From f76903433f438db2822c40ba46451ccc3ec88fc2 Mon Sep 17 00:00:00 2001 From: isaacs Date: Tue, 6 Aug 2019 09:53:43 -0700 Subject: deps: update npm to 6.10.3 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit BUGFIXES * [`27cccfbda`](https://github.com/npm/cli/commit/27cccfbdac8526cc807b07f416355949b1372a9b) [#223](https://github.com/npm/cli/pull/223) vulns → vulnerabilities in npm audit output ([@sapegin](https://github.com/sapegin)) * [`d5e865eb7`](https://github.com/npm/cli/commit/d5e865eb79329665a927cc2767b4395c03045dbb) [#222](https://github.com/npm/cli/pull/222) [#226](https://github.com/npm/cli/pull/226) install, doctor: don't crash if registry unset ([@dmitrydvorkin](https://github.com/dmitrydvorkin), [@isaacs](https://github.com/isaacs)) * [`5b3890226`](https://github.com/npm/cli/commit/5b389022652abeb0e1c278a152550eb95bc6c452) [#227](https://github.com/npm/cli/pull/227) [npm.community#9167](https://npm.community/t/npm-err-cb-never-called-permission-denied/9167/5) Handle unhandledRejections, tell user what to do when encountering an `EACCES` error in the cache. ([@isaacs](https://github.com/isaacs)) DEPENDENCIES * [`77516df6e`](https://github.com/npm/cli/commit/77516df6eac94a6d7acb5e9ca06feaa0868d779b) `licensee@7.0.3` ([@isaacs](https://github.com/isaacs)) * [`ceb993590`](https://github.com/npm/cli/commit/ceb993590e4e376a9a78264ce7bb4327fbbb37fe) `query-string@6.8.2` ([@isaacs](https://github.com/isaacs)) * [`4050b9189`](https://github.com/npm/cli/commit/4050b91898c60e9b22998cf82b70b9b822de592a) `hosted-git-info@2.8.2` * [#46](https://github.com/npm/hosted-git-info/issues/46) [#43](https://github.com/npm/hosted-git-info/issues/43) [#47](https://github.com/npm/hosted-git-info/pull/47) [#44](https://github.com/npm/hosted-git-info/pull/44) Add support for GitLab subgroups ([@mterrel](https://github.com/mterrel), [@isaacs](https://github.com/isaacs), [@ybiquitous](https://github.com/ybiquitous)) * [`3b1d629`](https://github.com/npm/hosted-git-info/commit/3b1d629) [#48](https://github.com/npm/hosted-git-info/issues/48) fix http protocol using sshurl by default ([@fengmk2](https://github.com/fengmk2)) * [`5d4a8d7`](https://github.com/npm/hosted-git-info/commit/5d4a8d7) ignore noCommittish on tarball url generation ([@isaacs](https://github.com/isaacs)) * [`1692435`](https://github.com/npm/hosted-git-info/commit/1692435) use gist tarball url that works for anonymous gists ([@isaacs](https://github.com/isaacs)) * [`d5cf830`](https://github.com/npm/hosted-git-info/commit/d5cf8309be7af884032616c63ea302ce49dd321c) Do not allow invalid gist urls ([@isaacs](https://github.com/isaacs)) * [`e518222`](https://github.com/npm/hosted-git-info/commit/e5182224351183ce619dd5ef00019ae700ed37b7) Use LRU cache to prevent unbounded memory consumption ([@iarna](https://github.com/iarna)) PR-URL: https://github.com/nodejs/node/pull/29023 Reviewed-By: Jiawen Geng Reviewed-By: Rich Trott --- deps/npm/lib/audit.js | 2 +- deps/npm/lib/config/fetch-opts.js | 77 ------------------------------ deps/npm/lib/doctor.js | 2 +- deps/npm/lib/install/diff-trees.js | 2 +- deps/npm/lib/install/inflate-shrinkwrap.js | 2 +- deps/npm/lib/shrinkwrap.js | 2 +- deps/npm/lib/utils/error-handler.js | 7 +-- deps/npm/lib/utils/error-message.js | 49 ++++++++++++++----- 8 files changed, 46 insertions(+), 97 deletions(-) delete mode 100644 deps/npm/lib/config/fetch-opts.js (limited to 'deps/npm/lib') diff --git a/deps/npm/lib/audit.js b/deps/npm/lib/audit.js index c86566403a..7b694c13c5 100644 --- a/deps/npm/lib/audit.js +++ b/deps/npm/lib/audit.js @@ -277,7 +277,7 @@ function auditCmd (args, cb) { output(` ${actions.review.size} vulnerabilit${actions.review.size === 1 ? 'y' : 'ies'} required manual review and could not be updated`) } if (actions.major.size) { - output(` ${actions.major.size} package update${actions.major.size === 1 ? '' : 's'} for ${actions.majorFixes.size} vuln${actions.majorFixes.size === 1 ? '' : 's'} involved breaking changes`) + output(` ${actions.major.size} package update${actions.major.size === 1 ? '' : 's'} for ${actions.majorFixes.size} vulnerabilit${actions.majorFixes.size === 1 ? 'y' : 'ies'} involved breaking changes`) if (installMajor) { output(' (installed due to `--force` option)') } else { diff --git a/deps/npm/lib/config/fetch-opts.js b/deps/npm/lib/config/fetch-opts.js deleted file mode 100644 index 213c293d6c..0000000000 --- a/deps/npm/lib/config/fetch-opts.js +++ /dev/null @@ -1,77 +0,0 @@ -'use strict' - -const url = require('url') - -module.exports.fromPacote = fromPacote - -function fromPacote (opts) { - return { - cache: getCacheMode(opts), - cacheManager: opts.cache, - ca: opts.ca, - cert: opts.cert, - headers: getHeaders('', opts.registry, opts), - key: opts.key, - localAddress: opts.localAddress, - maxSockets: opts.maxSockets, - proxy: opts.proxy, - referer: opts.refer, - retry: opts.retry, - strictSSL: !!opts.strictSSL, - timeout: opts.timeout, - uid: opts.uid, - gid: opts.gid - } -} - -function getCacheMode (opts) { - return opts.offline - ? 'only-if-cached' - : opts.preferOffline - ? 'force-cache' - : opts.preferOnline - ? 'no-cache' - : 'default' -} - -function getHeaders (uri, registry, opts) { - const headers = Object.assign({ - 'npm-in-ci': opts.isFromCI, - 'npm-scope': opts.projectScope, - 'npm-session': opts.npmSession, - 'user-agent': opts.userAgent, - 'referer': opts.refer - }, opts.headers) - // check for auth settings specific to this registry - let auth = ( - opts.auth && - opts.auth[registryKey(registry)] - ) || opts.auth - // If a tarball is hosted on a different place than the manifest, only send - // credentials on `alwaysAuth` - const shouldAuth = auth && ( - auth.alwaysAuth || - url.parse(uri).host === url.parse(registry).host - ) - if (shouldAuth && auth.token) { - headers.authorization = `Bearer ${auth.token}` - } else if (shouldAuth && auth.username && auth.password) { - const encoded = Buffer.from( - `${auth.username}:${auth.password}`, 'utf8' - ).toString('base64') - headers.authorization = `Basic ${encoded}` - } else if (shouldAuth && auth._auth) { - headers.authorization = `Basic ${auth._auth}` - } - return headers -} - -function registryKey (registry) { - const parsed = url.parse(registry) - const formatted = url.format({ - host: parsed.host, - pathname: parsed.pathname, - slashes: parsed.slashes - }) - return url.resolve(formatted, '.') -} diff --git a/deps/npm/lib/doctor.js b/deps/npm/lib/doctor.js index 95ede1bc87..96094e6346 100644 --- a/deps/npm/lib/doctor.js +++ b/deps/npm/lib/doctor.js @@ -87,7 +87,7 @@ function makePretty (p) { const cacheStatus = p[8] ? `verified ${p[8].verifiedContent} tarballs` : 'notOk' const npmV = npm.version const nodeV = process.version.replace('v', '') - const registry = npm.config.get('registry') + const registry = npm.config.get('registry') || '' const list = [ ['npm ping', ping], ['npm -v', 'v' + npmV], diff --git a/deps/npm/lib/install/diff-trees.js b/deps/npm/lib/install/diff-trees.js index 346846fdc0..147aa9b8e7 100644 --- a/deps/npm/lib/install/diff-trees.js +++ b/deps/npm/lib/install/diff-trees.js @@ -11,7 +11,7 @@ var moduleName = require('../utils/module-name.js') var isOnlyOptional = require('./is-only-optional.js') // we don't use get-requested because we're operating on files on disk, and -// we don't want to extropolate from what _should_ be there. +// we don't want to extrapolate from what _should_ be there. function pkgRequested (pkg) { return pkg._requested || (pkg._resolved && npa(pkg._resolved)) || (pkg._from && npa(pkg._from)) } diff --git a/deps/npm/lib/install/inflate-shrinkwrap.js b/deps/npm/lib/install/inflate-shrinkwrap.js index 395cc11191..5da9418bbd 100644 --- a/deps/npm/lib/install/inflate-shrinkwrap.js +++ b/deps/npm/lib/install/inflate-shrinkwrap.js @@ -74,7 +74,7 @@ function quotemeta (str) { } function tarballToVersion (name, tb) { - const registry = quotemeta(npm.config.get('registry')) + const registry = quotemeta(npm.config.get('registry') || '') .replace(/https?:/, 'https?:') .replace(/([^/])$/, '$1/') let matchRegTarball diff --git a/deps/npm/lib/shrinkwrap.js b/deps/npm/lib/shrinkwrap.js index bd8c0abbaa..35e063d447 100644 --- a/deps/npm/lib/shrinkwrap.js +++ b/deps/npm/lib/shrinkwrap.js @@ -121,7 +121,7 @@ function shrinkwrapDeps (deps, top, tree, seen) { if (isRegistry(requested)) { pkginfo.resolved = child.package._resolved } - // no integrity for git deps as integirty hashes are based on the + // no integrity for git deps as integrity hashes are based on the // tarball and we can't (yet) create consistent tarballs from a stable // source. if (requested.type !== 'git') { diff --git a/deps/npm/lib/utils/error-handler.js b/deps/npm/lib/utils/error-handler.js index 7cb43be290..39e0035c27 100644 --- a/deps/npm/lib/utils/error-handler.js +++ b/deps/npm/lib/utils/error-handler.js @@ -187,11 +187,12 @@ function errorHandler (er) { log.verbose('npm ', 'v' + npm.version) ;[ + 'code', + 'syscall', 'file', 'path', - 'code', - 'errno', - 'syscall' + 'dest', + 'errno' ].forEach(function (k) { var v = er[k] if (v) log.error(k, v) diff --git a/deps/npm/lib/utils/error-message.js b/deps/npm/lib/utils/error-message.js index bf5d65c0df..ea8b05938c 100644 --- a/deps/npm/lib/utils/error-message.js +++ b/deps/npm/lib/utils/error-message.js @@ -2,6 +2,7 @@ var npm = require('../npm.js') var util = require('util') var nameValidator = require('validate-npm-package-name') +var npmlog = require('npmlog') module.exports = errorMessage @@ -33,18 +34,42 @@ function errorMessage (er) { case 'EACCES': case 'EPERM': - short.push(['', er]) - detail.push([ - '', - [ - '\nThe operation was rejected by your operating system.', - (process.platform === 'win32' - ? 'It\'s possible that the file was already in use (by a text editor or antivirus),\nor that you lack permissions to access it.' - : 'It is likely you do not have the permissions to access this file as the current user'), - '\nIf you believe this might be a permissions issue, please double-check the', - 'permissions of the file and its containing directories, or try running', - 'the command again as root/Administrator (though this is not recommended).' - ].join('\n')]) + const isCachePath = typeof er.path === 'string' && + er.path.startsWith(npm.config.get('cache')) + const isCacheDest = typeof er.dest === 'string' && + er.dest.startsWith(npm.config.get('cache')) + + const isWindows = process.platform === 'win32' + + if (!isWindows && (isCachePath || isCacheDest)) { + // user probably doesn't need this, but still add it to the debug log + npmlog.verbose(er.stack) + short.push([ + '', + [ + '', + 'Your cache folder contains root-owned files, due to a bug in', + 'previous versions of npm which has since been addressed.', + '', + 'To permanently fix this problem, please run:', + ` sudo chown -R ${process.getuid()}:${process.getgid()} ${JSON.stringify(npm.config.get('cache'))}` + ].join('\n') + ]) + } else { + short.push(['', er]) + detail.push([ + '', + [ + '\nThe operation was rejected by your operating system.', + (process.platform === 'win32' + ? 'It\'s possible that the file was already in use (by a text editor or antivirus),\n' + + 'or that you lack permissions to access it.' + : 'It is likely you do not have the permissions to access this file as the current user'), + '\nIf you believe this might be a permissions issue, please double-check the', + 'permissions of the file and its containing directories, or try running', + 'the command again as root/Administrator.' + ].join('\n')]) + } break case 'ELIFECYCLE': -- cgit v1.2.3