aboutsummaryrefslogtreecommitdiff
path: root/deps/npm/lib
diff options
context:
space:
mode:
Diffstat (limited to 'deps/npm/lib')
-rw-r--r--deps/npm/lib/audit.js13
-rw-r--r--deps/npm/lib/auth/legacy.js2
-rw-r--r--deps/npm/lib/config/defaults.js23
-rw-r--r--deps/npm/lib/config/get-credentials-by-uri.js6
-rw-r--r--deps/npm/lib/config/pacote.js2
-rw-r--r--deps/npm/lib/help.js8
-rw-r--r--deps/npm/lib/install.js5
-rw-r--r--deps/npm/lib/install/save.js2
-rw-r--r--deps/npm/lib/pack.js33
-rw-r--r--deps/npm/lib/profile.js4
-rw-r--r--deps/npm/lib/publish.js2
-rw-r--r--deps/npm/lib/shrinkwrap.js2
-rw-r--r--deps/npm/lib/token.js4
-rw-r--r--deps/npm/lib/utils/stringify-package.js17
-rw-r--r--deps/npm/lib/version.js6
-rw-r--r--deps/npm/lib/view.js2
16 files changed, 58 insertions, 73 deletions
diff --git a/deps/npm/lib/audit.js b/deps/npm/lib/audit.js
index 231b65d7b6..06852610e6 100644
--- a/deps/npm/lib/audit.js
+++ b/deps/npm/lib/audit.js
@@ -249,18 +249,19 @@ function auditCmd (args, cb) {
if (installMajor) {
output(' (installed due to `--force` option)')
} else {
- output(' (use `npm audit fix --force` to install breaking changes; or do it by hand)')
+ output(' (use `npm audit fix --force` to install breaking changes;' +
+ ' or refer to `npm audit` for steps to fix these manually)')
}
}
}
})
})
} else {
- const vulns =
- auditResult.metadata.vulnerabilities.low +
- auditResult.metadata.vulnerabilities.moderate +
- auditResult.metadata.vulnerabilities.high +
- auditResult.metadata.vulnerabilities.critical
+ const levels = ['low', 'moderate', 'high', 'critical']
+ const minLevel = levels.indexOf(npm.config.get('audit-level'))
+ const vulns = levels.reduce((count, level, i) => {
+ return i < minLevel ? count : count + (auditResult.metadata.vulnerabilities[level] || 0)
+ }, 0)
if (vulns > 0) process.exitCode = 1
if (npm.config.get('parseable')) {
return audit.printParseableReport(auditResult)
diff --git a/deps/npm/lib/auth/legacy.js b/deps/npm/lib/auth/legacy.js
index 9aa3696625..8c25df0288 100644
--- a/deps/npm/lib/auth/legacy.js
+++ b/deps/npm/lib/auth/legacy.js
@@ -52,7 +52,7 @@ function login (conf) {
})
.catch((err) => {
if (err.code !== 'EOTP') throw err
- return read.otp('Authenticator provided OTP:').then((otp) => {
+ return read.otp('Enter one-time password from your authenticator app: ').then((otp) => {
conf.auth.otp = otp
const u = conf.creds.username
const p = conf.creds.password
diff --git a/deps/npm/lib/config/defaults.js b/deps/npm/lib/config/defaults.js
index 46eb6ca511..991a2129f6 100644
--- a/deps/npm/lib/config/defaults.js
+++ b/deps/npm/lib/config/defaults.js
@@ -110,6 +110,7 @@ Object.defineProperty(exports, 'defaults', {get: function () {
'always-auth': false,
also: null,
audit: true,
+ 'audit-level': 'low',
'auth-type': 'legacy',
'bin-links': true,
@@ -190,11 +191,12 @@ Object.defineProperty(exports, 'defaults', {get: function () {
'prefer-offline': false,
'prefer-online': false,
prefix: globalPrefix,
+ preid: '',
production: process.env.NODE_ENV === 'production',
'progress': !process.env.TRAVIS && !process.env.CI,
proxy: null,
'https-proxy': null,
- 'no-proxy': null,
+ 'noproxy': null,
'user-agent': 'npm/{npm-version} ' +
'node/{node-version} ' +
'{platform} ' +
@@ -256,6 +258,7 @@ exports.types = {
'always-auth': Boolean,
also: [null, 'dev', 'development'],
audit: Boolean,
+ 'audit-level': ['low', 'moderate', 'high', 'critical'],
'auth-type': ['legacy', 'sso', 'saml', 'oauth'],
'bin-links': Boolean,
browser: [null, String],
@@ -305,8 +308,6 @@ exports.types = {
key: [null, String],
'legacy-bundling': Boolean,
link: Boolean,
- // local-address must be listed as an IP for a local network interface
- // must be IPv4 due to node bug
'local-address': getLocalAddresses(),
loglevel: ['silent', 'error', 'warn', 'notice', 'http', 'timing', 'info', 'verbose', 'silly'],
logstream: Stream,
@@ -317,7 +318,7 @@ exports.types = {
'metrics-registry': [null, String],
'node-options': [null, String],
'node-version': [null, semver],
- 'no-proxy': [null, String, Array],
+ 'noproxy': [null, String, Array],
offline: Boolean,
'onload-script': [null, String],
only: [null, 'dev', 'development', 'prod', 'production'],
@@ -329,6 +330,7 @@ exports.types = {
'prefer-offline': Boolean,
'prefer-online': Boolean,
prefix: path,
+ preid: String,
production: Boolean,
progress: Boolean,
proxy: [null, false, url], // allow proxy to be disabled explicitly
@@ -386,16 +388,9 @@ function getLocalAddresses () {
interfaces = {}
}
- return Object.keys(interfaces).map(function (nic) {
- return interfaces[nic].filter(function (addr) {
- return addr.family === 'IPv4'
- })
- .map(function (addr) {
- return addr.address
- })
- }).reduce(function (curr, next) {
- return curr.concat(next)
- }, []).concat(undefined)
+ return Object.keys(interfaces).map(
+ nic => interfaces[nic].map(({address}) => address)
+ ).reduce((curr, next) => curr.concat(next), []).concat(undefined)
}
exports.shorthands = {
diff --git a/deps/npm/lib/config/get-credentials-by-uri.js b/deps/npm/lib/config/get-credentials-by-uri.js
index 5e672696b2..21926c6865 100644
--- a/deps/npm/lib/config/get-credentials-by-uri.js
+++ b/deps/npm/lib/config/get-credentials-by-uri.js
@@ -34,6 +34,12 @@ function getCredentialsByURI (uri) {
return c
}
+ if (this.get(nerfed + ':-authtoken')) {
+ c.token = this.get(nerfed + ':-authtoken')
+ // the bearer token is enough, don't confuse things
+ return c
+ }
+
// Handle the old-style _auth=<base64> style for the default
// registry, if set.
var authDef = this.get('_auth')
diff --git a/deps/npm/lib/config/pacote.js b/deps/npm/lib/config/pacote.js
index b9c651d883..505b69da37 100644
--- a/deps/npm/lib/config/pacote.js
+++ b/deps/npm/lib/config/pacote.js
@@ -38,7 +38,7 @@ function pacoteOpts (moreOpts) {
preferOnline: npm.config.get('prefer-online') || npm.config.get('cache-max') <= 0,
projectScope: npm.projectScope,
proxy: npm.config.get('https-proxy') || npm.config.get('proxy'),
- noProxy: npm.config.get('no-proxy'),
+ noProxy: npm.config.get('noproxy'),
refer: npm.registry.refer,
registry: npm.config.get('registry'),
retry: {
diff --git a/deps/npm/lib/help.js b/deps/npm/lib/help.js
index 94bbc8d72e..3f70f2dc1f 100644
--- a/deps/npm/lib/help.js
+++ b/deps/npm/lib/help.js
@@ -170,10 +170,10 @@ function npmUsage (valid, cb) {
npm.config.get('long') ? usages()
: ' ' + wrap(commands),
'',
- 'npm <command> -h quick help on <command>',
- 'npm -l display full usage info',
- 'npm help <term> search for help on <term>',
- 'npm help npm involved overview',
+ 'npm <command> -h quick help on <command>',
+ 'npm -l display full usage info',
+ 'npm help <term> search for help on <term>',
+ 'npm help npm involved overview',
'',
'Specify configs in the ini-formatted file:',
' ' + npm.config.get('userconfig'),
diff --git a/deps/npm/lib/install.js b/deps/npm/lib/install.js
index 66f85d80a4..e15bc47919 100644
--- a/deps/npm/lib/install.js
+++ b/deps/npm/lib/install.js
@@ -766,6 +766,9 @@ Installer.prototype.printInstalled = function (cb) {
if (!this.auditSubmission) return
return Bluebird.resolve(this.auditSubmission).timeout(10000).catch(() => null)
}).then((auditResult) => {
+ if (auditResult && !auditResult.metadata) {
+ log.warn('audit', 'Audit result from registry missing metadata. This is probably an issue with the registry.')
+ }
// maybe write audit report w/ hash of pjson & shrinkwrap for later reading by `npm audit`
if (npm.config.get('json')) {
return this.printInstalledForJSON(diffs, auditResult)
@@ -834,7 +837,7 @@ Installer.prototype.printInstalledForHuman = function (diffs, auditResult) {
if (removed) actions.push('removed ' + packages(removed))
if (updated) actions.push('updated ' + packages(updated))
if (moved) actions.push('moved ' + packages(moved))
- if (auditResult && auditResult.metadata.totalDependencies) {
+ if (auditResult && auditResult.metadata && auditResult.metadata.totalDependencies) {
actions.push('audited ' + packages(auditResult.metadata.totalDependencies))
}
if (actions.length === 0) {
diff --git a/deps/npm/lib/install/save.js b/deps/npm/lib/install/save.js
index 8bafcbfc6b..7227e78852 100644
--- a/deps/npm/lib/install/save.js
+++ b/deps/npm/lib/install/save.js
@@ -10,7 +10,7 @@ const moduleName = require('../utils/module-name.js')
const npm = require('../npm.js')
const parseJSON = require('../utils/parse-json.js')
const path = require('path')
-const stringifyPackage = require('../utils/stringify-package')
+const stringifyPackage = require('stringify-package')
const validate = require('aproba')
const without = require('lodash.without')
const writeFileAtomic = require('write-file-atomic')
diff --git a/deps/npm/lib/pack.js b/deps/npm/lib/pack.js
index 93c21ad559..3b3f5b7bbc 100644
--- a/deps/npm/lib/pack.js
+++ b/deps/npm/lib/pack.js
@@ -32,7 +32,7 @@ const tar = require('tar')
const packlist = require('npm-packlist')
const ssri = require('ssri')
-pack.usage = 'npm pack [[<@scope>/]<pkg>...]'
+pack.usage = 'npm pack [[<@scope>/]<pkg>...] [--dry-run]'
// if it can be installed, it can be packed.
pack.completion = install.completion
@@ -68,22 +68,13 @@ function pack_ (pkg, dir) {
: mani.name
const target = `${name}-${mani.version}.tgz`
return pinflight(target, () => {
+ const dryRun = npm.config.get('dry-run')
if (mani._requested.type === 'directory') {
- return cacache.tmp.withTmp(npm.tmp, {tmpPrefix: 'packing'}, (tmp) => {
- const tmpTarget = path.join(tmp, path.basename(target))
- return prepareDirectory(mani._resolved)
- .then(() => {
- return packDirectory(mani, mani._resolved, tmpTarget, target, true)
- })
- .tap(() => {
- if (npm.config.get('dry-run')) {
- log.verbose('pack', '--dry-run mode enabled. Skipping write.')
- } else {
- return move(tmpTarget, target, {Promise: BB, fs})
- }
- })
- })
- } else if (npm.config.get('dry-run')) {
+ return prepareDirectory(mani._resolved)
+ .then(() => {
+ return packDirectory(mani, mani._resolved, target, target, true, dryRun)
+ })
+ } else if (dryRun) {
log.verbose('pack', '--dry-run mode enabled. Skipping write.')
return cacache.tmp.withTmp(npm.tmp, {tmpPrefix: 'packing'}, (tmp) => {
const tmpTarget = path.join(tmp, path.basename(target))
@@ -137,7 +128,7 @@ function prepareDirectory (dir) {
}
module.exports.packDirectory = packDirectory
-function packDirectory (mani, dir, target, filename, logIt) {
+function packDirectory (mani, dir, target, filename, logIt, dryRun) {
deprCheck(mani)
return readJson(path.join(dir, 'package.json')).then((pkg) => {
return lifecycle(pkg, 'prepack', dir)
@@ -165,7 +156,13 @@ function packDirectory (mani, dir, target, filename, logIt) {
.then((files) => tar.create(tarOpt, files.map((f) => `./${f}`)))
.then(() => getContents(pkg, tmpTarget, filename, logIt))
// thread the content info through
- .tap(() => move(tmpTarget, target, {Promise: BB, fs}))
+ .tap(() => {
+ if (dryRun) {
+ log.verbose('pack', '--dry-run mode enabled. Skipping write.')
+ } else {
+ return move(tmpTarget, target, {Promise: BB, fs})
+ }
+ })
.tap(() => lifecycle(pkg, 'postpack', dir))
})
})
diff --git a/deps/npm/lib/profile.js b/deps/npm/lib/profile.js
index 18bc8158eb..ff01db90f7 100644
--- a/deps/npm/lib/profile.js
+++ b/deps/npm/lib/profile.js
@@ -195,7 +195,7 @@ function set (args) {
newUser[prop] = value
return profile.set(newUser, conf).catch((err) => {
if (err.code !== 'EOTP') throw err
- return readUserInfo.otp('Enter OTP: ').then((otp) => {
+ return readUserInfo.otp().then((otp) => {
conf.auth.otp = otp
return profile.set(newUser, conf)
})
@@ -262,7 +262,7 @@ function enable2fa (args) {
return pulseTillDone.withPromise(profile.set({tfa: {password, mode: 'disable'}}, conf))
} else {
if (conf.auth.otp) return
- return readUserInfo.otp('Enter OTP: ').then((otp) => {
+ return readUserInfo.otp('Enter one-time password from your authenticator app: ').then((otp) => {
conf.auth.otp = otp
})
}
diff --git a/deps/npm/lib/publish.js b/deps/npm/lib/publish.js
index bff8e161b1..1ae87d7900 100644
--- a/deps/npm/lib/publish.js
+++ b/deps/npm/lib/publish.js
@@ -20,7 +20,7 @@ const readUserInfo = require('./utils/read-user-info.js')
const semver = require('semver')
const statAsync = BB.promisify(require('graceful-fs').stat)
-publish.usage = 'npm publish [<tarball>|<folder>] [--tag <tag>] [--access <public|restricted>]' +
+publish.usage = 'npm publish [<tarball>|<folder>] [--tag <tag>] [--access <public|restricted>] [--dry-run]' +
"\n\nPublishes '.' if no argument supplied" +
'\n\nSets tag `latest` if no --tag specified'
diff --git a/deps/npm/lib/shrinkwrap.js b/deps/npm/lib/shrinkwrap.js
index 36ca853cef..90a4426523 100644
--- a/deps/npm/lib/shrinkwrap.js
+++ b/deps/npm/lib/shrinkwrap.js
@@ -19,7 +19,7 @@ const npm = require('./npm.js')
const path = require('path')
const readPackageTree = BB.promisify(require('read-package-tree'))
const ssri = require('ssri')
-const stringifyPackage = require('./utils/stringify-package')
+const stringifyPackage = require('stringify-package')
const validate = require('aproba')
const writeFileAtomic = require('write-file-atomic')
const unixFormatPath = require('./utils/unix-format-path.js')
diff --git a/deps/npm/lib/token.js b/deps/npm/lib/token.js
index 8745bf9b0e..d442d37eb8 100644
--- a/deps/npm/lib/token.js
+++ b/deps/npm/lib/token.js
@@ -164,7 +164,7 @@ function rm (args) {
return profile.removeToken(key, conf).catch((ex) => {
if (ex.code !== 'EOTP') throw ex
log.info('token', 'failed because revoking this token requires OTP')
- return readUserInfo.otp('Authenticator provided OTP:').then((otp) => {
+ return readUserInfo.otp().then((otp) => {
conf.auth.otp = otp
return profile.removeToken(key, conf)
})
@@ -192,7 +192,7 @@ function create (args) {
return profile.createToken(password, readonly, validCIDR, conf).catch((ex) => {
if (ex.code !== 'EOTP') throw ex
log.info('token', 'failed because it requires OTP')
- return readUserInfo.otp('Authenticator provided OTP:').then((otp) => {
+ return readUserInfo.otp().then((otp) => {
conf.auth.otp = otp
log.info('token', 'creating with OTP')
return pulseTillDone.withPromise(profile.createToken(password, readonly, validCIDR, conf))
diff --git a/deps/npm/lib/utils/stringify-package.js b/deps/npm/lib/utils/stringify-package.js
deleted file mode 100644
index 0cc9de0a36..0000000000
--- a/deps/npm/lib/utils/stringify-package.js
+++ /dev/null
@@ -1,17 +0,0 @@
-'use strict'
-
-module.exports = stringifyPackage
-
-const DEFAULT_INDENT = 2
-const CRLF = '\r\n'
-const LF = '\n'
-
-function stringifyPackage (data, indent, newline) {
- const json = JSON.stringify(data, null, indent || DEFAULT_INDENT)
-
- if (newline === CRLF) {
- return json.replace(/\n/g, CRLF) + CRLF
- }
-
- return json + LF
-}
diff --git a/deps/npm/lib/version.js b/deps/npm/lib/version.js
index 248f2fa0a1..4439f679b3 100644
--- a/deps/npm/lib/version.js
+++ b/deps/npm/lib/version.js
@@ -15,10 +15,10 @@ const output = require('./utils/output.js')
const parseJSON = require('./utils/parse-json.js')
const path = require('path')
const semver = require('semver')
-const stringifyPackage = require('./utils/stringify-package')
+const stringifyPackage = require('stringify-package')
const writeFileAtomic = require('write-file-atomic')
-version.usage = 'npm version [<newversion> | major | minor | patch | premajor | preminor | prepatch | prerelease | from-git]' +
+version.usage = 'npm version [<newversion> | major | minor | patch | premajor | preminor | prepatch | prerelease [--preid=<prerelease-id>] | from-git]' +
'\n(run in package dir)\n' +
"'npm -v' or 'npm --version' to print npm version " +
'(' + npm.version + ')\n' +
@@ -47,7 +47,7 @@ function version (args, silent, cb_) {
retrieveTagVersion(silent, data, cb_)
} else {
var newVersion = semver.valid(args[0])
- if (!newVersion) newVersion = semver.inc(data.version, args[0])
+ if (!newVersion) newVersion = semver.inc(data.version, args[0], npm.config.get('preid'))
if (!newVersion) return cb_(version.usage)
persistVersion(newVersion, silent, data, cb_)
}
diff --git a/deps/npm/lib/view.js b/deps/npm/lib/view.js
index 88bd97c916..b7d7f6ec80 100644
--- a/deps/npm/lib/view.js
+++ b/deps/npm/lib/view.js
@@ -276,7 +276,7 @@ function prettyView (packument, manifest) {
console.log('')
console.log('dist')
- console.log('.tarball', info.tarball)
+ console.log('.tarball:', info.tarball)
console.log('.shasum:', info.shasum)
info.integrity && console.log('.integrity:', info.integrity)
info.unpackedSize && console.log('.unpackedSize:', info.unpackedSize)
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-14 12:55:02 +0000