From a35b32ec1e07cc25ca67b5718b5332b5a3bedad6 Mon Sep 17 00:00:00 2001
From: Ruy Adorno Description
the results to only the paths to the packages named. Note that nested
packages will also show the paths to the specified packages. For
example, running npm ls promzard
in npm’s source tree will show:
npm@7.4.2 /path/to/npm
+npm@7.4.3 /path/to/npm
└─┬ init-package-json@0.0.4
└── promzard@0.1.5
diff --git a/deps/npm/docs/output/commands/npm.html b/deps/npm/docs/output/commands/npm.html
index 4533f7947f40f0..03d4c92821011c 100644
--- a/deps/npm/docs/output/commands/npm.html
+++ b/deps/npm/docs/output/commands/npm.html
@@ -141,14 +141,14 @@ npm
Table of contents
-
+
Synopsis
npm <command> [args]
Version
-7.4.2
+7.4.3
Description
npm is the package manager for the Node JavaScript platform. It puts
modules in place so that node can find them, and manages dependency
@@ -246,19 +246,10 @@
Configuration
Contributions
Patches welcome!
If you would like to contribute, but don’t know what to work on, read
-the contributing guidelines and check the issues list.
-
+the contributing guidelines
+and check the issues list.
Bugs
-When you find issues, please report them:
-
-- web:
-https://github.com/npm/npm/issues
-- archived web:
-https://npm.community/c/bugs
-
+When you find issues, please report them: https://github.com/npm/cli/issues
Be sure to follow the template and bug reporting guidelines.
Feature Requests
Discuss new feature ideas on our discussion forum:
@@ -269,11 +260,6 @@ Feature Requests
-Author
-Isaac Z. Schlueter ::
-isaacs ::
-@izs ::
-i@izs.me
See Also
- npm help
diff --git a/deps/npm/man/man1/npm-ls.1 b/deps/npm/man/man1/npm-ls.1
index 694cd576a44229..0a90b749529343 100644
--- a/deps/npm/man/man1/npm-ls.1
+++ b/deps/npm/man/man1/npm-ls.1
@@ -26,7 +26,7 @@ example, running \fBnpm ls promzard\fP in npm's source tree will show:
.P
.RS 2
.nf
-npm@7\.4\.2 /path/to/npm
+npm@7\.4\.3 /path/to/npm
└─┬ init\-package\-json@0\.0\.4
└── promzard@0\.1\.5
.fi
diff --git a/deps/npm/man/man1/npm.1 b/deps/npm/man/man1/npm.1
index c94fb2515ccb17..a75dc70db92309 100644
--- a/deps/npm/man/man1/npm.1
+++ b/deps/npm/man/man1/npm.1
@@ -10,7 +10,7 @@ npm [args]
.RE
.SS Version
.P
-7\.4\.2
+7\.4\.3
.SS Description
.P
npm is the package manager for the Node JavaScript platform\. It puts
@@ -141,26 +141,11 @@ See npm help \fBconfig\fP for much much more information\.
Patches welcome!
.P
If you would like to contribute, but don't know what to work on, read
-the contributing guidelines and check the issues list\.
-.RS 0
-.IP \(bu 2
-CONTRIBUTING\.md \fIhttps://github\.com/npm/cli/blob/latest/CONTRIBUTING\.md\fR
-.IP \(bu 2
-Bug tracker \fIhttps://github\.com/npm/cli/issues\fR
-
-.RE
+the contributing guidelines \fIhttps://github\.com/npm/cli/blob/latest/CONTRIBUTING\.md\fR
+and check the issues list\.
.SS Bugs
.P
-When you find issues, please report them:
-.RS 0
-.IP \(bu 2
-web:
-https://github\.com/npm/npm/issues
-.IP \(bu 2
-archived web:
-https://npm\.community/c/bugs
-
-.RE
+When you find issues, please report them: https://github\.com/npm/cli/issues
.P
Be sure to follow the template and bug reporting guidelines\.
.SS Feature Requests
@@ -178,12 +163,6 @@ Or suggest formal RFC proposals:
https://github\.com/npm/rfcs
.RE
-.SS Author
-.P
-Isaac Z\. Schlueter \fIhttp://blog\.izs\.me/\fR ::
-isaacs \fIhttps://github\.com/isaacs/\fR ::
-@izs \fIhttps://twitter\.com/izs\fR ::
-i@izs\.me
.SS See Also
.RS 0
.IP \(bu 2
diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js
index 5375b6df4c02c5..d916b49c22c018 100644
--- a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js
+++ b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js
@@ -830,9 +830,14 @@ module.exports = cls => class Reifier extends cls {
const pname = child.package.name
const alias = name !== pname
updateDepSpec(pkg, name, (alias ? `npm:${pname}@` : '') + range)
- } else if (req.hosted)
- updateDepSpec(pkg, name, req.hosted.shortcut({ noCommittish: false }))
- else
+ } else if (req.hosted) {
+ // save the git+https url if it has auth, otherwise shortcut
+ const h = req.hosted
+ const opt = { noCommittish: false }
+ const save = h.https && h.auth ? `git+${h.https(opt)}`
+ : h.shortcut(opt)
+ updateDepSpec(pkg, name, save)
+ } else
updateDepSpec(pkg, name, req.saveSpec)
}
diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/consistent-resolve.js b/deps/npm/node_modules/@npmcli/arborist/lib/consistent-resolve.js
index 5d648de5bd87b4..32276482419017 100644
--- a/deps/npm/node_modules/@npmcli/arborist/lib/consistent-resolve.js
+++ b/deps/npm/node_modules/@npmcli/arborist/lib/consistent-resolve.js
@@ -9,6 +9,7 @@ const consistentResolve = (resolved, fromPath, toPath, relPaths = false) => {
return null
try {
+ const hostedOpt = { noCommittish: false }
const {
fetchSpec,
saveSpec,
@@ -20,7 +21,9 @@ const consistentResolve = (resolved, fromPath, toPath, relPaths = false) => {
const isPath = type === 'file' || type === 'directory'
return isPath && !relPaths ? `file:${fetchSpec}`
: isPath ? 'file:' + (toPath ? relpath(toPath, fetchSpec) : fetchSpec)
- : hosted ? 'git+' + hosted.sshurl({ noCommittish: false })
+ : hosted ? `git+${
+ hosted.auth ? hosted.https(hostedOpt) : hosted.sshurl(hostedOpt)
+ }`
: type === 'git' ? saveSpec
// always return something. 'foo' is interpreted as 'foo@' otherwise.
: rawSpec === '' && raw.slice(-1) !== '@' ? raw
diff --git a/deps/npm/node_modules/@npmcli/arborist/package.json b/deps/npm/node_modules/@npmcli/arborist/package.json
index 1a46daa19082a3..fafd1fb0f865f2 100644
--- a/deps/npm/node_modules/@npmcli/arborist/package.json
+++ b/deps/npm/node_modules/@npmcli/arborist/package.json
@@ -1,6 +1,6 @@
{
"name": "@npmcli/arborist",
- "version": "2.0.5",
+ "version": "2.0.6",
"description": "Manage node_modules trees",
"dependencies": {
"@npmcli/installed-package-contents": "^1.0.5",
@@ -20,7 +20,7 @@
"npm-package-arg": "^8.1.0",
"npm-pick-manifest": "^6.1.0",
"npm-registry-fetch": "^9.0.0",
- "pacote": "^11.2.1",
+ "pacote": "^11.2.3",
"parse-conflict-json": "^1.1.1",
"promise-all-reject-late": "^1.0.0",
"promise-call-limit": "^1.0.1",
diff --git a/deps/npm/node_modules/pacote/lib/fetcher.js b/deps/npm/node_modules/pacote/lib/fetcher.js
index a0a1447a31dc4a..c4e5852daf8a87 100644
--- a/deps/npm/node_modules/pacote/lib/fetcher.js
+++ b/deps/npm/node_modules/pacote/lib/fetcher.js
@@ -47,6 +47,8 @@ class FetcherBase {
throw new TypeError('options object is required')
this.spec = npa(spec, opts.where)
+ this.allowGitIgnore = !!opts.allowGitIgnore
+
// a bit redundant because presumably the caller already knows this,
// but it makes it easier to not have to keep track of the requested
// spec when we're dispatching thousands of these at once, and normalizing
@@ -414,7 +416,7 @@ class FetcherBase {
const base = basename(entry.path)
if (base === '.npmignore')
sawIgnores.add(entry.path)
- else if (base === '.gitignore') {
+ else if (base === '.gitignore' && !this.allowGitIgnore) {
// rename, but only if there's not already a .npmignore
const ni = entry.path.replace(/\.gitignore$/, '.npmignore')
if (sawIgnores.has(ni))
diff --git a/deps/npm/node_modules/pacote/lib/git.js b/deps/npm/node_modules/pacote/lib/git.js
index 81f7ca2567ce36..406ab5c600221b 100644
--- a/deps/npm/node_modules/pacote/lib/git.js
+++ b/deps/npm/node_modules/pacote/lib/git.js
@@ -24,13 +24,16 @@ const _cloneRepo = Symbol('_cloneRepo')
const _setResolvedWithSha = Symbol('_setResolvedWithSha')
const _prepareDir = Symbol('_prepareDir')
-// get the repository url. prefer ssh, fall back to git://
+// get the repository url.
+// prefer https if there's auth, since ssh will drop that.
+// otherwise, prefer ssh if available (more secure).
// We have to add the git+ back because npa suppresses it.
-const repoUrl = (hosted, opts) =>
- hosted.sshurl && addGitPlus(hosted.sshurl(opts)) ||
- hosted.https && addGitPlus(hosted.https(opts))
+const repoUrl = (h, opts) =>
+ h.sshurl && !(h.https && h.auth) && addGitPlus(h.sshurl(opts)) ||
+ h.https && addGitPlus(h.https(opts))
-const addGitPlus = url => url && `git+${url}`
+// add git+ to the url, but only one time.
+const addGitPlus = url => url && `git+${url}`.replace(/^(git\+)+/, 'git+')
class GitFetcher extends Fetcher {
constructor (spec, opts) {
@@ -51,6 +54,11 @@ class GitFetcher extends Fetcher {
this.resolvedSha = ''
}
+ // just exposed to make it easier to test all the combinations
+ static repoUrl (hosted, opts) {
+ return repoUrl(hosted, opts)
+ }
+
get types () {
return ['git']
}
@@ -69,13 +77,16 @@ class GitFetcher extends Fetcher {
}
// first try https, since that's faster and passphrase-less for
- // public repos. Fall back to SSH to support private repos.
- // NB: we always store the SSH url in the 'resolved' field.
+ // public repos, and supports private repos when auth is provided.
+ // Fall back to SSH to support private repos
+ // NB: we always store the https url in resolved field if auth
+ // is present, otherwise ssh if the hosted type provides it
[_resolvedFromHosted] (hosted) {
return this[_resolvedFromRepo](hosted.https && hosted.https())
.catch(er => {
const ssh = hosted.sshurl && hosted.sshurl()
- if (!ssh)
+ // no fallthrough if we can't fall through or have https auth
+ if (!ssh || hosted.auth)
throw er
return this[_resolvedFromRepo](ssh)
})
@@ -121,9 +132,11 @@ class GitFetcher extends Fetcher {
// either a git url with a hash, or a tarball download URL
[_addGitSha] (sha) {
if (this.spec.hosted) {
- this[_setResolvedWithSha](
- this.spec.hosted.shortcut({ noCommittish: true }) + '#' + sha
- )
+ const h = this.spec.hosted
+ const opt = { noCommittish: true }
+ const base = h.https && h.auth ? h.https(opt) : h.shortcut(opt)
+
+ this[_setResolvedWithSha](`${base}#${sha}`)
} else {
const u = url.format(new url.URL(`#${sha}`, this.spec.rawSpec))
this[_setResolvedWithSha](url.format(u))
@@ -207,6 +220,7 @@ class GitFetcher extends Fetcher {
const nameat = this.spec.name ? `${this.spec.name}@` : ''
return new RemoteFetcher(h.tarball({ noCommittish: false }), {
...this.opts,
+ allowGitIgnore: true,
pkgid: `git:${nameat}${this.resolved}`,
resolved: this.resolved,
integrity: null, // it'll always be different, if we have one
@@ -231,14 +245,19 @@ class GitFetcher extends Fetcher {
})
}
+ // first try https, since that's faster and passphrase-less for
+ // public repos, and supports private repos when auth is provided.
+ // Fall back to SSH to support private repos
+ // NB: we always store the https url in resolved field if auth
+ // is present, otherwise ssh if the hosted type provides it
[_cloneHosted] (ref, tmp) {
const hosted = this.spec.hosted
const https = hosted.https()
return this[_cloneRepo](hosted.https({ noCommittish: true }), ref, tmp)
.catch(er => {
const ssh = hosted.sshurl && hosted.sshurl({ noCommittish: true })
- /* istanbul ignore if - should be covered by the resolve() call */
- if (!ssh)
+ // no fallthrough if we can't fall through or have https auth
+ if (!ssh || hosted.auth)
throw er
return this[_cloneRepo](ssh, ref, tmp)
})
diff --git a/deps/npm/node_modules/pacote/package.json b/deps/npm/node_modules/pacote/package.json
index 8de6a07a242587..b55685a48b2411 100644
--- a/deps/npm/node_modules/pacote/package.json
+++ b/deps/npm/node_modules/pacote/package.json
@@ -1,6 +1,6 @@
{
"name": "pacote",
- "version": "11.2.1",
+ "version": "11.2.3",
"description": "JavaScript package downloader",
"author": "Isaac Z. Schlueter (https://izs.me)",
"bin": {
diff --git a/deps/npm/package.json b/deps/npm/package.json
index d2bbe02cae695f..da6175dfe80b8e 100644
--- a/deps/npm/package.json
+++ b/deps/npm/package.json
@@ -1,5 +1,5 @@
{
- "version": "7.4.2",
+ "version": "7.4.3",
"name": "npm",
"description": "a package manager for JavaScript",
"keywords": [
@@ -42,7 +42,7 @@
"./package.json": "./package.json"
},
"dependencies": {
- "@npmcli/arborist": "^2.0.5",
+ "@npmcli/arborist": "^2.0.6",
"@npmcli/ci-detect": "^1.2.0",
"@npmcli/config": "^1.2.8",
"@npmcli/run-script": "^1.8.1",
@@ -90,7 +90,7 @@
"npm-user-validate": "^1.0.1",
"npmlog": "~4.1.2",
"opener": "^1.5.2",
- "pacote": "^11.2.1",
+ "pacote": "^11.2.3",
"parse-conflict-json": "^1.1.1",
"qrcode-terminal": "^0.12.0",
"read": "~1.0.7",
@@ -180,7 +180,7 @@
],
"devDependencies": {
"cmark-gfm": "^0.8.5",
- "eslint": "^7.14.0",
+ "eslint": "^7.18.0",
"eslint-plugin-import": "^2.22.1",
"eslint-plugin-node": "^11.1.0",
"eslint-plugin-promise": "^4.2.1",