npm · isaacs · Aug 6, 2019 · Jul 24, 2019 · Aug 1, 2019 · Jul 25, 2019
@@ -649,3 +649,6 @@ Iván Reinoso García <ireinoso@plainconcepts.com>
 Roy Marples <roy@marples.name>
 Robert James Gabriel <robert_gabriel@outlook.com>
 John Firebaugh <john.firebaugh@gmail.com>
+Kitten King <hi@kittenking.me>
+claudiahdz <cghr1990@gmail.com>
+Artem Sapegin <artem@sapegin.ru>
@@ -1,3 +1,52 @@
+## v6.10.3 (2019-08-06):
+
+### BUGFIXES
+
+* [`27cccfbda`](https://github.com/npm/cli/commit/27cccfbdac8526cc807b07f416355949b1372a9b)
+  [#223](https://github.com/npm/cli/pull/223) vulns → vulnerabilities in
+  npm audit output ([@sapegin](https://github.com/sapegin))
+* [`d5e865eb7`](https://github.com/npm/cli/commit/d5e865eb79329665a927cc2767b4395c03045dbb)
+  [#222](https://github.com/npm/cli/pull/222)
+  [#226](https://github.com/npm/cli/pull/226) install, doctor: don't crash
+  if registry unset ([@dmitrydvorkin](https://github.com/dmitrydvorkin),
+  [@isaacs](https://github.com/isaacs))
+* [`5b3890226`](https://github.com/npm/cli/commit/5b389022652abeb0e1c278a152550eb95bc6c452)
+  [#227](https://github.com/npm/cli/pull/227)
+  [npm.community#9167](https://npm.community/t/npm-err-cb-never-called-permission-denied/9167/5)
+  Handle unhandledRejections, tell user what to do when encountering an
+  `EACCES` error in the cache.  ([@isaacs](https://github.com/isaacs))
+
+### DEPENDENCIES
+
+* [`77516df6e`](https://github.com/npm/cli/commit/77516df6eac94a6d7acb5e9ca06feaa0868d779b)
+  `licensee@7.0.3` ([@isaacs](https://github.com/isaacs))
+* [`ceb993590`](https://github.com/npm/cli/commit/ceb993590e4e376a9a78264ce7bb4327fbbb37fe)
+  `query-string@6.8.2` ([@isaacs](https://github.com/isaacs))
+* [`4050b9189`](https://github.com/npm/cli/commit/4050b91898c60e9b22998cf82b70b9b822de592a)
+  `hosted-git-info@2.8.2`
+    * [#46](https://github.com/npm/hosted-git-info/issues/46)
+      [#43](https://github.com/npm/hosted-git-info/issues/43)
+      [#47](https://github.com/npm/hosted-git-info/pull/47)
+      [#44](https://github.com/npm/hosted-git-info/pull/44) Add support for
+      GitLab subgroups ([@mterrel](https://github.com/mterrel),
+      [@isaacs](https://github.com/isaacs),
+      [@ybiquitous](https://github.com/ybiquitous))
+    * [`3b1d629`](https://github.com/npm/hosted-git-info/commit/3b1d629)
+      [#48](https://github.com/npm/hosted-git-info/issues/48) fix http
+      protocol using sshurl by default
+      ([@fengmk2](https://github.com/fengmk2))
+    * [`5d4a8d7`](https://github.com/npm/hosted-git-info/commit/5d4a8d7)
+      ignore noCommittish on tarball url generation
+      ([@isaacs](https://github.com/isaacs))
+    * [`1692435`](https://github.com/npm/hosted-git-info/commit/1692435)
+      use gist tarball url that works for anonymous gists
+      ([@isaacs](https://github.com/isaacs))
+    * [`d5cf830`](https://github.com/npm/hosted-git-info/commit/d5cf8309be7af884032616c63ea302ce49dd321c)
+      Do not allow invalid gist urls ([@isaacs](https://github.com/isaacs))
+    * [`e518222`](https://github.com/npm/hosted-git-info/commit/e5182224351183ce619dd5ef00019ae700ed37b7)
+      Use LRU cache to prevent unbounded memory consumption
+      ([@iarna](https://github.com/iarna))
+
 ## v6.10.2 (2019-07-23):
 
 tl;dr - Fixes several issues with the cache when npm is run as `sudo` on
@@ -28,10 +77,6 @@ Unix systems.
 * [`235e5d6df`](https://github.com/npm/cli/commit/235e5d6df6f427585ec58425f1f3339d08f39d8a)
   ensure correct owner on cached all-packages metadata
   ([@isaacs](https://github.com/isaacs))
-* [`fa6acd2ea`](https://github.com/npm/cli/commit/fa6acd2ea035bf26c04d7885b534d03d5b77e7ba)
-  [npm.community#8450](https://npm.community/t/npm-audit-fails-with-child-requires-fails-because-requires-must-be-an-object/8540)
-  audit: report server error on failure
-  ([@isaacs](https://github.com/isaacs))
 * [`e2d377bb6`](https://github.com/npm/cli/commit/e2d377bb6419d8a3c1d80a73dba46062b4dad336)
   [npm.community#8540](https://npm.community/t/npm-audit-fails-with-child-requires-fails-because-requires-must-be-an-object/8540)
   audit: report server error on failure

@@ -62,6 +62,7 @@
   log.info('using', 'node@%s', process.version)
 
   process.on('uncaughtException', errorHandler)
+  process.on('unhandledRejection', errorHandler)
 
   if (conf.usage && npm.command !== 'help') {
     npm.argv.unshift(npm.command)

@@ -277,7 +277,7 @@ function auditCmd (args, cb) {
               output(`  ${actions.review.size} vulnerabilit${actions.review.size === 1 ? 'y' : 'ies'} required manual review and could not be updated`)
             }
             if (actions.major.size) {
-              output(`  ${actions.major.size} package update${actions.major.size === 1 ? '' : 's'} for ${actions.majorFixes.size} vuln${actions.majorFixes.size === 1 ? '' : 's'} involved breaking changes`)
+              output(`  ${actions.major.size} package update${actions.major.size === 1 ? '' : 's'} for ${actions.majorFixes.size} vulnerabilit${actions.majorFixes.size === 1 ? 'y' : 'ies'} involved breaking changes`)
               if (installMajor) {
                 output('  (installed due to `--force` option)')
               } else {

@@ -87,7 +87,7 @@ function makePretty (p) {
   const cacheStatus = p[8] ? `verified ${p[8].verifiedContent} tarballs` : 'notOk'
   const npmV = npm.version
   const nodeV = process.version.replace('v', '')
-  const registry = npm.config.get('registry')
+  const registry = npm.config.get('registry') || ''
   const list = [
     ['npm ping', ping],
     ['npm -v', 'v' + npmV],

@@ -11,7 +11,7 @@ var moduleName = require('../utils/module-name.js')
 var isOnlyOptional = require('./is-only-optional.js')
 
 // we don't use get-requested because we're operating on files on disk, and
-// we don't want to extropolate from what _should_ be there.
+// we don't want to extrapolate from what _should_ be there.
 function pkgRequested (pkg) {
   return pkg._requested || (pkg._resolved && npa(pkg._resolved)) || (pkg._from && npa(pkg._from))
 }

@@ -74,7 +74,7 @@ function quotemeta (str) {
 }
 
 function tarballToVersion (name, tb) {
-  const registry = quotemeta(npm.config.get('registry'))
+  const registry = quotemeta(npm.config.get('registry') || '')
     .replace(/https?:/, 'https?:')
     .replace(/([^/])$/, '$1/')
   let matchRegTarball

@@ -121,7 +121,7 @@ function shrinkwrapDeps (deps, top, tree, seen) {
       if (isRegistry(requested)) {
         pkginfo.resolved = child.package._resolved
       }
-      // no integrity for git deps as integirty hashes are based on the
+      // no integrity for git deps as integrity hashes are based on the
       // tarball and we can't (yet) create consistent tarballs from a stable
       // source.
       if (requested.type !== 'git') {

@@ -187,11 +187,12 @@ function errorHandler (er) {
   log.verbose('npm ', 'v' + npm.version)
 
   ;[
+    'code',
+    'syscall',
     'file',
     'path',
-    'code',
-    'errno',
-    'syscall'
+    'dest',
+    'errno'
   ].forEach(function (k) {
     var v = er[k]
     if (v) log.error(k, v)

@@ -2,6 +2,7 @@
 var npm = require('../npm.js')
 var util = require('util')
 var nameValidator = require('validate-npm-package-name')
+var npmlog = require('npmlog')
 
 module.exports = errorMessage
 
@@ -33,18 +34,42 @@ function errorMessage (er) {
 
     case 'EACCES':
     case 'EPERM':
-      short.push(['', er])
-      detail.push([
-        '',
-        [
-          '\nThe operation was rejected by your operating system.',
-          (process.platform === 'win32'
-            ? 'It\'s possible that the file was already in use (by a text editor or antivirus),\nor that you lack permissions to access it.'
-            : 'It is likely you do not have the permissions to access this file as the current user'),
-          '\nIf you believe this might be a permissions issue, please double-check the',
-          'permissions of the file and its containing directories, or try running',
-          'the command again as root/Administrator (though this is not recommended).'
-        ].join('\n')])
+      const isCachePath = typeof er.path === 'string' &&
+        er.path.startsWith(npm.config.get('cache'))
+      const isCacheDest = typeof er.dest === 'string' &&
+        er.dest.startsWith(npm.config.get('cache'))
+
+      const isWindows = process.platform === 'win32'
+
+      if (!isWindows && (isCachePath || isCacheDest)) {
+        // user probably doesn't need this, but still add it to the debug log
+        npmlog.verbose(er.stack)
+        short.push([
+          '',
+          [
+            '',
+            'Your cache folder contains root-owned files, due to a bug in',
+            'previous versions of npm which has since been addressed.',
+            '',
+            'To permanently fix this problem, please run:',
+            `  sudo chown -R ${process.getuid()}:${process.getgid()} ${JSON.stringify(npm.config.get('cache'))}`
+          ].join('\n')
+        ])
+      } else {
+        short.push(['', er])
+        detail.push([
+          '',
+          [
+            '\nThe operation was rejected by your operating system.',
+            (process.platform === 'win32'
+              ? 'It\'s possible that the file was already in use (by a text editor or antivirus),\n' +
+                'or that you lack permissions to access it.'
+              : 'It is likely you do not have the permissions to access this file as the current user'),
+            '\nIf you believe this might be a permissions issue, please double-check the',
+            'permissions of the file and its containing directories, or try running',
+            'the command again as root/Administrator.'
+          ].join('\n')])
+      }
       break
 
     case 'ELIFECYCLE':