diff options
Diffstat (limited to 'deps/npm/lib')
-rw-r--r-- | deps/npm/lib/audit.js | 13 | ||||
-rw-r--r-- | deps/npm/lib/auth/legacy.js | 2 | ||||
-rw-r--r-- | deps/npm/lib/config/defaults.js | 23 | ||||
-rw-r--r-- | deps/npm/lib/config/get-credentials-by-uri.js | 6 | ||||
-rw-r--r-- | deps/npm/lib/config/pacote.js | 2 | ||||
-rw-r--r-- | deps/npm/lib/help.js | 8 | ||||
-rw-r--r-- | deps/npm/lib/install.js | 5 | ||||
-rw-r--r-- | deps/npm/lib/install/save.js | 2 | ||||
-rw-r--r-- | deps/npm/lib/pack.js | 33 | ||||
-rw-r--r-- | deps/npm/lib/profile.js | 4 | ||||
-rw-r--r-- | deps/npm/lib/publish.js | 2 | ||||
-rw-r--r-- | deps/npm/lib/shrinkwrap.js | 2 | ||||
-rw-r--r-- | deps/npm/lib/token.js | 4 | ||||
-rw-r--r-- | deps/npm/lib/utils/stringify-package.js | 17 | ||||
-rw-r--r-- | deps/npm/lib/version.js | 6 | ||||
-rw-r--r-- | deps/npm/lib/view.js | 2 |
16 files changed, 58 insertions, 73 deletions
diff --git a/deps/npm/lib/audit.js b/deps/npm/lib/audit.js index 231b65d7b6..06852610e6 100644 --- a/deps/npm/lib/audit.js +++ b/deps/npm/lib/audit.js @@ -249,18 +249,19 @@ function auditCmd (args, cb) { if (installMajor) { output(' (installed due to `--force` option)') } else { - output(' (use `npm audit fix --force` to install breaking changes; or do it by hand)') + output(' (use `npm audit fix --force` to install breaking changes;' + + ' or refer to `npm audit` for steps to fix these manually)') } } } }) }) } else { - const vulns = - auditResult.metadata.vulnerabilities.low + - auditResult.metadata.vulnerabilities.moderate + - auditResult.metadata.vulnerabilities.high + - auditResult.metadata.vulnerabilities.critical + const levels = ['low', 'moderate', 'high', 'critical'] + const minLevel = levels.indexOf(npm.config.get('audit-level')) + const vulns = levels.reduce((count, level, i) => { + return i < minLevel ? count : count + (auditResult.metadata.vulnerabilities[level] || 0) + }, 0) if (vulns > 0) process.exitCode = 1 if (npm.config.get('parseable')) { return audit.printParseableReport(auditResult) diff --git a/deps/npm/lib/auth/legacy.js b/deps/npm/lib/auth/legacy.js index 9aa3696625..8c25df0288 100644 --- a/deps/npm/lib/auth/legacy.js +++ b/deps/npm/lib/auth/legacy.js @@ -52,7 +52,7 @@ function login (conf) { }) .catch((err) => { if (err.code !== 'EOTP') throw err - return read.otp('Authenticator provided OTP:').then((otp) => { + return read.otp('Enter one-time password from your authenticator app: ').then((otp) => { conf.auth.otp = otp const u = conf.creds.username const p = conf.creds.password diff --git a/deps/npm/lib/config/defaults.js b/deps/npm/lib/config/defaults.js index 46eb6ca511..991a2129f6 100644 --- a/deps/npm/lib/config/defaults.js +++ b/deps/npm/lib/config/defaults.js @@ -110,6 +110,7 @@ Object.defineProperty(exports, 'defaults', {get: function () { 'always-auth': false, also: null, audit: true, + 'audit-level': 'low', 'auth-type': 'legacy', 'bin-links': true, @@ -190,11 +191,12 @@ Object.defineProperty(exports, 'defaults', {get: function () { 'prefer-offline': false, 'prefer-online': false, prefix: globalPrefix, + preid: '', production: process.env.NODE_ENV === 'production', 'progress': !process.env.TRAVIS && !process.env.CI, proxy: null, 'https-proxy': null, - 'no-proxy': null, + 'noproxy': null, 'user-agent': 'npm/{npm-version} ' + 'node/{node-version} ' + '{platform} ' + @@ -256,6 +258,7 @@ exports.types = { 'always-auth': Boolean, also: [null, 'dev', 'development'], audit: Boolean, + 'audit-level': ['low', 'moderate', 'high', 'critical'], 'auth-type': ['legacy', 'sso', 'saml', 'oauth'], 'bin-links': Boolean, browser: [null, String], @@ -305,8 +308,6 @@ exports.types = { key: [null, String], 'legacy-bundling': Boolean, link: Boolean, - // local-address must be listed as an IP for a local network interface - // must be IPv4 due to node bug 'local-address': getLocalAddresses(), loglevel: ['silent', 'error', 'warn', 'notice', 'http', 'timing', 'info', 'verbose', 'silly'], logstream: Stream, @@ -317,7 +318,7 @@ exports.types = { 'metrics-registry': [null, String], 'node-options': [null, String], 'node-version': [null, semver], - 'no-proxy': [null, String, Array], + 'noproxy': [null, String, Array], offline: Boolean, 'onload-script': [null, String], only: [null, 'dev', 'development', 'prod', 'production'], @@ -329,6 +330,7 @@ exports.types = { 'prefer-offline': Boolean, 'prefer-online': Boolean, prefix: path, + preid: String, production: Boolean, progress: Boolean, proxy: [null, false, url], // allow proxy to be disabled explicitly @@ -386,16 +388,9 @@ function getLocalAddresses () { interfaces = {} } - return Object.keys(interfaces).map(function (nic) { - return interfaces[nic].filter(function (addr) { - return addr.family === 'IPv4' - }) - .map(function (addr) { - return addr.address - }) - }).reduce(function (curr, next) { - return curr.concat(next) - }, []).concat(undefined) + return Object.keys(interfaces).map( + nic => interfaces[nic].map(({address}) => address) + ).reduce((curr, next) => curr.concat(next), []).concat(undefined) } exports.shorthands = { diff --git a/deps/npm/lib/config/get-credentials-by-uri.js b/deps/npm/lib/config/get-credentials-by-uri.js index 5e672696b2..21926c6865 100644 --- a/deps/npm/lib/config/get-credentials-by-uri.js +++ b/deps/npm/lib/config/get-credentials-by-uri.js @@ -34,6 +34,12 @@ function getCredentialsByURI (uri) { return c } + if (this.get(nerfed + ':-authtoken')) { + c.token = this.get(nerfed + ':-authtoken') + // the bearer token is enough, don't confuse things + return c + } + // Handle the old-style _auth=<base64> style for the default // registry, if set. var authDef = this.get('_auth') diff --git a/deps/npm/lib/config/pacote.js b/deps/npm/lib/config/pacote.js index b9c651d883..505b69da37 100644 --- a/deps/npm/lib/config/pacote.js +++ b/deps/npm/lib/config/pacote.js @@ -38,7 +38,7 @@ function pacoteOpts (moreOpts) { preferOnline: npm.config.get('prefer-online') || npm.config.get('cache-max') <= 0, projectScope: npm.projectScope, proxy: npm.config.get('https-proxy') || npm.config.get('proxy'), - noProxy: npm.config.get('no-proxy'), + noProxy: npm.config.get('noproxy'), refer: npm.registry.refer, registry: npm.config.get('registry'), retry: { diff --git a/deps/npm/lib/help.js b/deps/npm/lib/help.js index 94bbc8d72e..3f70f2dc1f 100644 --- a/deps/npm/lib/help.js +++ b/deps/npm/lib/help.js @@ -170,10 +170,10 @@ function npmUsage (valid, cb) { npm.config.get('long') ? usages() : ' ' + wrap(commands), '', - 'npm <command> -h quick help on <command>', - 'npm -l display full usage info', - 'npm help <term> search for help on <term>', - 'npm help npm involved overview', + 'npm <command> -h quick help on <command>', + 'npm -l display full usage info', + 'npm help <term> search for help on <term>', + 'npm help npm involved overview', '', 'Specify configs in the ini-formatted file:', ' ' + npm.config.get('userconfig'), diff --git a/deps/npm/lib/install.js b/deps/npm/lib/install.js index 66f85d80a4..e15bc47919 100644 --- a/deps/npm/lib/install.js +++ b/deps/npm/lib/install.js @@ -766,6 +766,9 @@ Installer.prototype.printInstalled = function (cb) { if (!this.auditSubmission) return return Bluebird.resolve(this.auditSubmission).timeout(10000).catch(() => null) }).then((auditResult) => { + if (auditResult && !auditResult.metadata) { + log.warn('audit', 'Audit result from registry missing metadata. This is probably an issue with the registry.') + } // maybe write audit report w/ hash of pjson & shrinkwrap for later reading by `npm audit` if (npm.config.get('json')) { return this.printInstalledForJSON(diffs, auditResult) @@ -834,7 +837,7 @@ Installer.prototype.printInstalledForHuman = function (diffs, auditResult) { if (removed) actions.push('removed ' + packages(removed)) if (updated) actions.push('updated ' + packages(updated)) if (moved) actions.push('moved ' + packages(moved)) - if (auditResult && auditResult.metadata.totalDependencies) { + if (auditResult && auditResult.metadata && auditResult.metadata.totalDependencies) { actions.push('audited ' + packages(auditResult.metadata.totalDependencies)) } if (actions.length === 0) { diff --git a/deps/npm/lib/install/save.js b/deps/npm/lib/install/save.js index 8bafcbfc6b..7227e78852 100644 --- a/deps/npm/lib/install/save.js +++ b/deps/npm/lib/install/save.js @@ -10,7 +10,7 @@ const moduleName = require('../utils/module-name.js') const npm = require('../npm.js') const parseJSON = require('../utils/parse-json.js') const path = require('path') -const stringifyPackage = require('../utils/stringify-package') +const stringifyPackage = require('stringify-package') const validate = require('aproba') const without = require('lodash.without') const writeFileAtomic = require('write-file-atomic') diff --git a/deps/npm/lib/pack.js b/deps/npm/lib/pack.js index 93c21ad559..3b3f5b7bbc 100644 --- a/deps/npm/lib/pack.js +++ b/deps/npm/lib/pack.js @@ -32,7 +32,7 @@ const tar = require('tar') const packlist = require('npm-packlist') const ssri = require('ssri') -pack.usage = 'npm pack [[<@scope>/]<pkg>...]' +pack.usage = 'npm pack [[<@scope>/]<pkg>...] [--dry-run]' // if it can be installed, it can be packed. pack.completion = install.completion @@ -68,22 +68,13 @@ function pack_ (pkg, dir) { : mani.name const target = `${name}-${mani.version}.tgz` return pinflight(target, () => { + const dryRun = npm.config.get('dry-run') if (mani._requested.type === 'directory') { - return cacache.tmp.withTmp(npm.tmp, {tmpPrefix: 'packing'}, (tmp) => { - const tmpTarget = path.join(tmp, path.basename(target)) - return prepareDirectory(mani._resolved) - .then(() => { - return packDirectory(mani, mani._resolved, tmpTarget, target, true) - }) - .tap(() => { - if (npm.config.get('dry-run')) { - log.verbose('pack', '--dry-run mode enabled. Skipping write.') - } else { - return move(tmpTarget, target, {Promise: BB, fs}) - } - }) - }) - } else if (npm.config.get('dry-run')) { + return prepareDirectory(mani._resolved) + .then(() => { + return packDirectory(mani, mani._resolved, target, target, true, dryRun) + }) + } else if (dryRun) { log.verbose('pack', '--dry-run mode enabled. Skipping write.') return cacache.tmp.withTmp(npm.tmp, {tmpPrefix: 'packing'}, (tmp) => { const tmpTarget = path.join(tmp, path.basename(target)) @@ -137,7 +128,7 @@ function prepareDirectory (dir) { } module.exports.packDirectory = packDirectory -function packDirectory (mani, dir, target, filename, logIt) { +function packDirectory (mani, dir, target, filename, logIt, dryRun) { deprCheck(mani) return readJson(path.join(dir, 'package.json')).then((pkg) => { return lifecycle(pkg, 'prepack', dir) @@ -165,7 +156,13 @@ function packDirectory (mani, dir, target, filename, logIt) { .then((files) => tar.create(tarOpt, files.map((f) => `./${f}`))) .then(() => getContents(pkg, tmpTarget, filename, logIt)) // thread the content info through - .tap(() => move(tmpTarget, target, {Promise: BB, fs})) + .tap(() => { + if (dryRun) { + log.verbose('pack', '--dry-run mode enabled. Skipping write.') + } else { + return move(tmpTarget, target, {Promise: BB, fs}) + } + }) .tap(() => lifecycle(pkg, 'postpack', dir)) }) }) diff --git a/deps/npm/lib/profile.js b/deps/npm/lib/profile.js index 18bc8158eb..ff01db90f7 100644 --- a/deps/npm/lib/profile.js +++ b/deps/npm/lib/profile.js @@ -195,7 +195,7 @@ function set (args) { newUser[prop] = value return profile.set(newUser, conf).catch((err) => { if (err.code !== 'EOTP') throw err - return readUserInfo.otp('Enter OTP: ').then((otp) => { + return readUserInfo.otp().then((otp) => { conf.auth.otp = otp return profile.set(newUser, conf) }) @@ -262,7 +262,7 @@ function enable2fa (args) { return pulseTillDone.withPromise(profile.set({tfa: {password, mode: 'disable'}}, conf)) } else { if (conf.auth.otp) return - return readUserInfo.otp('Enter OTP: ').then((otp) => { + return readUserInfo.otp('Enter one-time password from your authenticator app: ').then((otp) => { conf.auth.otp = otp }) } diff --git a/deps/npm/lib/publish.js b/deps/npm/lib/publish.js index bff8e161b1..1ae87d7900 100644 --- a/deps/npm/lib/publish.js +++ b/deps/npm/lib/publish.js @@ -20,7 +20,7 @@ const readUserInfo = require('./utils/read-user-info.js') const semver = require('semver') const statAsync = BB.promisify(require('graceful-fs').stat) -publish.usage = 'npm publish [<tarball>|<folder>] [--tag <tag>] [--access <public|restricted>]' + +publish.usage = 'npm publish [<tarball>|<folder>] [--tag <tag>] [--access <public|restricted>] [--dry-run]' + "\n\nPublishes '.' if no argument supplied" + '\n\nSets tag `latest` if no --tag specified' diff --git a/deps/npm/lib/shrinkwrap.js b/deps/npm/lib/shrinkwrap.js index 36ca853cef..90a4426523 100644 --- a/deps/npm/lib/shrinkwrap.js +++ b/deps/npm/lib/shrinkwrap.js @@ -19,7 +19,7 @@ const npm = require('./npm.js') const path = require('path') const readPackageTree = BB.promisify(require('read-package-tree')) const ssri = require('ssri') -const stringifyPackage = require('./utils/stringify-package') +const stringifyPackage = require('stringify-package') const validate = require('aproba') const writeFileAtomic = require('write-file-atomic') const unixFormatPath = require('./utils/unix-format-path.js') diff --git a/deps/npm/lib/token.js b/deps/npm/lib/token.js index 8745bf9b0e..d442d37eb8 100644 --- a/deps/npm/lib/token.js +++ b/deps/npm/lib/token.js @@ -164,7 +164,7 @@ function rm (args) { return profile.removeToken(key, conf).catch((ex) => { if (ex.code !== 'EOTP') throw ex log.info('token', 'failed because revoking this token requires OTP') - return readUserInfo.otp('Authenticator provided OTP:').then((otp) => { + return readUserInfo.otp().then((otp) => { conf.auth.otp = otp return profile.removeToken(key, conf) }) @@ -192,7 +192,7 @@ function create (args) { return profile.createToken(password, readonly, validCIDR, conf).catch((ex) => { if (ex.code !== 'EOTP') throw ex log.info('token', 'failed because it requires OTP') - return readUserInfo.otp('Authenticator provided OTP:').then((otp) => { + return readUserInfo.otp().then((otp) => { conf.auth.otp = otp log.info('token', 'creating with OTP') return pulseTillDone.withPromise(profile.createToken(password, readonly, validCIDR, conf)) diff --git a/deps/npm/lib/utils/stringify-package.js b/deps/npm/lib/utils/stringify-package.js deleted file mode 100644 index 0cc9de0a36..0000000000 --- a/deps/npm/lib/utils/stringify-package.js +++ /dev/null @@ -1,17 +0,0 @@ -'use strict' - -module.exports = stringifyPackage - -const DEFAULT_INDENT = 2 -const CRLF = '\r\n' -const LF = '\n' - -function stringifyPackage (data, indent, newline) { - const json = JSON.stringify(data, null, indent || DEFAULT_INDENT) - - if (newline === CRLF) { - return json.replace(/\n/g, CRLF) + CRLF - } - - return json + LF -} diff --git a/deps/npm/lib/version.js b/deps/npm/lib/version.js index 248f2fa0a1..4439f679b3 100644 --- a/deps/npm/lib/version.js +++ b/deps/npm/lib/version.js @@ -15,10 +15,10 @@ const output = require('./utils/output.js') const parseJSON = require('./utils/parse-json.js') const path = require('path') const semver = require('semver') -const stringifyPackage = require('./utils/stringify-package') +const stringifyPackage = require('stringify-package') const writeFileAtomic = require('write-file-atomic') -version.usage = 'npm version [<newversion> | major | minor | patch | premajor | preminor | prepatch | prerelease | from-git]' + +version.usage = 'npm version [<newversion> | major | minor | patch | premajor | preminor | prepatch | prerelease [--preid=<prerelease-id>] | from-git]' + '\n(run in package dir)\n' + "'npm -v' or 'npm --version' to print npm version " + '(' + npm.version + ')\n' + @@ -47,7 +47,7 @@ function version (args, silent, cb_) { retrieveTagVersion(silent, data, cb_) } else { var newVersion = semver.valid(args[0]) - if (!newVersion) newVersion = semver.inc(data.version, args[0]) + if (!newVersion) newVersion = semver.inc(data.version, args[0], npm.config.get('preid')) if (!newVersion) return cb_(version.usage) persistVersion(newVersion, silent, data, cb_) } diff --git a/deps/npm/lib/view.js b/deps/npm/lib/view.js index 88bd97c916..b7d7f6ec80 100644 --- a/deps/npm/lib/view.js +++ b/deps/npm/lib/view.js @@ -276,7 +276,7 @@ function prettyView (packument, manifest) { console.log('') console.log('dist') - console.log('.tarball', info.tarball) + console.log('.tarball:', info.tarball) console.log('.shasum:', info.shasum) info.integrity && console.log('.integrity:', info.integrity) info.unpackedSize && console.log('.unpackedSize:', info.unpackedSize) |