (chr === ',') { + continue + + } else if (chr === '}') { + return result + + } else { + fail() + } + + } else { + position-- + fail() + } + } + + fail() + } + + function parseArray() { + var result = [] + + while (position < length) { + skipWhiteSpace() + stack.push(result.length) + var item = parseGeneric() + stack.pop() + skipWhiteSpace() + tokenStart() + var chr = input[position++] + tokenEnd(undefined, 'separator') + + if (item !== undefined) { + if (typeof(options.reviver) === 'function') { + item = options.reviver.call(null, String(result.length), item) + } + if (item === undefined) { + result.length++ + item = true // hack for check below, not included into result + } else { + result.push(item) + } + } + + if (chr === ',') { + if (item === undefined) { + fail('Elisions are not supported') + } + + } else if (chr === ']') { + if (!json5 && item === undefined && result.length) { + position-- + fail('Trailing comma in array') + } + return result + + } else { + position-- + fail() + } + } + } + + function parseNumber() { + // rewind because we don't know first char + position-- + + var start = position + , chr = input[position++] + , t + + var to_num = function(is_octal) { + var str = input.substr(start, position - start) + + if (is_octal) { + var result = parseInt(str.replace(/^0o?/, ''), 8) + } else { + var result = Number(str) + } + + if (Number.isNaN(result)) { + position-- + fail('Bad numeric literal - "' + input.substr(start, position - start + 1) + '"') + } else if (!json5 && !str.match(/^-?(0|[1-9][0-9]*)(\.[0-9]+)?(e[+-]?[0-9]+)?$/i)) { + // additional restrictions imposed by json + position-- + fail('Non-json numeric literal - "' + input.substr(start, position - start + 1) + '"') + } else { + return result + } + } + + // ex: -5982475.249875e+29384 + // ^ skipping this + if (chr === '-' || (chr === '+' && json5)) chr = input[position++] + + if (chr === 'N' && json5) { + parseKeyword('NaN') + return NaN + } + + if (chr === 'I' && json5) { + parseKeyword('Infinity') + + // returning +inf or -inf + return to_num() + } + + if (chr >= '1' && chr <= '9') { + // ex: -5982475.249875e+29384 + // ^^^ skipping these + while (position < length && isDecDigit(input[position])) position++ + chr = input[position++] + } + + // special case for leading zero: 0.123456 + if (chr === '0') { + chr = input[position++] + + // new syntax, "0o777" old syntax, "0777" + var is_octal = chr === 'o' || chr === 'O' || isOctDigit(chr) + var is_hex = chr === 'x' || chr === 'X' + + if (json5 && (is_octal || is_hex)) { + while (position < length + && (is_hex ? isHexDigit : isOctDigit)( input[position] ) + ) position++ + + var sign = 1 + if (input[start] === '-') { + sign = -1 + start++ + } else if (input[start] === '+') { + start++ + } + + return sign * to_num(is_octal) + } + } + + if (chr === '.') { + // ex: -5982475.249875e+29384 + // ^^^ skipping these + while (position < length && isDecDigit(input[position])) position++ + chr = input[position++] + } + + if (chr === 'e' || chr === 'E') { + chr = input[position++] + if (chr === '-' || chr === '+') position++ + // ex: -5982475.249875e+29384 + // ^^^ skipping these + while (position < length && isDecDigit(input[position])) position++ + chr = input[position++] + } + + // we have char in the buffer, so count for it + position-- + return to_num() + } + + function parseIdentifier() { + // rewind because we don't know first char + position-- + + var result = '' + + while (position < length) { + var chr = input[position++] + + if (chr === '\\' + && input[position] === 'u' + && isHexDigit(input[position+1]) + && isHexDigit(input[position+2]) + && isHexDigit(input[position+3]) + && isHexDigit(input[position+4]) + ) { + // UnicodeEscapeSequence + chr = String.fromCharCode(parseInt(input.substr(position+1, 4), 16)) + position += 5 + } + + if (result.length) { + // identifier started + if (Uni.isIdentifierPart(chr)) { + result += chr + } else { + position-- + return result + } + + } else { + if (Uni.isIdentifierStart(chr)) { + result += chr + } else { + return undefined + } + } + } + + fail() + } + + function parseString(endChar) { + // 7.8.4 of ES262 spec + var result = '' + + while (position < length) { + var chr = input[position++] + + if (chr === endChar) { + return result + + } else if (chr === '\\') { + if (position >= length) fail() + chr = input[position++] + + if (unescapeMap[chr] && (json5 || (chr != 'v' && chr != "'"))) { + result += unescapeMap[chr] + + } else if (json5 && isLineTerminator(chr)) { + // line continuation + newline(chr) + + } else if (chr === 'u' || (chr === 'x' && json5)) { + // unicode/character escape sequence + var off = chr === 'u' ? 4 : 2 + + // validation for \uXXXX + for (var i=0; i<off; i++) { + if (position >= length) fail() + if (!isHexDigit(input[position])) fail('Bad escape sequence') + position++ + } + + result += String.fromCharCode(parseInt(input.substr(position-off, off), 16)) + } else if (json5 && isOctDigit(chr)) { + if (chr < '4' && isOctDigit(input[position]) && isOctDigit(input[position+1])) { + // three-digit octal + var digits = 3 + } else if (isOctDigit(input[position])) { + // two-digit octal + var digits = 2 + } else { + var digits = 1 + } + position += digits - 1 + result += String.fromCharCode(parseInt(input.substr(position-digits, digits), 8)) + /*if (!isOctDigit(input[position])) { + // \0 is allowed still + result += '\0' + } else { + fail('Octal literals are not supported') + }*/ + + } else if (json5) { + // \X -> x + result += chr + + } else { + position-- + fail() + } + + } else if (isLineTerminator(chr)) { + fail() + + } else { + if (!json5 && chr.charCodeAt(0) < 32) { + position-- + fail('Unexpected control character') + } + + // SourceCharacter but not one of " or \ or LineTerminator + result += chr + } + } + + fail() + } + + skipWhiteSpace() + var return_value = parseGeneric() + if (return_value !== undefined || position < length) { + skipWhiteSpace() + + if (position >= length) { + if (typeof(options.reviver) === 'function') { + return_value = options.reviver.call(null, '', return_value) + } + return return_value + } else { + fail() + } + + } else { + if (position) { + fail('No data, only a whitespace') + } else { + fail('No data, empty input') + } + } +} + +/* + * parse(text, options) + * or + * parse(text, reviver) + * + * where: + * text - string + * options - object + * reviver - function + */ +module.exports.parse = function parseJSON(input, options) { + // support legacy functions + if (typeof(options) === 'function') { + options = { + reviver: options + } + } + + if (input === undefined) { + // parse(stringify(x)) should be equal x + // with JSON functions it is not 'cause of undefined + // so we're fixing it + return undefined + } + + // JSON.parse compat + if (typeof(input) !== 'string') input = String(input) + if (options == null) options = {} + if (options.reserved_keys == null) options.reserved_keys = 'ignore' + + if (options.reserved_keys === 'throw' || options.reserved_keys === 'ignore') { + if (options.null_prototype == null) { + options.null_prototype = true + } + } + + try { + return parse(input, options) + } catch(err) { + // jju is a recursive parser, so JSON.parse("{{{{{{{") could blow up the stack + // + // this catch is used to skip all those internal calls + if (err instanceof SyntaxError && err.row != null && err.column != null) { + var old_err = err + err = SyntaxError(old_err.message) + err.column = old_err.column + err.row = old_err.row + } + throw err + } +} + +module.exports.tokenize = function tokenizeJSON(input, options) { + if (options == null) options = {} + + options._tokenize = function(smth) { + if (options._addstack) smth.stack.unshift.apply(smth.stack, options._addstack) + tokens.push(smth) + } + + var tokens = [] + tokens.data = module.exports.parse(input, options) + return tokens +} diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/node_modules/jju/lib/stringify.js b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/node_modules/jju/lib/stringify.js new file mode 100644 index 0000000000..e76af2efe8 --- /dev/null +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/node_modules/jju/lib/stringify.js @@ -0,0 +1,382 @@ +/* + * Author: Alex Kocharin <alex@kocharin.ru> + * GIT: https://github.com/rlidwka/jju + * License: WTFPL, grab your copy here: http://www.wtfpl.net/txt/copying/ + */ + +var Uni = require('./unicode') + +// Fix Function#name on browsers that do not support it (IE) +// http://stackoverflow.com/questions/6903762/function-name-not-supported-in-ie +if (!(function f(){}).name) { + Object.defineProperty((function(){}).constructor.prototype, 'name', { + get: function() { + var name = this.toString().match(/^\s*function\s*(\S*)\s*\(/)[1] + // For better performance only parse once, and then cache the + // result through a new accessor for repeated access. + Object.defineProperty(this, 'name', { value: name }) + return name + } + }) +} + +var special_chars = { + 0: '\\0', // this is not an octal literal + 8: '\\b', + 9: '\\t', + 10: '\\n', + 11: '\\v', + 12: '\\f', + 13: '\\r', + 92: '\\\\', +} + +// for oddballs +var hasOwnProperty = Object.prototype.hasOwnProperty + +// some people escape those, so I'd copy this to be safe +var escapable = /[\x00-\x1f\x7f-\x9f\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/ + +function _stringify(object, options, recursiveLvl, currentKey) { + var json5 = (options.mode === 'json5' || !options.mode) + /* + * Opinionated decision warning: + * + * Objects are serialized in the following form: + * { type: 'Class', data: DATA } + * + * Class is supposed to be a function, and new Class(DATA) is + * supposed to be equivalent to the original value + */ + /*function custom_type() { + return stringify({ + type: object.constructor.name, + data: object.toString() + }) + }*/ + + // if add, it's an internal indentation, so we add 1 level and a eol + // if !add, it's an ending indentation, so we just indent + function indent(str, add) { + var prefix = options._prefix ? options._prefix : '' + if (!options.indent) return prefix + str + var result = '' + var count = recursiveLvl + (add || 0) + for (var i=0; i<count; i++) result += options.indent + return prefix + result + str + (add ? '\n' : '') + } + + function _stringify_key(key) { + if (options.quote_keys) return _stringify_str(key) + if (String(Number(key)) == key && key[0] != '-') return key + if (key == '') return _stringify_str(key) + + var result = '' + for (var i=0; i<key.length; i++) { + if (i > 0) { + if (!Uni.isIdentifierPart(key[i])) + return _stringify_str(key) + + } else { + if (!Uni.isIdentifierStart(key[i])) + return _stringify_str(key) + } + + var chr = key.charCodeAt(i) + + if (options.ascii) { + if (chr < 0x80) { + result += key[i] + + } else { + result += '\\u' + ('0000' + chr.toString(16)).slice(-4) + } + + } else { + if (escapable.exec(key[i])) { + result += '\\u' + ('0000' + chr.toString(16)).slice(-4) + + } else { + result += key[i] + } + } + } + + return result + } + + function _stringify_str(key) { + var quote = options.quote + var quoteChr = quote.charCodeAt(0) + + var result = '' + for (var i=0; i<key.length; i++) { + var chr = key.charCodeAt(i) + + if (chr < 0x10) { + if (chr === 0 && json5) { + result += '\\0' + } else if (chr >= 8 && chr <= 13 && (json5 || chr !== 11)) { + result += special_chars[chr] + } else if (json5) { + result += '\\x0' + chr.toString(16) + } else { + result += '\\u000' + chr.toString(16) + } + + } else if (chr < 0x20) { + if (json5) { + result += '\\x' + chr.toString(16) + } else { + result += '\\u00' + chr.toString(16) + } + + } else if (chr >= 0x20 && chr < 0x80) { + // ascii range + if (chr === 47 && i && key[i-1] === '<') { + // escaping slashes in </script> + result += '\\' + key[i] + + } else if (chr === 92) { + result += '\\\\' + + } else if (chr === quoteChr) { + result += '\\' + quote + + } else { + result += key[i] + } + + } else if (options.ascii || Uni.isLineTerminator(key[i]) || escapable.exec(key[i])) { + if (chr < 0x100) { + if (json5) { + result += '\\x' + chr.toString(16) + } else { + result += '\\u00' + chr.toString(16) + } + + } else if (chr < 0x1000) { + result += '\\u0' + chr.toString(16) + + } else if (chr < 0x10000) { + result += '\\u' + chr.toString(16) + + } else { + throw Error('weird codepoint') + } + } else { + result += key[i] + } + } + return quote + result + quote + } + + function _stringify_object() { + if (object === null) return 'null' + var result = [] + , len = 0 + , braces + + if (Array.isArray(object)) { + braces = '[]' + for (var i=0; i<object.length; i++) { + var s = _stringify(object[i], options, recursiveLvl+1, String(i)) + if (s === undefined) s = 'null' + len += s.length + 2 + result.push(s + ',') + } + + } else { + braces = '{}' + var fn = function(key) { + var t = _stringify(object[key], options, recursiveLvl+1, key) + if (t !== undefined) { + t = _stringify_key(key) + ':' + (options.indent ? ' ' : '') + t + ',' + len += t.length + 1 + result.push(t) + } + } + + if (Array.isArray(options.replacer)) { + for (var i=0; i<options.replacer.length; i++) + if (hasOwnProperty.call(object, options.replacer[i])) + fn(options.replacer[i]) + } else { + var keys = Object.keys(object) + if (options.sort_keys) + keys = keys.sort(typeof(options.sort_keys) === 'function' + ? options.sort_keys : undefined) + keys.forEach(fn) + } + } + + // objects shorter than 30 characters are always inlined + // objects longer than 60 characters are always splitted to multiple lines + // anything in the middle depends on indentation level + len -= 2 + if (options.indent && (len > options._splitMax - recursiveLvl * options.indent.length || len > options._splitMin) ) { + // remove trailing comma in multiline if asked to + if (options.no_trailing_comma && result.length) { + result[result.length-1] = result[result.length-1].substring(0, result[result.length-1].length-1) + } + + var innerStuff = result.map(function(x) {return indent(x, 1)}).join('') + return braces[0] + + (options.indent ? '\n' : '') + + innerStuff + + indent(braces[1]) + } else { + // always remove trailing comma in one-lined arrays + if (result.length) { + result[result.length-1] = result[result.length-1].substring(0, result[result.length-1].length-1) + } + + var innerStuff = result.join(options.indent ? ' ' : '') + return braces[0] + + innerStuff + + braces[1] + } + } + + function _stringify_nonobject(object) { + if (typeof(options.replacer) === 'function') { + object = options.replacer.call(null, currentKey, object) + } + + switch(typeof(object)) { + case 'string': + return _stringify_str(object) + + case 'number': + if (object === 0 && 1/object < 0) { + // Opinionated decision warning: + // + // I want cross-platform negative zero in all js engines + // I know they're equal, but why lose that tiny bit of + // information needlessly? + return '-0' + } + if (!json5 && !Number.isFinite(object)) { + // json don't support infinity (= sucks) + return 'null' + } + return object.toString() + + case 'boolean': + return object.toString() + + case 'undefined': + return undefined + + case 'function': +// return custom_type() + + default: + // fallback for something weird + return JSON.stringify(object) + } + } + + if (options._stringify_key) { + return _stringify_key(object) + } + + if (typeof(object) === 'object') { + if (object === null) return 'null' + + var str + if (typeof(str = object.toJSON5) === 'function' && options.mode !== 'json') { + object = str.call(object, currentKey) + + } else if (typeof(str = object.toJSON) === 'function') { + object = str.call(object, currentKey) + } + + if (object === null) return 'null' + if (typeof(object) !== 'object') return _stringify_nonobject(object) + + if (object.constructor === Number || object.constructor === Boolean || object.constructor === String) { + object = object.valueOf() + return _stringify_nonobject(object) + + } else if (object.constructor === Date) { + // only until we can't do better + return _stringify_nonobject(object.toISOString()) + + } else { + if (typeof(options.replacer) === 'function') { + object = options.replacer.call(null, currentKey, object) + if (typeof(object) !== 'object') return _stringify_nonobject(object) + } + + return _stringify_object(object) + } + } else { + return _stringify_nonobject(object) + } +} + +/* + * stringify(value, options) + * or + * stringify(value, replacer, space) + * + * where: + * value - anything + * options - object + * replacer - function or array + * space - boolean or number or string + */ +module.exports.stringify = function stringifyJSON(object, options, _space) { + // support legacy syntax + if (typeof(options) === 'function' || Array.isArray(options)) { + options = { + replacer: options + } + } else if (typeof(options) === 'object' && options !== null) { + // nothing to do + } else { + options = {} + } + if (_space != null) options.indent = _space + + if (options.indent == null) options.indent = '\t' + if (options.quote == null) options.quote = "'" + if (options.ascii == null) options.ascii = false + if (options.mode == null) options.mode = 'json5' + + if (options.mode === 'json' || options.mode === 'cjson') { + // json only supports double quotes (= sucks) + options.quote = '"' + + // json don't support trailing commas (= sucks) + options.no_trailing_comma = true + + // json don't support unquoted property names (= sucks) + options.quote_keys = true + } + + // why would anyone use such objects? + if (typeof(options.indent) === 'object') { + if (options.indent.constructor === Number + || options.indent.constructor === Boolean + || options.indent.constructor === String) + options.indent = options.indent.valueOf() + } + + // gap is capped at 10 characters + if (typeof(options.indent) === 'number') { + if (options.indent >= 0) { + options.indent = Array(Math.min(~~options.indent, 10) + 1).join(' ') + } else { + options.indent = false + } + } else if (typeof(options.indent) === 'string') { + options.indent = options.indent.substr(0, 10) + } + + if (options._splitMin == null) options._splitMin = 50 + if (options._splitMax == null) options._splitMax = 70 + + return _stringify(object, options, 0, '') +} diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/node_modules/jju/lib/unicode.js b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/node_modules/jju/lib/unicode.js new file mode 100644 index 0000000000..1a29143c2d --- /dev/null +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/node_modules/jju/lib/unicode.js @@ -0,0 +1,71 @@ + +// This is autogenerated with esprima tools, see: +// https://github.com/ariya/esprima/blob/master/esprima.js +// +// PS: oh God, I hate Unicode + +// ECMAScript 5.1/Unicode v6.3.0 NonAsciiIdentifierStart: + +var Uni = module.exports + +module.exports.isWhiteSpace = function isWhiteSpace(x) { + // section 7.2, table 2 + return x === '\u0020' + || x === '\u00A0' + || x === '\uFEFF' // <-- this is not a Unicode WS, only a JS one + || (x >= '\u0009' && x <= '\u000D') // 9 A B C D + + // + whitespace characters from unicode, category Zs + || x === '\u1680' + || x === '\u180E' + || (x >= '\u2000' && x <= '\u200A') // 0 1 2 3 4 5 6 7 8 9 A + || x === '\u2028' + || x === '\u2029' + || x === '\u202F' + || x === '\u205F' + || x === '\u3000' +} + +module.exports.isWhiteSpaceJSON = function isWhiteSpaceJSON(x) { + return x === '\u0020' + || x === '\u0009' + || x === '\u000A' + || x === '\u000D' +} + +module.exports.isLineTerminator = function isLineTerminator(x) { + // ok, here is the part when JSON is wrong + // section 7.3, table 3 + return x === '\u000A' + || x === '\u000D' + || x === '\u2028' + || x === '\u2029' +} + +module.exports.isLineTerminatorJSON = function isLineTerminatorJSON(x) { + return x === '\u000A' + || x === '\u000D' +} + +module.exports.isIdentifierStart = function isIdentifierStart(x) { + return x === '$' + || x === '_' + || (x >= 'A' && x <= 'Z') + || (x >= 'a' && x <= 'z') + || (x >= '\u0080' && Uni.NonAsciiIdentifierStart.test(x)) +} + +module.exports.isIdentifierPart = function isIdentifierPart(x) { + return x === '$' + || x === '_' + || (x >= 'A' && x <= 'Z') + || (x >= 'a' && x <= 'z') + || (x >= '0' && x <= '9') // <-- addition to Start + || (x >= '\u0080' && Uni.NonAsciiIdentifierPart.test(x)) +} + +module.exports.NonAsciiIdentifierStart = /[\xAA\xB5\xBA\xC0-\xD6\xD8-\xF6\xF8-\u02C1\u02C6-\u02D1\u02E0-\u02E4\u02EC\u02EE\u0370-\u0374\u0376\u0377\u037A-\u037D\u0386\u0388-\u038A\u038C\u038E-\u03A1\u03A3-\u03F5\u03F7-\u0481\u048A-\u0527\u0531-\u0556\u0559\u0561-\u0587\u05D0-\u05EA\u05F0-\u05F2\u0620-\u064A\u066E\u066F\u0671-\u06D3\u06D5\u06E5\u06E6\u06EE\u06EF\u06FA-\u06FC\u06FF\u0710\u0712-\u072F\u074D-\u07A5\u07B1\u07CA-\u07EA\u07F4\u07F5\u07FA\u0800-\u0815\u081A\u0824\u0828\u0840-\u0858\u08A0\u08A2-\u08AC\u0904-\u0939\u093D\u0950\u0958-\u0961\u0971-\u0977\u0979-\u097F\u0985-\u098C\u098F\u0990\u0993-\u09A8\u09AA-\u09B0\u09B2\u09B6-\u09B9\u09BD\u09CE\u09DC\u09DD\u09DF-\u09E1\u09F0\u09F1\u0A05-\u0A0A\u0A0F\u0A10\u0A13-\u0A28\u0A2A-\u0A30\u0A32\u0A33\u0A35\u0A36\u0A38\u0A39\u0A59-\u0A5C\u0A5E\u0A72-\u0A74\u0A85-\u0A8D\u0A8F-\u0A91\u0A93-\u0AA8\u0AAA-\u0AB0\u0AB2\u0AB3\u0AB5-\u0AB9\u0ABD\u0AD0\u0AE0\u0AE1\u0B05-\u0B0C\u0B0F\u0B10\u0B13-\u0B28\u0B2A-\u0B30\u0B32\u0B33\u0B35-\u0B39\u0B3D\u0B5C\u0B5D\u0B5F-\u0B61\u0B71\u0B83\u0B85-\u0B8A\u0B8E-\u0B90\u0B92-\u0B95\u0B99\u0B9A\u0B9C\u0B9E\u0B9F\u0BA3\u0BA4\u0BA8-\u0BAA\u0BAE-\u0BB9\u0BD0\u0C05-\u0C0C\u0C0E-\u0C10\u0C12-\u0C28\u0C2A-\u0C33\u0C35-\u0C39\u0C3D\u0C58\u0C59\u0C60\u0C61\u0C85-\u0C8C\u0C8E-\u0C90\u0C92-\u0CA8\u0CAA-\u0CB3\u0CB5-\u0CB9\u0CBD\u0CDE\u0CE0\u0CE1\u0CF1\u0CF2\u0D05-\u0D0C\u0D0E-\u0D10\u0D12-\u0D3A\u0D3D\u0D4E\u0D60\u0D61\u0D7A-\u0D7F\u0D85-\u0D96\u0D9A-\u0DB1\u0DB3-\u0DBB\u0DBD\u0DC0-\u0DC6\u0E01-\u0E30\u0E32\u0E33\u0E40-\u0E46\u0E81\u0E82\u0E84\u0E87\u0E88\u0E8A\u0E8D\u0E94-\u0E97\u0E99-\u0E9F\u0EA1-\u0EA3\u0EA5\u0EA7\u0EAA\u0EAB\u0EAD-\u0EB0\u0EB2\u0EB3\u0EBD\u0EC0-\u0EC4\u0EC6\u0EDC-\u0EDF\u0F00\u0F40-\u0F47\u0F49-\u0F6C\u0F88-\u0F8C\u1000-\u102A\u103F\u1050-\u1055\u105A-\u105D\u1061\u1065\u1066\u106E-\u1070\u1075-\u1081\u108E\u10A0-\u10C5\u10C7\u10CD\u10D0-\u10FA\u10FC-\u1248\u124A-\u124D\u1250-\u1256\u1258\u125A-\u125D\u1260-\u1288\u128A-\u128D\u1290-\u12B0\u12B2-\u12B5\u12B8-\u12BE\u12C0\u12C2-\u12C5\u12C8-\u12D6\u12D8-\u1310\u1312-\u1315\u1318-\u135A\u1380-\u138F\u13A0-\u13F4\u1401-\u166C\u166F-\u167F\u1681-\u169A\u16A0-\u16EA\u16EE-\u16F0\u1700-\u170C\u170E-\u1711\u1720-\u1731\u1740-\u1751\u1760-\u176C\u176E-\u1770\u1780-\u17B3\u17D7\u17DC\u1820-\u1877\u1880-\u18A8\u18AA\u18B0-\u18F5\u1900-\u191C\u1950-\u196D\u1970-\u1974\u1980-\u19AB\u19C1-\u19C7\u1A00-\u1A16\u1A20-\u1A54\u1AA7\u1B05-\u1B33\u1B45-\u1B4B\u1B83-\u1BA0\u1BAE\u1BAF\u1BBA-\u1BE5\u1C00-\u1C23\u1C4D-\u1C4F\u1C5A-\u1C7D\u1CE9-\u1CEC\u1CEE-\u1CF1\u1CF5\u1CF6\u1D00-\u1DBF\u1E00-\u1F15\u1F18-\u1F1D\u1F20-\u1F45\u1F48-\u1F4D\u1F50-\u1F57\u1F59\u1F5B\u1F5D\u1F5F-\u1F7D\u1F80-\u1FB4\u1FB6-\u1FBC\u1FBE\u1FC2-\u1FC4\u1FC6-\u1FCC\u1FD0-\u1FD3\u1FD6-\u1FDB\u1FE0-\u1FEC\u1FF2-\u1FF4\u1FF6-\u1FFC\u2071\u207F\u2090-\u209C\u2102\u2107\u210A-\u2113\u2115\u2119-\u211D\u2124\u2126\u2128\u212A-\u212D\u212F-\u2139\u213C-\u213F\u2145-\u2149\u214E\u2160-\u2188\u2C00-\u2C2E\u2C30-\u2C5E\u2C60-\u2CE4\u2CEB-\u2CEE\u2CF2\u2CF3\u2D00-\u2D25\u2D27\u2D2D\u2D30-\u2D67\u2D6F\u2D80-\u2D96\u2DA0-\u2DA6\u2DA8-\u2DAE\u2DB0-\u2DB6\u2DB8-\u2DBE\u2DC0-\u2DC6\u2DC8-\u2DCE\u2DD0-\u2DD6\u2DD8-\u2DDE\u2E2F\u3005-\u3007\u3021-\u3029\u3031-\u3035\u3038-\u303C\u3041-\u3096\u309D-\u309F\u30A1-\u30FA\u30FC-\u30FF\u3105-\u312D\u3131-\u318E\u31A0-\u31BA\u31F0-\u31FF\u3400-\u4DB5\u4E00-\u9FCC\uA000-\uA48C\uA4D0-\uA4FD\uA500-\uA60C\uA610-\uA61F\uA62A\uA62B\uA640-\uA66E\uA67F-\uA697\uA6A0-\uA6EF\uA717-\uA71F\uA722-\uA788\uA78B-\uA78E\uA790-\uA793\uA7A0-\uA7AA\uA7F8-\uA801\uA803-\uA805\uA807-\uA80A\uA80C-\uA822\uA840-\uA873\uA882-\uA8B3\uA8F2-\uA8F7\uA8FB\uA90A-\uA925\uA930-\uA946\uA960-\uA97C\uA984-\uA9B2\uA9CF\uAA00-\uAA28\uAA40-\uAA42\uAA44-\uAA4B\uAA60-\uAA76\uAA7A\uAA80-\uAAAF\uAAB1\uAAB5\uAAB6\uAAB9-\uAABD\uAAC0\uAAC2\uAADB-\uAADD\uAAE0-\uAAEA\uAAF2-\uAAF4\uAB01-\uAB06\uAB09-\uAB0E\uAB11-\uAB16\uAB20-\uAB26\uAB28-\uAB2E\uABC0-\uABE2\uAC00-\uD7A3\uD7B0-\uD7C6\uD7CB-\uD7FB\uF900-\uFA6D\uFA70-\uFAD9\uFB00-\uFB06\uFB13-\uFB17\uFB1D\uFB1F-\uFB28\uFB2A-\uFB36\uFB38-\uFB3C\uFB3E\uFB40\uFB41\uFB43\uFB44\uFB46-\uFBB1\uFBD3-\uFD3D\uFD50-\uFD8F\uFD92-\uFDC7\uFDF0-\uFDFB\uFE70-\uFE74\uFE76-\uFEFC\uFF21-\uFF3A\uFF41-\uFF5A\uFF66-\uFFBE\uFFC2-\uFFC7\uFFCA-\uFFCF\uFFD2-\uFFD7\uFFDA-\uFFDC]/ + +// ECMAScript 5.1/Unicode v6.3.0 NonAsciiIdentifierPart: + +module.exports.NonAsciiIdentifierPart = /[\xAA\xB5\xBA\xC0-\xD6\xD8-\xF6\xF8-\u02C1\u02C6-\u02D1\u02E0-\u02E4\u02EC\u02EE\u0300-\u0374\u0376\u0377\u037A-\u037D\u0386\u0388-\u038A\u038C\u038E-\u03A1\u03A3-\u03F5\u03F7-\u0481\u0483-\u0487\u048A-\u0527\u0531-\u0556\u0559\u0561-\u0587\u0591-\u05BD\u05BF\u05C1\u05C2\u05C4\u05C5\u05C7\u05D0-\u05EA\u05F0-\u05F2\u0610-\u061A\u0620-\u0669\u066E-\u06D3\u06D5-\u06DC\u06DF-\u06E8\u06EA-\u06FC\u06FF\u0710-\u074A\u074D-\u07B1\u07C0-\u07F5\u07FA\u0800-\u082D\u0840-\u085B\u08A0\u08A2-\u08AC\u08E4-\u08FE\u0900-\u0963\u0966-\u096F\u0971-\u0977\u0979-\u097F\u0981-\u0983\u0985-\u098C\u098F\u0990\u0993-\u09A8\u09AA-\u09B0\u09B2\u09B6-\u09B9\u09BC-\u09C4\u09C7\u09C8\u09CB-\u09CE\u09D7\u09DC\u09DD\u09DF-\u09E3\u09E6-\u09F1\u0A01-\u0A03\u0A05-\u0A0A\u0A0F\u0A10\u0A13-\u0A28\u0A2A-\u0A30\u0A32\u0A33\u0A35\u0A36\u0A38\u0A39\u0A3C\u0A3E-\u0A42\u0A47\u0A48\u0A4B-\u0A4D\u0A51\u0A59-\u0A5C\u0A5E\u0A66-\u0A75\u0A81-\u0A83\u0A85-\u0A8D\u0A8F-\u0A91\u0A93-\u0AA8\u0AAA-\u0AB0\u0AB2\u0AB3\u0AB5-\u0AB9\u0ABC-\u0AC5\u0AC7-\u0AC9\u0ACB-\u0ACD\u0AD0\u0AE0-\u0AE3\u0AE6-\u0AEF\u0B01-\u0B03\u0B05-\u0B0C\u0B0F\u0B10\u0B13-\u0B28\u0B2A-\u0B30\u0B32\u0B33\u0B35-\u0B39\u0B3C-\u0B44\u0B47\u0B48\u0B4B-\u0B4D\u0B56\u0B57\u0B5C\u0B5D\u0B5F-\u0B63\u0B66-\u0B6F\u0B71\u0B82\u0B83\u0B85-\u0B8A\u0B8E-\u0B90\u0B92-\u0B95\u0B99\u0B9A\u0B9C\u0B9E\u0B9F\u0BA3\u0BA4\u0BA8-\u0BAA\u0BAE-\u0BB9\u0BBE-\u0BC2\u0BC6-\u0BC8\u0BCA-\u0BCD\u0BD0\u0BD7\u0BE6-\u0BEF\u0C01-\u0C03\u0C05-\u0C0C\u0C0E-\u0C10\u0C12-\u0C28\u0C2A-\u0C33\u0C35-\u0C39\u0C3D-\u0C44\u0C46-\u0C48\u0C4A-\u0C4D\u0C55\u0C56\u0C58\u0C59\u0C60-\u0C63\u0C66-\u0C6F\u0C82\u0C83\u0C85-\u0C8C\u0C8E-\u0C90\u0C92-\u0CA8\u0CAA-\u0CB3\u0CB5-\u0CB9\u0CBC-\u0CC4\u0CC6-\u0CC8\u0CCA-\u0CCD\u0CD5\u0CD6\u0CDE\u0CE0-\u0CE3\u0CE6-\u0CEF\u0CF1\u0CF2\u0D02\u0D03\u0D05-\u0D0C\u0D0E-\u0D10\u0D12-\u0D3A\u0D3D-\u0D44\u0D46-\u0D48\u0D4A-\u0D4E\u0D57\u0D60-\u0D63\u0D66-\u0D6F\u0D7A-\u0D7F\u0D82\u0D83\u0D85-\u0D96\u0D9A-\u0DB1\u0DB3-\u0DBB\u0DBD\u0DC0-\u0DC6\u0DCA\u0DCF-\u0DD4\u0DD6\u0DD8-\u0DDF\u0DF2\u0DF3\u0E01-\u0E3A\u0E40-\u0E4E\u0E50-\u0E59\u0E81\u0E82\u0E84\u0E87\u0E88\u0E8A\u0E8D\u0E94-\u0E97\u0E99-\u0E9F\u0EA1-\u0EA3\u0EA5\u0EA7\u0EAA\u0EAB\u0EAD-\u0EB9\u0EBB-\u0EBD\u0EC0-\u0EC4\u0EC6\u0EC8-\u0ECD\u0ED0-\u0ED9\u0EDC-\u0EDF\u0F00\u0F18\u0F19\u0F20-\u0F29\u0F35\u0F37\u0F39\u0F3E-\u0F47\u0F49-\u0F6C\u0F71-\u0F84\u0F86-\u0F97\u0F99-\u0FBC\u0FC6\u1000-\u1049\u1050-\u109D\u10A0-\u10C5\u10C7\u10CD\u10D0-\u10FA\u10FC-\u1248\u124A-\u124D\u1250-\u1256\u1258\u125A-\u125D\u1260-\u1288\u128A-\u128D\u1290-\u12B0\u12B2-\u12B5\u12B8-\u12BE\u12C0\u12C2-\u12C5\u12C8-\u12D6\u12D8-\u1310\u1312-\u1315\u1318-\u135A\u135D-\u135F\u1380-\u138F\u13A0-\u13F4\u1401-\u166C\u166F-\u167F\u1681-\u169A\u16A0-\u16EA\u16EE-\u16F0\u1700-\u170C\u170E-\u1714\u1720-\u1734\u1740-\u1753\u1760-\u176C\u176E-\u1770\u1772\u1773\u1780-\u17D3\u17D7\u17DC\u17DD\u17E0-\u17E9\u180B-\u180D\u1810-\u1819\u1820-\u1877\u1880-\u18AA\u18B0-\u18F5\u1900-\u191C\u1920-\u192B\u1930-\u193B\u1946-\u196D\u1970-\u1974\u1980-\u19AB\u19B0-\u19C9\u19D0-\u19D9\u1A00-\u1A1B\u1A20-\u1A5E\u1A60-\u1A7C\u1A7F-\u1A89\u1A90-\u1A99\u1AA7\u1B00-\u1B4B\u1B50-\u1B59\u1B6B-\u1B73\u1B80-\u1BF3\u1C00-\u1C37\u1C40-\u1C49\u1C4D-\u1C7D\u1CD0-\u1CD2\u1CD4-\u1CF6\u1D00-\u1DE6\u1DFC-\u1F15\u1F18-\u1F1D\u1F20-\u1F45\u1F48-\u1F4D\u1F50-\u1F57\u1F59\u1F5B\u1F5D\u1F5F-\u1F7D\u1F80-\u1FB4\u1FB6-\u1FBC\u1FBE\u1FC2-\u1FC4\u1FC6-\u1FCC\u1FD0-\u1FD3\u1FD6-\u1FDB\u1FE0-\u1FEC\u1FF2-\u1FF4\u1FF6-\u1FFC\u200C\u200D\u203F\u2040\u2054\u2071\u207F\u2090-\u209C\u20D0-\u20DC\u20E1\u20E5-\u20F0\u2102\u2107\u210A-\u2113\u2115\u2119-\u211D\u2124\u2126\u2128\u212A-\u212D\u212F-\u2139\u213C-\u213F\u2145-\u2149\u214E\u2160-\u2188\u2C00-\u2C2E\u2C30-\u2C5E\u2C60-\u2CE4\u2CEB-\u2CF3\u2D00-\u2D25\u2D27\u2D2D\u2D30-\u2D67\u2D6F\u2D7F-\u2D96\u2DA0-\u2DA6\u2DA8-\u2DAE\u2DB0-\u2DB6\u2DB8-\u2DBE\u2DC0-\u2DC6\u2DC8-\u2DCE\u2DD0-\u2DD6\u2DD8-\u2DDE\u2DE0-\u2DFF\u2E2F\u3005-\u3007\u3021-\u302F\u3031-\u3035\u3038-\u303C\u3041-\u3096\u3099\u309A\u309D-\u309F\u30A1-\u30FA\u30FC-\u30FF\u3105-\u312D\u3131-\u318E\u31A0-\u31BA\u31F0-\u31FF\u3400-\u4DB5\u4E00-\u9FCC\uA000-\uA48C\uA4D0-\uA4FD\uA500-\uA60C\uA610-\uA62B\uA640-\uA66F\uA674-\uA67D\uA67F-\uA697\uA69F-\uA6F1\uA717-\uA71F\uA722-\uA788\uA78B-\uA78E\uA790-\uA793\uA7A0-\uA7AA\uA7F8-\uA827\uA840-\uA873\uA880-\uA8C4\uA8D0-\uA8D9\uA8E0-\uA8F7\uA8FB\uA900-\uA92D\uA930-\uA953\uA960-\uA97C\uA980-\uA9C0\uA9CF-\uA9D9\uAA00-\uAA36\uAA40-\uAA4D\uAA50-\uAA59\uAA60-\uAA76\uAA7A\uAA7B\uAA80-\uAAC2\uAADB-\uAADD\uAAE0-\uAAEF\uAAF2-\uAAF6\uAB01-\uAB06\uAB09-\uAB0E\uAB11-\uAB16\uAB20-\uAB26\uAB28-\uAB2E\uABC0-\uABEA\uABEC\uABED\uABF0-\uABF9\uAC00-\uD7A3\uD7B0-\uD7C6\uD7CB-\uD7FB\uF900-\uFA6D\uFA70-\uFAD9\uFB00-\uFB06\uFB13-\uFB17\uFB1D-\uFB28\uFB2A-\uFB36\uFB38-\uFB3C\uFB3E\uFB40\uFB41\uFB43\uFB44\uFB46-\uFBB1\uFBD3-\uFD3D\uFD50-\uFD8F\uFD92-\uFDC7\uFDF0-\uFDFB\uFE00-\uFE0F\uFE20-\uFE26\uFE33\uFE34\uFE4D-\uFE4F\uFE70-\uFE74\uFE76-\uFEFC\uFF10-\uFF19\uFF21-\uFF3A\uFF3F\uFF41-\uFF5A\uFF66-\uFFBE\uFFC2-\uFFC7\uFFCA-\uFFCF\uFFD2-\uFFD7\uFFDA-\uFFDC]/ diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/node_modules/jju/lib/utils.js b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/node_modules/jju/lib/utils.js new file mode 100644 index 0000000000..dd4752c73a --- /dev/null +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/node_modules/jju/lib/utils.js @@ -0,0 +1,45 @@ +var FS = require('fs') +var jju = require('../') + +// this function registers json5 extension, so you +// can do `require("./config.json5")` kind of thing +module.exports.register = function() { + var r = require, e = 'extensions' + r[e]['.json5'] = function(m, f) { + /*eslint no-sync:0*/ + m.exports = jju.parse(FS.readFileSync(f, 'utf8')) + } +} + +// this function monkey-patches JSON.parse, so it +// will return an exact position of error in case +// of parse failure +module.exports.patch_JSON_parse = function() { + var _parse = JSON.parse + JSON.parse = function(text, rev) { + try { + return _parse(text, rev) + } catch(err) { + // this call should always throw + require('jju').parse(text, { + mode: 'json', + legacy: true, + reviver: rev, + reserved_keys: 'replace', + null_prototype: false, + }) + + // if it didn't throw, but original parser did, + // this is an error in this library and should be reported + throw err + } + } +} + +// this function is an express/connect middleware +// that accepts uploads in application/json5 format +module.exports.middleware = function() { + return function(req, res, next) { + throw Error('this function is removed, use express-json5 instead') + } +} diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/node_modules/jju/package.json b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/node_modules/jju/package.json new file mode 100644 index 0000000000..8b01adc877 --- /dev/null +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/node_modules/jju/package.json @@ -0,0 +1,65 @@ +{ + "_from": "jju@^1.1.0", + "_id": "jju@1.3.0", + "_inBundle": false, + "_integrity": "sha1-2t2e8BkkvHKLA/L3l5vb1i96Kqo=", + "_location": "/pacote/make-fetch-happen/node-fetch-npm/json-parse-helpfulerror/jju", + "_phantomChildren": {}, + "_requested": { + "type": "range", + "registry": true, + "raw": "jju@^1.1.0", + "name": "jju", + "escapedName": "jju", + "rawSpec": "^1.1.0", + "saveSpec": null, + "fetchSpec": "^1.1.0" + }, + "_requiredBy": [ + "/pacote/make-fetch-happen/node-fetch-npm/json-parse-helpfulerror" + ], + "_resolved": "https://registry.npmjs.org/jju/-/jju-1.3.0.tgz", + "_shasum": "dadd9ef01924bc728b03f2f7979bdbd62f7a2aaa", + "_spec": "jju@^1.1.0", + "_where": "/Users/zkat/Documents/code/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror", + "author": { + "name": "Alex Kocharin", + "email": "alex@kocharin.ru" + }, + "bugs": { + "url": "https://github.com/rlidwka/jju/issues" + }, + "bundleDependencies": false, + "deprecated": false, + "description": "a set of utilities to work with JSON / JSON5 documents", + "devDependencies": { + "eslint": "~0.4.2", + "js-yaml": ">=3.1.0", + "mocha": ">=1.21.0" + }, + "homepage": "http://rlidwka.github.io/jju/", + "keywords": [ + "json", + "json5", + "parser", + "serializer", + "data" + ], + "license": { + "type": "WTFPL", + "url": "http://www.wtfpl.net/txt/copying/" + }, + "name": "jju", + "publishConfig": { + "registry": "https://registry.npmjs.org/" + }, + "repository": { + "type": "git", + "url": "git://github.com/rlidwka/jju.git" + }, + "scripts": { + "lint": "eslint -c ./.eslint.yaml ./lib", + "test": "mocha test/*.js" + }, + "version": "1.3.0" +} diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/node_modules/jju/package.yaml b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/node_modules/jju/package.yaml new file mode 100644 index 0000000000..828163ddc4 --- /dev/null +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/node_modules/jju/package.yaml @@ -0,0 +1,45 @@ +# use "yapm install ." if you're installing this from git repository + +# "jju" stands for "json/json5 utils" +name: jju + +version: 1.3.0 +description: a set of utilities to work with JSON / JSON5 documents + +author: + name: Alex Kocharin + email: alex@kocharin.ru + +repository: + type: git + url: git://github.com/rlidwka/jju + +bugs: + url: https://github.com/rlidwka/jju/issues + +homepage: http://rlidwka.github.io/jju/ + +devDependencies: + mocha: '>=1.21.0' + js-yaml: '>=3.1.0' + + # linting tools + eslint: '~0.4.2' + +scripts: + test: 'mocha test/*.js' + lint: 'eslint -c ./.eslint.yaml ./lib' + +keywords: + - json + - json5 + - parser + - serializer + - data + +publishConfig: + registry: https://registry.npmjs.org/ + +license: + type: WTFPL + url: http://www.wtfpl.net/txt/copying/ diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/package.json b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/package.json new file mode 100644 index 0000000000..6c723ae8ef --- /dev/null +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/package.json @@ -0,0 +1,63 @@ +{ + "_from": "json-parse-helpfulerror@^1.0.3", + "_id": "json-parse-helpfulerror@1.0.3", + "_inBundle": false, + "_integrity": "sha1-E/FM4C7tTpgSl7ZOueO5MuLdE9w=", + "_location": "/pacote/make-fetch-happen/node-fetch-npm/json-parse-helpfulerror", + "_phantomChildren": {}, + "_requested": { + "type": "range", + "registry": true, + "raw": "json-parse-helpfulerror@^1.0.3", + "name": "json-parse-helpfulerror", + "escapedName": "json-parse-helpfulerror", + "rawSpec": "^1.0.3", + "saveSpec": null, + "fetchSpec": "^1.0.3" + }, + "_requiredBy": [ + "/pacote/make-fetch-happen/node-fetch-npm" + ], + "_resolved": "https://registry.npmjs.org/json-parse-helpfulerror/-/json-parse-helpfulerror-1.0.3.tgz", + "_shasum": "13f14ce02eed4e981297b64eb9e3b932e2dd13dc", + "_spec": "json-parse-helpfulerror@^1.0.3", + "_where": "/Users/zkat/Documents/code/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm", + "author": { + "name": "Sam Mikes", + "email": "smikes@cubane.com" + }, + "bugs": { + "url": "https://github.com/smikes/json-parse-helpfulerror/issues" + }, + "bundleDependencies": false, + "dependencies": { + "jju": "^1.1.0" + }, + "deprecated": false, + "description": "A drop-in replacement for JSON.parse that uses `jju` to give helpful errors", + "devDependencies": { + "code": "^1.2.1", + "jslint": "^0.7.1", + "lab": "^5.1.1" + }, + "homepage": "https://github.com/smikes/json-parse-helpfulerror", + "keywords": [ + "json", + "parse", + "line", + "doublequote", + "error" + ], + "license": "MIT", + "main": "index.js", + "name": "json-parse-helpfulerror", + "repository": { + "type": "git", + "url": "git+https://github.com/smikes/json-parse-helpfulerror.git" + }, + "scripts": { + "lint": "jslint --edition=latest --terse *.js", + "test": "lab -c" + }, + "version": "1.0.3" +} diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/test/test.js b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/test/test.js new file mode 100644 index 0000000000..fca458ac08 --- /dev/null +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/node_modules/json-parse-helpfulerror/test/test.js @@ -0,0 +1,32 @@ +var Code = require('code'), + Lab = require('lab'), + lab = Lab.script(), + jph = require('..'); // 'json-parse-helpfulerror' + +exports.lab = lab; + +lab.test('can parse', function (done) { + var o = jph.parse('{"foo": "bar"}'); + + Code.expect(o.foo).to.equal('bar'); + done(); +}); + +lab.test('helpful error for bad JSON', function (done) { + + var bad = "{'foo': 'bar'}"; + + Code.expect(function () { JSON.parse(bad) }).to.throw(); + + Code.expect(function () { jph.parse(bad) }).to.throw(SyntaxError, "Unexpected token '\\'' at 1:2\n" + bad + '\n ^'); + + done(); +}); + +lab.test('fails if reviver throws', function (done) { + function badReviver() { throw new ReferenceError('silly'); } + + Code.expect(function () { jph.parse('3', badReviver) }).to.throw(ReferenceError, 'silly'); + + done(); +});
\ No newline at end of file diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/package.json b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/package.json index 09b56c7ea1..b98cbe1997 100644 --- a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/package.json +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/package.json @@ -1,7 +1,8 @@ { "_from": "node-fetch-npm@^2.0.0", - "_id": "node-fetch-npm@2.0.0", - "_integrity": "sha512-o8Vxcb16qHPAkqBTPIrxvGSY0dHrtwsk2opomChLWg/2MFJW/hqB3XDG78k0gyI0cmy95kSFjn4BLrMkbQFHAQ==", + "_id": "node-fetch-npm@2.0.1", + "_inBundle": false, + "_integrity": "sha512-W3onhopST5tqpX0/MGSL47pDQLLKobNR83AvkiOWQKaw54h+uYUfzeLAxCiyhWlUOiuI+GIb4O9ojLaAFlhCCA==", "_location": "/pacote/make-fetch-happen/node-fetch-npm", "_phantomChildren": {}, "_requested": { @@ -17,15 +18,13 @@ "_requiredBy": [ "/pacote/make-fetch-happen" ], - "_resolved": "https://registry.npmjs.org/node-fetch-npm/-/node-fetch-npm-2.0.0.tgz", - "_shasum": "baab3734bdc50c614af5252bd1ee37a3662bf1ad", - "_shrinkwrap": null, + "_resolved": "https://registry.npmjs.org/node-fetch-npm/-/node-fetch-npm-2.0.1.tgz", + "_shasum": "4dd3355ce526c01bc5ab29ccdf48352dc8a79465", "_spec": "node-fetch-npm@^2.0.0", "_where": "/Users/zkat/Documents/code/npm/node_modules/pacote/node_modules/make-fetch-happen", "author": { "name": "David Frank" }, - "bin": null, "bugs": { "url": "https://github.com/npm/node-fetch-npm/issues" }, @@ -42,6 +41,7 @@ ], "dependencies": { "encoding": "^0.1.11", + "json-parse-helpfulerror": "^1.0.3", "safe-buffer": "^5.0.1" }, "deprecated": false, @@ -81,8 +81,6 @@ "license": "MIT", "main": "src/index.js", "name": "node-fetch-npm", - "optionalDependencies": {}, - "peerDependencies": {}, "repository": { "type": "git", "url": "git+https://github.com/npm/node-fetch-npm.git" @@ -98,5 +96,5 @@ "update-coc": "weallbehave -o . && git add CODE_OF_CONDUCT.md && git commit -m 'docs(coc): updated CODE_OF_CONDUCT.md'", "update-contrib": "weallcontribute -o . && git add CONTRIBUTING.md && git commit -m 'docs(contributing): updated CONTRIBUTING.md'" }, - "version": "2.0.0" + "version": "2.0.1" } diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/src/body.js b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/src/body.js index 87093e79b4..2b009b7cfc 100644 --- a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/src/body.js +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/node-fetch-npm/src/body.js @@ -11,6 +11,7 @@ const Buffer = require('safe-buffer').Buffer const Blob = require('./blob.js') const BUFFER = Blob.BUFFER const convert = require('encoding').convert +const parseJson = require('json-parse-helpfulerror').parse const FetchError = require('./fetch-error.js') const Stream = require('stream') @@ -92,7 +93,7 @@ Body.prototype = { * @return Promise */ json () { - return consumeBody.call(this).then(buffer => JSON.parse(buffer.toString())) + return consumeBody.call(this).then(buffer => parseJson(buffer.toString())) }, /** diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/socks-proxy-agent/.travis.yml b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/socks-proxy-agent/.travis.yml index 85a50123c6..41840cb357 100644 --- a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/socks-proxy-agent/.travis.yml +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/socks-proxy-agent/.travis.yml @@ -1,8 +1,27 @@ +sudo: false + language: node_js + node_js: - "0.8" - "0.10" - "0.12" -before_install: - - '[ "${TRAVIS_NODE_VERSION}" != "0.8" ] || npm install -g npm@1.4.28' - - npm install -g npm@latest + - "1" + - "2" + - "3" + - "4" + - "5" + +install: + - PATH="`npm bin`:`npm bin -g`:$PATH" + # Node 0.8 comes with a too obsolete npm + - if [[ "`node --version`" =~ ^v0\.8\. ]]; then npm install -g npm@1.4.28 ; fi + # Install dependencies and build + - npm install + +script: + # Output useful info for debugging + - node --version + - npm --version + # Run tests + - npm test diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/socks-proxy-agent/History.md b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/socks-proxy-agent/History.md index 519a31b373..7c464a63d6 100644 --- a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/socks-proxy-agent/History.md +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/socks-proxy-agent/History.md @@ -1,4 +1,14 @@ +2.1.0 / 2017-05-24 +================== + + * DRY post-lookup logic + * Fix an error in readme (#13, @599316527) + * travis: test node v5 + * travis: test iojs v1, 2, 3 and node.js v4 + * test: use ssl-cert-snakeoil cert files + * Authentication support (#9, @baryshev) + 2.0.0 / 2015-07-10 ================== diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/socks-proxy-agent/README.md b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/socks-proxy-agent/README.md index f671685d39..30d33500af 100644 --- a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/socks-proxy-agent/README.md +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/socks-proxy-agent/README.md @@ -70,7 +70,7 @@ var opts = url.parse(endpoint); var agent = new SocksProxyAgent(proxy, true); opts.agent = agent; -http.get(opts, function (res) { +https.get(opts, function (res) { console.log('"response" event!', res.headers); res.pipe(process.stdout); }); diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/socks-proxy-agent/package.json b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/socks-proxy-agent/package.json index 39234938d2..ff492a2788 100644 --- a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/socks-proxy-agent/package.json +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/socks-proxy-agent/package.json @@ -1,7 +1,8 @@ { "_from": "socks-proxy-agent@^2.0.0", - "_id": "socks-proxy-agent@2.0.0", - "_integrity": "sha1-xnSELXBBD7KK4ekuYTWpJ4VLwnU=", + "_id": "socks-proxy-agent@2.1.0", + "_inBundle": false, + "_integrity": "sha1-3fsBtdvqX8h5SQyjiiX+h9PRWRI=", "_location": "/pacote/make-fetch-happen/socks-proxy-agent", "_phantomChildren": {}, "_requested": { @@ -17,9 +18,8 @@ "_requiredBy": [ "/pacote/make-fetch-happen" ], - "_resolved": "https://registry.npmjs.org/socks-proxy-agent/-/socks-proxy-agent-2.0.0.tgz", - "_shasum": "c674842d70410fb28ae1e92e6135a927854bc275", - "_shrinkwrap": null, + "_resolved": "https://registry.npmjs.org/socks-proxy-agent/-/socks-proxy-agent-2.1.0.tgz", + "_shasum": "ddfb01b5dbea5fc879490ca38a25fe87d3d15912", "_spec": "socks-proxy-agent@^2.0.0", "_where": "/Users/zkat/Documents/code/npm/node_modules/pacote/node_modules/make-fetch-happen", "author": { @@ -27,7 +27,6 @@ "email": "nathan@tootallnate.net", "url": "http://n8.io/" }, - "bin": null, "bugs": { "url": "https://github.com/TooTallNate/node-socks-proxy-agent/issues" }, @@ -56,8 +55,6 @@ "license": "MIT", "main": "socks-proxy-agent.js", "name": "socks-proxy-agent", - "optionalDependencies": {}, - "peerDependencies": {}, "repository": { "type": "git", "url": "git://github.com/TooTallNate/node-socks-proxy-agent.git" @@ -65,5 +62,5 @@ "scripts": { "test": "mocha --reporter spec" }, - "version": "2.0.0" + "version": "2.1.0" } diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/socks-proxy-agent/socks-proxy-agent.js b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/socks-proxy-agent/socks-proxy-agent.js index 46d30f7c68..c1f769e24e 100644 --- a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/socks-proxy-agent/socks-proxy-agent.js +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/socks-proxy-agent/socks-proxy-agent.js @@ -67,6 +67,11 @@ function SocksProxyAgent (opts) { throw new TypeError('A "socks" protocol must be specified! Got: ' + proxy.protocol); } + if (proxy.auth) { + var auth = proxy.auth.split(':'); + proxy.authentication = {username: auth[0], password: auth[1]}; + proxy.userid = auth[0]; + } this.proxy = proxy; } inherits(SocksProxyAgent, Agent); @@ -102,7 +107,7 @@ function connect (req, opts, fn) { } // called for the `dns.lookup()` callback - function onlookup (err, ip, type) { + function onlookup (err, ip) { if (err) return fn(err); options.target.host = ip; SocksClient.createConnection(options, onhostconnect); @@ -119,13 +124,16 @@ function connect (req, opts, fn) { }, command: 'connect' }; + if (proxy.authentication) { + options.proxy.authentication = proxy.authentication; + options.proxy.userid = proxy.userid; + } if (proxy.lookup) { // client-side DNS resolution for "4" and "5" socks proxy versions dns.lookup(opts.host, onlookup); } else { // proxy hostname DNS resolution for "4a" and "5h" socks proxy servers - options.target.host = opts.host; - SocksClient.createConnection(options, onhostconnect); + onlookup(null, opts.host) } } diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/socks-proxy-agent/test/server.crt b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/socks-proxy-agent/test/server.crt deleted file mode 100644 index 9580116cd7..0000000000 --- a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/socks-proxy-agent/test/server.crt +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICATCCAWoCCQCSMIVZI8DGgTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJB -VTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0 -cyBQdHkgTHRkMB4XDTEzMDkwOTIyNTI1MVoXDTE0MDkwOTIyNTI1MVowRTELMAkG -A1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0 -IFdpZGdpdHMgUHR5IEx0ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwQO2 -jlSxR12EvpF1hROxQAyQzDsxVv7AjDGhSVhizn7anxo5mCE9+5jHRJ6hgxF/3RJO -q157J49W7hlgiJfN3X4Q3WCqkTnfj1wFr8aSjWUl6TWeLMrhKZgzGCmZH0GV4Kpu -4jQ4lyjl/dIBw8HiJmKvaEagdUb5UJCKBDrDtvECAwEAATANBgkqhkiG9w0BAQUF -AAOBgQB33WAM5Yr2jkaeRog6rEglMC8i+Jab12amnFFJEMoWnH6csXVGSXxCtlX8 -FWnCoNb/D71dnEusS4JxbYluRg2Xrdfb/pmHje9pE2TTprZRBFAIoh4CmDh129Ka -HJwYPZi59XRnac8ghiF2l4d2yOQPznrJDekj6pfLVdIcVowSvg== ------END CERTIFICATE----- diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/socks-proxy-agent/test/server.key b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/socks-proxy-agent/test/server.key deleted file mode 100644 index 25ade3cd16..0000000000 --- a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/socks-proxy-agent/test/server.key +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXgIBAAKBgQDBA7aOVLFHXYS+kXWFE7FADJDMOzFW/sCMMaFJWGLOftqfGjmY -IT37mMdEnqGDEX/dEk6rXnsnj1buGWCIl83dfhDdYKqROd+PXAWvxpKNZSXpNZ4s -yuEpmDMYKZkfQZXgqm7iNDiXKOX90gHDweImYq9oRqB1RvlQkIoEOsO28QIDAQAB -AoGBAJGXlm34bp0Rat9A46/VMd/JWrPjdo1TrrRRf4LO3AE9aPWYl5cshA+zp6QY -MGaonZWJiLP1mdo2YnFJzSpbr9mzEBEIjCsKdzeKbmnaEpCZY5YUj/ypVWYVJqXx -jZ6/9VEIxCrB9WmXi9fs97IZtZJcHI4M+0FXakjF9AmxtVvRAkEA5MNakvgLPn5s -GH5yuu0P0vSQ6d7EEgcM/89pjEpfKCvsYBh92VvmKspjBV71OuQ3Eh7/0GB/5UGC -gaJwID7ibQJBANf+wBky99/+ffzwrUGavIbLO4NOwnbQsz7v49PwJHoGIhlfoLW7 -21JwDwWUteFyYOwzHxRdKedolT5Ul+PxNBUCQCXYU7Ggq2uJSqS6toxKD6Yco6St -H87Dr9jaHWICI7/nlFFJe/hrhaZqmPsYfIVjn+C1lCiK7l2k+swrbVVIUfkCQQCA -8MgWgvGsWw00+SxElK3kveAaI+M88JuAf85+z8XGvnCOuyKCOtHT5adiCoOFQTWQ -63erPW5tgWZOnktKPMx9AkEAru3G68AjJN6e14aHkK9KFD0DV1RjrIe7E5iQq5Tn -QXyiyiu624him6pov6UIGs5429z+gl3JjRM3A2rl//j//w== ------END RSA PRIVATE KEY----- diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/socks-proxy-agent/test/ssl-cert-snakeoil.key b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/socks-proxy-agent/test/ssl-cert-snakeoil.key new file mode 100644 index 0000000000..fd12501220 --- /dev/null +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/socks-proxy-agent/test/ssl-cert-snakeoil.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICWwIBAAKBgQCzURxIqzer0ACAbX/lHdsn4Gd9PLKrf7EeDYfIdV0HZKPD8WDr +bBx2/fBu0OW2sjnzv/SVZbJ0DAuPE/p0+eT0qb2qC10iz9iTD7ribd7gxhirVb8y +b3fBjXsxc8V8p4Ny1LcvNSqCjwUbJqdRogfoJeTiqPM58z5sNzuv5iq7iwIDAQAB +AoGAPMQy4olrP0UotlzlJ36bowLP70ffgHCwU+/f4NWs5fF78c3du0oSx1w820Dd +Z7E0JF8bgnlJJTxjumPZz0RUCugrEHBKJmzEz3cxF5E3+7NvteZcjKn9D67RrM5x +1/uSZ9cqKE9cYvY4fSuHx18diyZ4axR/wB1Pea2utjjDM+ECQQDb9ZbmmaWMiRpQ +5Up+loxP7BZNPsEVsm+DVJmEFbaFgGfncWBqSIqnPNjMwTwj0OigTwCAEGPkfRVW +T0pbYWCxAkEA0LK7SCTwzyDmhASUalk0x+3uCAA6ryFdwJf/wd8TRAvVOmkTEldX +uJ7ldLvfrONYO3v56uKTU/SoNdZYzKtO+wJAX2KM4ctXYy5BXztPpr2acz4qHa1N +Bh+vBAC34fOYhyQ76r3b1btHhWZ5jbFuZwm9F2erC94Ps5IaoqcX07DSwQJAPKGw +h2U0EPkd/3zVIZCJJQya+vgWFIs9EZcXVtvYXQyTBkVApTN66MhBIYjzkub5205J +bVQmOV37AKklY1DhwQJAA1wos0cYxro02edzatxd0DIR2r4qqOqLkw6BhYHhq6HJ +ZvIcQkHqdSXzdETFc01I1znDGGIrJHcnvKWgBPoEUg== +-----END RSA PRIVATE KEY----- diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/socks-proxy-agent/test/ssl-cert-snakeoil.pem b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/socks-proxy-agent/test/ssl-cert-snakeoil.pem new file mode 100644 index 0000000000..b115a5e914 --- /dev/null +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/socks-proxy-agent/test/ssl-cert-snakeoil.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB1TCCAT4CCQDV5mPlzm9+izANBgkqhkiG9w0BAQUFADAvMS0wKwYDVQQDEyQ3 +NTI3YmQ3Ny1hYjNlLTQ3NGItYWNlNy1lZWQ2MDUzOTMxZTcwHhcNMTUwNzA2MjI0 +NTA3WhcNMjUwNzAzMjI0NTA3WjAvMS0wKwYDVQQDEyQ3NTI3YmQ3Ny1hYjNlLTQ3 +NGItYWNlNy1lZWQ2MDUzOTMxZTcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB +ALNRHEirN6vQAIBtf+Ud2yfgZ308sqt/sR4Nh8h1XQdko8PxYOtsHHb98G7Q5bay +OfO/9JVlsnQMC48T+nT55PSpvaoLXSLP2JMPuuJt3uDGGKtVvzJvd8GNezFzxXyn +g3LUty81KoKPBRsmp1GiB+gl5OKo8znzPmw3O6/mKruLAgMBAAEwDQYJKoZIhvcN +AQEFBQADgYEACzoHUF8UV2Z6541Q2wKEA0UFUzmUjf/E1XwBO+1P15ZZ64uw34B4 +1RwMPtAo9RY/PmICTWtNxWGxkzwb2JtDWtnxVER/lF8k2XcXPE76fxTHJF/BKk9J +QU8OTD1dd9gHCBviQB9TqntRZ5X7axjtuWjb2umY+owBYzAHZkp1HKI= +-----END CERTIFICATE----- diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/socks-proxy-agent/test/test.js b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/socks-proxy-agent/test/test.js index 3ab7e55b22..cc3375334e 100644 --- a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/socks-proxy-agent/test/test.js +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/node_modules/socks-proxy-agent/test/test.js @@ -44,8 +44,8 @@ describe('SocksProxyAgent', function () { before(function (done) { // setup target SSL HTTPS server var options = { - key: fs.readFileSync(__dirname + '/server.key'), - cert: fs.readFileSync(__dirname + '/server.crt') + key: fs.readFileSync(__dirname + '/ssl-cert-snakeoil.key'), + cert: fs.readFileSync(__dirname + '/ssl-cert-snakeoil.pem') }; httpsServer = https.createServer(options); httpsServer.listen(function () { diff --git a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/package.json b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/package.json index e74dc5d95e..8b8e2cd878 100644 --- a/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/package.json +++ b/deps/npm/node_modules/pacote/node_modules/make-fetch-happen/package.json @@ -1,7 +1,8 @@ { - "_from": "make-fetch-happen@^2.4.3", - "_id": "make-fetch-happen@2.4.3", - "_integrity": "sha512-Vi+Y+uUnWki65KG6RjjW6J4o10XJivCyhvSh4TB/XC5gNtD9MbxlyOVkAFKTNCj1w1wcDw7HWaVPGj0CPfAyhw==", + "_from": "make-fetch-happen@^2.4.9", + "_id": "make-fetch-happen@2.4.9", + "_inBundle": false, + "_integrity": "sha512-/qh6T1E2gBD31bhutxeFehcHDwbBJJ7F+7w8bNAzPbacqfTwEpeo7W5SVQqciCSfNex51SjnEyw1XuK4zDn+Fw==", "_location": "/pacote/make-fetch-happen", "_phantomChildren": { "safe-buffer": "5.0.1" @@ -9,42 +10,40 @@ "_requested": { "type": "range", "registry": true, - "raw": "make-fetch-happen@^2.4.3", + "raw": "make-fetch-happen@^2.4.9", "name": "make-fetch-happen", "escapedName": "make-fetch-happen", - "rawSpec": "^2.4.3", + "rawSpec": "^2.4.9", "saveSpec": null, - "fetchSpec": "^2.4.3" + "fetchSpec": "^2.4.9" }, "_requiredBy": [ "/pacote" ], - "_resolved": "https://registry.npmjs.org/make-fetch-happen/-/make-fetch-happen-2.4.3.tgz", - "_shasum": "a9e894f213cc4628fde0859a589a90da96f4e4d8", - "_shrinkwrap": null, - "_spec": "make-fetch-happen@^2.4.3", + "_resolved": "https://registry.npmjs.org/make-fetch-happen/-/make-fetch-happen-2.4.9.tgz", + "_shasum": "245b799e35da3ec05a45e6ef31f9c34df7d1e0c1", + "_spec": "make-fetch-happen@^2.4.9", "_where": "/Users/zkat/Documents/code/npm/node_modules/pacote", "author": { "name": "Kat Marchán", "email": "kzm@sykosomatic.org" }, - "bin": null, "bugs": { "url": "https://github.com/zkat/make-fetch-happen/issues" }, "bundleDependencies": false, "dependencies": { "agentkeepalive": "^3.1.0", - "cacache": "^9.0.0", + "cacache": "^9.2.4", "http-cache-semantics": "^3.7.3", "http-proxy-agent": "^1.0.0", "https-proxy-agent": "^1.0.0", "lru-cache": "^4.0.2", "mississippi": "^1.2.0", - "node-fetch-npm": "^2.0.0", + "node-fetch-npm": "^2.0.1", "promise-retry": "^1.1.1", "socks-proxy-agent": "^2.0.0", - "ssri": "^4.1.2" + "ssri": "^4.1.3" }, "deprecated": false, "description": "Opinionated, caching, retrying fetch client", @@ -80,8 +79,6 @@ "license": "CC0-1.0", "main": "index.js", "name": "make-fetch-happen", - "optionalDependencies": {}, - "peerDependencies": {}, "repository": { "type": "git", "url": "git+https://github.com/zkat/make-fetch-happen.git" @@ -95,5 +92,5 @@ "update-coc": "weallbehave -o . && git add CODE_OF_CONDUCT.md && git commit -m 'docs(coc): updated CODE_OF_CONDUCT.md'", "update-contrib": "weallcontribute -o . && git add CONTRIBUTING.md && git commit -m 'docs(contributing): updated CONTRIBUTING.md'" }, - "version": "2.4.3" + "version": "2.4.9" } diff --git a/deps/npm/node_modules/pacote/package.json b/deps/npm/node_modules/pacote/package.json index 578b7c8687..c27683d0d2 100644 --- a/deps/npm/node_modules/pacote/package.json +++ b/deps/npm/node_modules/pacote/package.json @@ -1,11 +1,11 @@ { - "_from": "pacote@latest", - "_id": "pacote@2.7.12", + "_from": "pacote@2.7.21", + "_id": "pacote@2.7.21", "_inBundle": false, - "_integrity": "sha512-HkAuFF2tUtXFqgmweU5eVNia1cUl4/1gYYmm1+eLOIuGPUlCLqvO0wtsKgUgoHbStFToTNh13JgDSgOaMz7REg==", + "_integrity": "sha512-ksTHJiAkJxLmcOGxO6iGMk1cVMTTtIC051ZUqvWbckICIhzScOSBgGRBc4CHRhd62NuqAL082RuOOmb1Mi6o6Q==", "_location": "/pacote", "_phantomChildren": { - "cacache": "9.0.0", + "cacache": "9.2.5", "chownr": "1.0.1", "lru-cache": "4.0.2", "mississippi": "1.3.0", @@ -14,26 +14,27 @@ "once": "1.4.0", "readable-stream": "2.2.9", "retry": "0.10.1", + "safe-buffer": "5.0.1", "semver": "5.3.0", - "ssri": "4.1.2" + "ssri": "4.1.3" }, "_requested": { - "type": "tag", + "type": "version", "registry": true, - "raw": "pacote@latest", + "raw": "pacote@2.7.21", "name": "pacote", "escapedName": "pacote", - "rawSpec": "latest", + "rawSpec": "2.7.21", "saveSpec": null, - "fetchSpec": "latest" + "fetchSpec": "2.7.21" }, "_requiredBy": [ "#USER", "/" ], - "_resolved": "https://registry.npmjs.org/pacote/-/pacote-2.7.12.tgz", - "_shasum": "36bced5b5fe29defff827b8da893245d9fb0789f", - "_spec": "pacote@latest", + "_resolved": "https://registry.npmjs.org/pacote/-/pacote-2.7.21.tgz", + "_shasum": "e909e8a0559940053300e1127297e92a1302d244", + "_spec": "pacote@2.7.21", "_where": "/Users/zkat/Documents/code/npm", "author": { "name": "Kat Marchán", @@ -55,11 +56,11 @@ ], "dependencies": { "bluebird": "^3.5.0", - "cacache": "^9.0.0", - "glob": "^7.1.1", + "cacache": "^9.2.5", + "glob": "^7.1.2", "lru-cache": "^4.0.2", - "make-fetch-happen": "^2.4.3", - "minimatch": "^3.0.3", + "make-fetch-happen": "^2.4.9", + "minimatch": "^3.0.4", "mississippi": "^1.2.0", "normalize-package-data": "^2.3.6", "npm-package-arg": "^5.0.0", @@ -70,9 +71,9 @@ "protoduck": "^4.0.0", "safe-buffer": "^5.0.1", "semver": "^5.3.0", - "ssri": "^4.1.2", + "ssri": "^4.1.3", "tar-fs": "^1.15.1", - "tar-stream": "^1.5.2", + "tar-stream": "^1.5.4", "unique-filename": "^1.1.0", "which": "^1.2.12" }, @@ -81,15 +82,15 @@ "devDependencies": { "mkdirp": "^0.5.1", "nock": "^9.0.13", - "npmlog": "^4.0.1", - "nyc": "^10.0.0", + "npmlog": "^4.1.0", + "nyc": "^10.3.2", "require-inject": "^1.4.0", "rimraf": "^2.5.4", "standard": "^10.0.1", "standard-version": "^4.0.0", "tacks": "^1.2.6", "tap": "^10.2.0", - "weallbehave": "^1.0.0", + "weallbehave": "^1.2.0", "weallcontribute": "^1.0.7" }, "files": [ @@ -119,5 +120,5 @@ "update-coc": "weallbehave -o . && git add CODE_OF_CONDUCT.md && git commit -m 'docs(coc): updated CODE_OF_CONDUCT.md'", "update-contrib": "weallcontribute -o . && git add CONTRIBUTING.md && git commit -m 'docs(contributing): updated CONTRIBUTING.md'" }, - "version": "2.7.12" + "version": "2.7.21" } diff --git a/deps/npm/node_modules/pacote/node_modules/safe-buffer/.travis.yml b/deps/npm/node_modules/safe-buffer/.travis.yml index 7b20f28cb0..7b20f28cb0 100644 --- a/deps/npm/node_modules/pacote/node_modules/safe-buffer/.travis.yml +++ b/deps/npm/node_modules/safe-buffer/.travis.yml diff --git a/deps/npm/node_modules/pacote/node_modules/safe-buffer/LICENSE b/deps/npm/node_modules/safe-buffer/LICENSE index 0c068ceecb..0c068ceecb 100644 --- a/deps/npm/node_modules/pacote/node_modules/safe-buffer/LICENSE +++ b/deps/npm/node_modules/safe-buffer/LICENSE diff --git a/deps/npm/node_modules/pacote/node_modules/safe-buffer/README.md b/deps/npm/node_modules/safe-buffer/README.md index 96eb387aa0..96eb387aa0 100644 --- a/deps/npm/node_modules/pacote/node_modules/safe-buffer/README.md +++ b/deps/npm/node_modules/safe-buffer/README.md diff --git a/deps/npm/node_modules/pacote/node_modules/safe-buffer/browser.js b/deps/npm/node_modules/safe-buffer/browser.js index 0bd12027d3..0bd12027d3 100644 --- a/deps/npm/node_modules/pacote/node_modules/safe-buffer/browser.js +++ b/deps/npm/node_modules/safe-buffer/browser.js diff --git a/deps/npm/node_modules/pacote/node_modules/safe-buffer/index.js b/deps/npm/node_modules/safe-buffer/index.js index 74a7358ee8..74a7358ee8 100644 --- a/deps/npm/node_modules/pacote/node_modules/safe-buffer/index.js +++ b/deps/npm/node_modules/safe-buffer/index.js diff --git a/deps/npm/node_modules/pacote/node_modules/safe-buffer/package.json b/deps/npm/node_modules/safe-buffer/package.json index 267f02494e..d866dd9580 100644 --- a/deps/npm/node_modules/pacote/node_modules/safe-buffer/package.json +++ b/deps/npm/node_modules/safe-buffer/package.json @@ -1,40 +1,38 @@ { - "_from": "safe-buffer@^5.0.1", + "_from": "safe-buffer@~5.0.1", "_id": "safe-buffer@5.0.1", + "_inBundle": false, "_integrity": "sha1-0mPKVGls2KMGtcplUekt5XkY++c=", - "_location": "/pacote/safe-buffer", + "_location": "/safe-buffer", "_phantomChildren": {}, "_requested": { "type": "range", "registry": true, - "raw": "safe-buffer@^5.0.1", + "raw": "safe-buffer@~5.0.1", "name": "safe-buffer", "escapedName": "safe-buffer", - "rawSpec": "^5.0.1", + "rawSpec": "~5.0.1", "saveSpec": null, - "fetchSpec": "^5.0.1" + "fetchSpec": "~5.0.1" }, "_requiredBy": [ - "/pacote", - "/pacote/make-fetch-happen/node-fetch-npm" + "#USER", + "/" ], "_resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.0.1.tgz", "_shasum": "d263ca54696cd8a306b5ca6551e92de57918fbe7", - "_shrinkwrap": null, - "_spec": "safe-buffer@^5.0.1", - "_where": "/Users/zkat/Documents/code/npm/node_modules/pacote", + "_spec": "safe-buffer@~5.0.1", + "_where": "/Users/zkat/Documents/code/npm", "author": { "name": "Feross Aboukhadijeh", "email": "feross@feross.org", "url": "http://feross.org" }, - "bin": null, "browser": "./browser.js", "bugs": { "url": "https://github.com/feross/safe-buffer/issues" }, "bundleDependencies": false, - "dependencies": {}, "deprecated": false, "description": "Safer Node.js Buffer API", "devDependencies": { @@ -55,8 +53,6 @@ "license": "MIT", "main": "index.js", "name": "safe-buffer", - "optionalDependencies": {}, - "peerDependencies": {}, "repository": { "type": "git", "url": "git://github.com/feross/safe-buffer.git" diff --git a/deps/npm/node_modules/pacote/node_modules/safe-buffer/test.js b/deps/npm/node_modules/safe-buffer/test.js index 7da8ad761e..7da8ad761e 100644 --- a/deps/npm/node_modules/pacote/node_modules/safe-buffer/test.js +++ b/deps/npm/node_modules/safe-buffer/test.js diff --git a/deps/npm/node_modules/ssri/CHANGELOG.md b/deps/npm/node_modules/ssri/CHANGELOG.md index 838a6fe691..46a0093e00 100644 --- a/deps/npm/node_modules/ssri/CHANGELOG.md +++ b/deps/npm/node_modules/ssri/CHANGELOG.md @@ -2,6 +2,16 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +<a name="4.1.3"></a> +## [4.1.3](https://github.com/zkat/ssri/compare/v4.1.2...v4.1.3) (2017-05-24) + + +### Bug Fixes + +* **check:** handle various bad hash corner cases better ([c2c262b](https://github.com/zkat/ssri/commit/c2c262b)) + + + <a name="4.1.2"></a> ## [4.1.2](https://github.com/zkat/ssri/compare/v4.1.1...v4.1.2) (2017-04-18) diff --git a/deps/npm/node_modules/ssri/index.js b/deps/npm/node_modules/ssri/index.js index 9c84dbc217..f01986fa51 100644 --- a/deps/npm/node_modules/ssri/index.js +++ b/deps/npm/node_modules/ssri/index.js @@ -95,7 +95,9 @@ class Integrity { const pickAlgorithm = (opts && opts.pickAlgorithm) || getPrioritizedHash const keys = Object.keys(this) if (!keys.length) { - throw new Error(`No algorithms available for ${this}`) + throw new Error(`No algorithms available for ${ + JSON.stringify(this.toString()) + }`) } return keys.reduce((acc, algo) => { return pickAlgorithm(acc, algo) || acc @@ -199,8 +201,9 @@ module.exports.checkData = checkData function checkData (data, sri, opts) { opts = opts || {} sri = parse(sri, opts) + if (!Object.keys(sri).length) { return false } const algorithm = sri.pickAlgorithm(opts) - const digests = sri[algorithm] + const digests = sri[algorithm] || [] const digest = crypto.createHash(algorithm).update(data).digest('base64') return digests.find(hash => hash.digest === digest) || false } @@ -231,8 +234,9 @@ function integrityStream (opts) { opts = opts || {} // For verification const sri = opts.integrity && parse(opts.integrity, opts) - const algorithm = sri && sri.pickAlgorithm(opts) - const digests = sri && sri[algorithm] + const goodSri = sri && Object.keys(sri).length + const algorithm = goodSri && sri.pickAlgorithm(opts) + const digests = goodSri && sri[algorithm] // Calculating stream const algorithms = opts.algorithms || [algorithm || 'sha512'] const hashes = algorithms.map(crypto.createHash) @@ -253,6 +257,7 @@ function integrityStream (opts) { const match = ( // Integrity verification mode opts.integrity && + digests && digests.find(hash => { return newSri[algorithm].find(newhash => { return hash.digest === newhash.digest diff --git a/deps/npm/node_modules/ssri/package.json b/deps/npm/node_modules/ssri/package.json index b828c974c9..fae62d7c52 100644 --- a/deps/npm/node_modules/ssri/package.json +++ b/deps/npm/node_modules/ssri/package.json @@ -1,36 +1,36 @@ { - "_from": "ssri@~4.1.2", - "_id": "ssri@4.1.2", - "_integrity": "sha1-PTxptJDQsQd3Kpv4GIHziuBx8ks=", + "_from": "ssri@4.1.3", + "_id": "ssri@4.1.3", + "_inBundle": false, + "_integrity": "sha512-vDXK4C5lxEMlMXyUvsaNAqyYkoMaScW8r6jUTg3uwUOMnvbMmNRSw3Cal0iiWHtMsQxga7NG4GShS0CKt3Pt1w==", "_location": "/ssri", "_phantomChildren": {}, "_requested": { - "type": "range", + "type": "version", "registry": true, - "raw": "ssri@~4.1.2", + "raw": "ssri@4.1.3", "name": "ssri", "escapedName": "ssri", - "rawSpec": "~4.1.2", + "rawSpec": "4.1.3", "saveSpec": null, - "fetchSpec": "~4.1.2" + "fetchSpec": "4.1.3" }, "_requiredBy": [ + "#USER", "/", "/cacache", "/npm-registry-client", "/pacote", "/pacote/make-fetch-happen" ], - "_resolved": "https://registry.npmjs.org/ssri/-/ssri-4.1.2.tgz", - "_shasum": "3d3c69b490d0b107772a9bf81881f38ae071f24b", - "_shrinkwrap": null, - "_spec": "ssri@~4.1.2", + "_resolved": "https://registry.npmjs.org/ssri/-/ssri-4.1.3.tgz", + "_shasum": "ec8b5585cbfc726a5f9aad829efce238de831935", + "_spec": "ssri@4.1.3", "_where": "/Users/zkat/Documents/code/npm", "author": { "name": "Kat Marchán", "email": "kzm@sykosomatic.org" }, - "bin": null, "bugs": { "url": "https://github.com/zkat/ssri/issues" }, @@ -47,11 +47,11 @@ "deprecated": false, "description": "Standard Subresource Integrity library -- parses, serializes, generates, and verifies integrity metadata according to the SRI spec.", "devDependencies": { - "nyc": "^10.2.0", + "nyc": "^10.3.2", "standard": "^9.0.2", "standard-version": "^4.0.0", "tap": "^10.3.2", - "weallbehave": "^1.0.0", + "weallbehave": "^1.2.0", "weallcontribute": "^1.0.8" }, "files": [ @@ -75,8 +75,6 @@ "license": "CC0-1.0", "main": "index.js", "name": "ssri", - "optionalDependencies": {}, - "peerDependencies": {}, "repository": { "type": "git", "url": "git+https://github.com/zkat/ssri.git" @@ -90,5 +88,5 @@ "update-coc": "weallbehave -o . && git add CODE_OF_CONDUCT.md && git commit -m 'docs(coc): updated CODE_OF_CONDUCT.md'", "update-contrib": "weallcontribute -o . && git add CONTRIBUTING.md && git commit -m 'docs(contributing): updated CONTRIBUTING.md'" }, - "version": "4.1.2" + "version": "4.1.3" } diff --git a/deps/npm/package.json b/deps/npm/package.json index 724e29292d..3bb9001de0 100644 --- a/deps/npm/package.json +++ b/deps/npm/package.json @@ -1,5 +1,5 @@ { - "version": "5.0.0-beta.56", + "version": "5.0.0", "name": "npm", "description": "a package manager for JavaScript", "keywords": [ @@ -38,7 +38,7 @@ "aproba": "~1.1.1", "archy": "~1.0.0", "bluebird": "~3.5.0", - "cacache": "~9.0.0", + "cacache": "~9.2.5", "call-limit": "~1.1.0", "chownr": "~1.0.1", "cmd-shim": "~2.0.2", @@ -51,7 +51,7 @@ "fs-write-stream-atomic": "~1.0.10", "fstream": "~1.0.11", "fstream-npm": "~1.2.1", - "glob": "~7.1.1", + "glob": "~7.1.2", "graceful-fs": "~4.1.11", "has-unicode": "~2.0.1", "hosted-git-info": "~2.4.2", @@ -83,7 +83,7 @@ "once": "~1.4.0", "opener": "~1.4.3", "osenv": "~0.1.4", - "pacote": "~2.7.12", + "pacote": "~2.7.21", "path-is-inside": "~1.0.2", "promise-inflight": "~1.0.1", "read": "~1.0.7", @@ -95,12 +95,13 @@ "request": "~2.81.0", "retry": "~0.10.1", "rimraf": "~2.6.1", + "safe-buffer": "~5.0.1", "semver": "~5.3.0", "sha": "~2.0.1", "slide": "~1.1.6", "sorted-object": "~2.0.1", "sorted-union-stream": "~2.1.3", - "ssri": "~4.1.2", + "ssri": "~4.1.3", "strip-ansi": "~3.0.1", "tar": "~2.2.1", "text-table": "~0.2.0", @@ -209,7 +210,8 @@ "validate-npm-package-name", "which", "wrappy", - "write-file-atomic" + "write-file-atomic", + "safe-buffer" ], "devDependencies": { "deep-equal": "~1.0.1", diff --git a/deps/npm/test/tap/bearer-token-check.js b/deps/npm/test/tap/bearer-token-check.js index 42c8f313e2..23870d2f21 100644 --- a/deps/npm/test/tap/bearer-token-check.js +++ b/deps/npm/test/tap/bearer-token-check.js @@ -89,7 +89,10 @@ var contents = '@scoped:registry=' + common.registry + '\n' + var json = { name: 'test-package-install', - version: '1.0.0' + version: '1.0.0', + dependencies: { + '@scoped/underscore': '1.3.1' + } } var shrinkwrap = { diff --git a/deps/npm/test/tap/config-meta.js b/deps/npm/test/tap/config-meta.js index d7897a16ce..f667077a1a 100644 --- a/deps/npm/test/tap/config-meta.js +++ b/deps/npm/test/tap/config-meta.js @@ -19,6 +19,7 @@ var exceptions = [ path.resolve(lib, 'adduser.js'), path.resolve(lib, 'config.js'), path.resolve(lib, 'config', 'pacote.js'), + path.resolve(lib, 'pack.js'), path.resolve(lib, 'publish.js'), path.resolve(lib, 'install', 'inflate-shrinkwrap.js'), path.resolve(lib, 'utils', 'lifecycle.js'), diff --git a/deps/npm/test/tap/gently-rm-linked-module.js b/deps/npm/test/tap/gently-rm-linked-module.js index aeae71eee0..a9804cd792 100644 --- a/deps/npm/test/tap/gently-rm-linked-module.js +++ b/deps/npm/test/tap/gently-rm-linked-module.js @@ -46,7 +46,8 @@ var env = extend({}, process.env) env.npm_config_prefix = linkedGlobal var EXEC_OPTS = { cwd: workingDir, - env: env + env: env, + stdio: [0, 'pipe', 2] } test('setup', function (t) { @@ -57,49 +58,32 @@ test('setup', function (t) { }) test('install and link', function (t) { + var globalBin = resolve(linkedGlobal, isWindows ? '.' : 'bin', 'linked') + var globalModule = resolve(linkedGlobal, isWindows ? '.' : 'lib', 'node_modules', '@test', 'linked') // link our test module into the global folder - common.npm( - [ - '--loglevel', 'error', - 'link', - toInstall - ], - EXEC_OPTS, - function (er, code) { - if (er) throw er - t.is(code, 0, 'link succeeded') - var globalBin = resolve(linkedGlobal, isWindows ? '.' : 'bin', 'linked') - var globalModule = resolve(linkedGlobal, isWindows ? '.' : 'lib', 'node_modules', '@test', 'linked') - var localBin = resolve(workingDir, 'node_modules', '.bin', 'linked') - var localModule = resolve(workingDir, 'node_modules', '@test', 'linked') - try { - t.ok(fs.statSync(globalBin), 'global bin exists') - t.is(fs.lstatSync(globalModule).isSymbolicLink(), true, 'global module is link') - t.ok(fs.statSync(localBin), 'local bin exists') - t.is(fs.lstatSync(localModule).isSymbolicLink(), true, 'local module is link') - } catch (ex) { - t.ifError(ex, 'linking happened') - } - if (code !== 0) return t.end() - - // and try removing it and make sure that succeeds - common.npm( - [ - '--global', - '--loglevel', 'error', - 'rm', '@test/linked' - ], - EXEC_OPTS, - function (er, code) { - if (er) throw er - t.is(code, 0, 'rm succeeded') - t.throws(function () { fs.statSync(globalBin) }, 'global bin removed') - t.throws(function () { fs.statSync(globalModule) }, 'global module removed') - t.end() - } - ) + return common.npm(['--loglevel', 'error', 'link', toInstall], EXEC_OPTS).spread((code, out) => { + t.comment(out) + t.is(code, 0, 'link succeeded') + var localBin = resolve(workingDir, 'node_modules', '.bin', 'linked') + var localModule = resolve(workingDir, 'node_modules', '@test', 'linked') + try { + t.ok(fs.statSync(globalBin), 'global bin exists') + t.is(fs.lstatSync(globalModule).isSymbolicLink(), true, 'global module is link') + t.ok(fs.statSync(localBin), 'local bin exists') + t.is(fs.lstatSync(localModule).isSymbolicLink(), true, 'local module is link') + } catch (ex) { + t.ifError(ex, 'linking happened') } - ) + if (code !== 0) throw new Error('aborting') + + // and try removing it and make sure that succeeds + return common.npm(['--global', '--loglevel', 'error', 'rm', '@test/linked'], EXEC_OPTS) + }).spread((code, out) => { + t.comment(out) + t.is(code, 0, 'rm succeeded') + t.throws(function () { fs.statSync(globalBin) }, 'global bin removed') + t.throws(function () { fs.statSync(globalModule) }, 'global module removed') + }) }) test('cleanup', function (t) { diff --git a/deps/npm/test/tap/no-scan-full-global-dir.js b/deps/npm/test/tap/no-scan-full-global-dir.js index ca051fc628..6a9349d54d 100644 --- a/deps/npm/test/tap/no-scan-full-global-dir.js +++ b/deps/npm/test/tap/no-scan-full-global-dir.js @@ -4,7 +4,6 @@ var path = require('path') var test = require('tap').test var requireInject = require('require-inject') var osenv = require('osenv') -var inherits = require('inherits') var npm = require('../../lib/npm.js') var packages = { @@ -47,26 +46,26 @@ test('setup', function (t) { }) }) -function loadArgMetadata (cb) { - this.args = this.args.map(function (arg) { return {name: arg} }) - cb() -} - test('installer', function (t) { t.plan(1) var installer = requireInject('../../lib/install.js', { 'fs': mockFs, 'readdir-scoped-modules': mockReaddir, - 'read-package-json': mockReadPackageJson + 'read-package-json': mockReadPackageJson, + 'mkdirp': function (path, cb) { cb() } }) var Installer = installer.Installer - var TestInstaller = function () { - Installer.apply(this, arguments) - this.global = true + class TestInstaller extends Installer { + constructor (where, dryrun, args) { + super(where, dryrun, args) + this.global = true + } + loadArgMetadata (cb) { + this.args = this.args.map(function (arg) { return {name: arg} }) + cb() + } } - inherits(TestInstaller, Installer) - TestInstaller.prototype.loadArgMetadata = loadArgMetadata var inst = new TestInstaller(__dirname, false, ['def', 'abc']) inst.loadCurrentTree(function () { @@ -81,15 +80,17 @@ test('uninstaller', function (t) { var uninstaller = requireInject('../../lib/uninstall.js', { 'fs': mockFs, 'readdir-scoped-modules': mockReaddir, - 'read-package-json': mockReadPackageJson + 'read-package-json': mockReadPackageJson, + 'mkdirp': function (path, cb) { cb() } }) var Uninstaller = uninstaller.Uninstaller - var TestUninstaller = function () { - Uninstaller.apply(this, arguments) - this.global = true + class TestUninstaller extends Uninstaller { + constructor (where, dryrun, args) { + super(where, dryrun, args) + this.global = true + } } - inherits(TestUninstaller, Uninstaller) var uninst = new TestUninstaller(__dirname, false, ['ghi', 'jkl']) uninst.loadCurrentTree(function () { diff --git a/deps/npm/test/tap/noargs-install-config-save.js b/deps/npm/test/tap/noargs-install-config-save.js index 074d5e848d..12ccf86804 100644 --- a/deps/npm/test/tap/noargs-install-config-save.js +++ b/deps/npm/test/tap/noargs-install-config-save.js @@ -62,7 +62,7 @@ test('updates the package.json (adds dependencies) with an argument', function ( t.plan(2) mr({ port: common.port }, function (er, s) { - common.npm(['install', 'underscore'], OPTS, function (er, code, stdout, stderr) { + common.npm(['install', 'underscore', '-P'], OPTS, function (er, code, stdout, stderr) { if (er) throw er t.is(code, 0) s.close() diff --git a/deps/npm/test/tap/shrinkwrap-extra-metadata.js b/deps/npm/test/tap/shrinkwrap-extra-metadata.js index c5f60e4c22..dd7f85ee82 100644 --- a/deps/npm/test/tap/shrinkwrap-extra-metadata.js +++ b/deps/npm/test/tap/shrinkwrap-extra-metadata.js @@ -7,15 +7,11 @@ const mr = require('npm-registry-mock') const npm = require('../../lib/npm.js') const osenv = require('osenv') const path = require('path') -const pkgSri = require('../../lib/utils/package-integrity.js') const rimraf = require('rimraf') const test = require('tap').test const pkg = path.join(__dirname, path.basename(__filename, '.js')) -const EXEC_OPTS = { - cwd: pkg } - const json = { author: 'Rockbert', name: 'shrinkwrap-extra-metadata', @@ -54,7 +50,6 @@ test('adds additional metadata fields from the pkglock spec', function (t) { 'name': 'shrinkwrap-extra-metadata', 'version': '0.0.0', 'lockfileVersion': npm.lockfileVersion, - 'packageIntegrity': pkgSri.hash(json), 'preserveSymlinks': 'foo' }, JSON.parse(desired), diff --git a/deps/npm/test/tap/shrinkwrap-package-integrity.js b/deps/npm/test/tap/shrinkwrap-package-integrity.js deleted file mode 100644 index 6333757d7f..0000000000 --- a/deps/npm/test/tap/shrinkwrap-package-integrity.js +++ /dev/null @@ -1,50 +0,0 @@ -'use strict' - -const pkgsri = require('../../lib/utils/package-integrity.js') -const ssri = require('ssri') -const test = require('tap').test - -test('generates integrity according to spec', (t) => { - const pkgJson = { - 'name': 'foo', - 'version': '1.0.0', - 'dependencies': { - 'x': '1.0.0' - }, - 'devDependencies': { - 'y': '1.0.0' - }, - 'optionalDependencies': { - 'z': '1.0.0' - } - } - const integrity = pkgsri.hash(pkgJson) - t.ok(integrity && integrity.toString(), 'hash returned') - t.equal( - ssri.parse(integrity).toString(), - integrity, - 'hash is a valid ssri string' - ) - t.ok(pkgsri.check(pkgJson, integrity), 'same-data integrity check succeeds') - t.done() -}) - -test('updates if anything changes in package.json', (t) => { - const pkgJson = { - 'name': 'foo', - 'version': '1.0.0', - 'dependencies': { - 'x': '1.0.0' - }, - 'devDependencies': { - 'y': '1.0.0' - }, - 'optionalDependencies': { - 'z': '1.0.0' - } - } - const sri = pkgsri.hash(pkgJson) - pkgJson.version = '1.2.3' - t.equal(pkgsri.check(pkgJson, sri), false, 'no match after pkgJson change') - t.done() -}) diff --git a/deps/npm/test/tap/shrinkwrap-scoped-auth.js b/deps/npm/test/tap/shrinkwrap-scoped-auth.js index 6d5130137e..bd884c00b7 100644 --- a/deps/npm/test/tap/shrinkwrap-scoped-auth.js +++ b/deps/npm/test/tap/shrinkwrap-scoped-auth.js @@ -1,4 +1,4 @@ -var resolve = require('path').resolve +var path = require('path') var writeFileSync = require('graceful-fs').writeFileSync var mkdirp = require('mkdirp') @@ -10,12 +10,12 @@ var test = require('tap').test var common = require('../common-tap.js') var toNerfDart = require('../../lib/config/nerf-dart.js') -var pkg = resolve(__dirname, 'shrinkwrap-scoped-auth') -var outfile = resolve(pkg, '_npmrc') -var modules = resolve(pkg, 'node_modules') +var pkg = path.resolve(__dirname, path.basename(__filename, '.js')) +var outfile = path.resolve(pkg, '_npmrc') +var modules = path.resolve(pkg, 'node_modules') var tarballPath = '/scoped-underscore/-/scoped-underscore-1.3.1.tgz' var tarballURL = common.registry + tarballPath -var tarball = resolve(__dirname, '../fixtures/scoped-underscore-1.3.1.tgz') +var tarball = path.resolve(__dirname, '../fixtures/scoped-underscore-1.3.1.tgz') var server @@ -46,10 +46,9 @@ test('authed npm install with shrinkwrapped scoped package', function (t) { '--fetch-retries', 0, '--userconfig', outfile ], - {cwd: pkg}, - function (err, code, stdout, stderr) { + {cwd: pkg, stdio: [0, 'pipe', 2]}, + function (err, code, stdout) { if (err) throw err - if (stderr) t.comment(stderr) t.equal(code, 0, 'npm install exited OK') try { var results = JSON.parse(stdout) @@ -75,7 +74,10 @@ var contents = '@scoped:registry=' + common.registry + '\n' + var json = { name: 'test-package-install', - version: '1.0.0' + version: '1.0.0', + dependencies: { + '@scoped/underscore': '1.0.0' + } } var shrinkwrap = { @@ -93,10 +95,10 @@ var shrinkwrap = { function setup () { cleanup() mkdirp.sync(modules) - writeFileSync(resolve(pkg, 'package.json'), JSON.stringify(json, null, 2) + '\n') + writeFileSync(path.resolve(pkg, 'package.json'), JSON.stringify(json, null, 2) + '\n') writeFileSync(outfile, contents) writeFileSync( - resolve(pkg, 'npm-shrinkwrap.json'), + path.resolve(pkg, 'npm-shrinkwrap.json'), JSON.stringify(shrinkwrap, null, 2) + '\n' ) } diff --git a/deps/npm/test/tap/uninstall-link-clean.js b/deps/npm/test/tap/uninstall-link-clean.js index b4759e8895..2b1d244d00 100644 --- a/deps/npm/test/tap/uninstall-link-clean.js +++ b/deps/npm/test/tap/uninstall-link-clean.js @@ -3,15 +3,15 @@ var path = require('path') var existsSync = fs.existsSync || path.existsSync var mkdirp = require('mkdirp') -var osenv = require('osenv') var rimraf = require('rimraf') var test = require('tap').test var common = require('../common-tap.js') -var pkg = path.join(__dirname, 'uninstall-link-clean') -var dep = path.join(__dirname, 'dep') -var work = path.join(__dirname, 'uninstall-link-clean-TEST') +var testdir = path.join(__dirname, path.basename(__filename, '.js')) +var pkg = path.join(testdir, 'pkg') +var dep = path.join(testdir, 'dep') +var work = path.join(testdir, 'uninstall-link-clean-TEST') var modules = path.join(work, 'node_modules') var EXEC_OPTS = { cwd: work, stdio: [0, 'ignore', 2] } @@ -54,7 +54,6 @@ test('setup', function (t) { fs.writeFileSync(path.join(dep, 'world.js'), world) mkdirp.sync(modules) - process.chdir(work) t.end() }) @@ -110,8 +109,5 @@ test('cleanup', function (t) { }) function cleanup () { - process.chdir(osenv.tmpdir()) - rimraf.sync(dep) - rimraf.sync(work) - rimraf.sync(pkg) + rimraf.sync(testdir) } diff --git a/deps/npm/test/tap/uninstall-save.js b/deps/npm/test/tap/uninstall-save.js index 47cffdb521..9bf342d7cf 100644 --- a/deps/npm/test/tap/uninstall-save.js +++ b/deps/npm/test/tap/uninstall-save.js @@ -10,7 +10,7 @@ var test = require('tap').test var common = require('../common-tap.js') var server -var pkg = path.join(__dirname, 'uninstall-save') +var pkg = path.join(__dirname, path.basename(__filename, '.js')) var EXEC_OPTS = { cwd: pkg, stdio: [0, 'ignore', 2] } @@ -29,62 +29,44 @@ test('setup', function (t) { }) test('uninstall --save removes rm-ed package from package.json', function (t) { - common.npm( - [ - '--registry', common.registry, - '--loglevel', 'error', - '--save-prefix', '^', - '--save', - 'install', 'underscore@latest' - ], - EXEC_OPTS, - function (err, code) { - t.ifError(err, 'npm install ran without issue') - t.notOk(code, 'npm install exited with code 0') - - var p = path.join(pkg, 'node_modules', 'underscore', 'package.json') - t.ok(JSON.parse(fs.readFileSync(p))) - - var pkgJson = JSON.parse(fs.readFileSync( - path.join(pkg, 'package.json'), - 'utf8' - )) - t.deepEqual( - pkgJson.dependencies, - { 'underscore': '^1.5.1' }, - 'got expected save prefix and version of 1.5.1' - ) - - var installed = path.join(pkg, 'node_modules', 'underscore') - rimraf.sync(installed) - - common.npm( - [ - '--registry', common.registry, - '--loglevel', 'debug', - '--save', - 'uninstall', 'underscore' - ], - EXEC_OPTS, - function (err, code) { - t.ifError(err, 'npm uninstall ran without issue') - - var pkgJson = JSON.parse(fs.readFileSync( - path.join(pkg, 'package.json'), - 'utf8' - )) - - t.deepEqual( - pkgJson.dependencies, - { }, - 'dependency removed as expected' - ) - - t.end() - } - ) - } - ) + var config = [ + '--registry', common.registry, + '--save-prefix', '^', + '--save', + '--loglevel=error' + ] + return common.npm(config.concat(['install', 'underscore@latest']), EXEC_OPTS).spread((code) => { + t.notOk(code, 'npm install exited with code 0') + + var p = path.join(pkg, 'node_modules', 'underscore', 'package.json') + t.ok(JSON.parse(fs.readFileSync(p))) + + var pkgJson = JSON.parse(fs.readFileSync( + path.join(pkg, 'package.json'), + 'utf8' + )) + t.deepEqual( + pkgJson.dependencies, + { 'underscore': '^1.5.1' }, + 'got expected save prefix and version of 1.5.1' + ) + + var installed = path.join(pkg, 'node_modules', 'underscore') + rimraf.sync(installed) + + return common.npm(config.concat(['uninstall', 'underscore']), EXEC_OPTS) + }).spread((code) => { + var pkgJson = JSON.parse(fs.readFileSync( + path.join(pkg, 'package.json'), + 'utf8' + )) + + t.deepEqual( + pkgJson.dependencies, + { }, + 'dependency removed as expected' + ) + }) }) test('cleanup', function (t) { diff --git a/deps/npm/test/tap/unit-link.js b/deps/npm/test/tap/unit-link.js index e4b9094068..4f4083e110 100644 --- a/deps/npm/test/tap/unit-link.js +++ b/deps/npm/test/tap/unit-link.js @@ -227,7 +227,7 @@ function testLink (opts, cb) { } } }, - '../../lib/utils/gently-rm.js': dezalgo(function (toRemove, gently, cb) { + '../../lib/utils/gently-rm.js': dezalgo(function (toRemove, gently, basedir, cb) { if (opts.rm[toRemove] && opts.rm[toRemove].gently === gently) { cb() } else { |