Skip to content

Commit

Permalink
deps: upgrade npm to 10.5.1
Browse files Browse the repository at this point in the history
PR-URL: #52351
Reviewed-By: Luke Karrys <luke@lukekarrys.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
  • Loading branch information
npm-cli-bot authored and marco-ippolito committed May 2, 2024
1 parent cf738ae commit 24bd695
Show file tree
Hide file tree
Showing 219 changed files with 1,600 additions and 1,081 deletions.
3 changes: 2 additions & 1 deletion deps/npm/bin/npm
Original file line number Diff line number Diff line change
Expand Up @@ -41,8 +41,9 @@ if [ $? -ne 0 ]; then
fi
no_node_dir
fi
NPM_PREFIX_JS="$CLI_BASEDIR/node_modules/npm/bin/npm-prefix.js"
NPM_CLI_JS="$CLI_BASEDIR/node_modules/npm/bin/npm-cli.js"
NPM_PREFIX=`"$NODE_EXE" "$NPM_CLI_JS" prefix -g`
NPM_PREFIX=`"$NODE_EXE" "$NPM_PREFIX_JS"`
if [ $? -ne 0 ]; then
no_node_dir
fi
Expand Down
30 changes: 30 additions & 0 deletions deps/npm/bin/npm-prefix.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
#!/usr/bin/env node
// This is a single-use bin to help windows discover the proper prefix for npm
// without having to load all of npm first
// It does not accept argv params

const path = require('path')
const Config = require('@npmcli/config')
const { definitions, flatten, shorthands } = require('@npmcli/config/lib/definitions')
const config = new Config({
npmPath: path.dirname(__dirname),
// argv is explicitly not looked at since prefix is not something that can be changed via argv
argv: [],
definitions,
flatten,
shorthands,
excludeNpmCwd: false,
})

async function main () {
try {
await config.load()
// eslint-disable-next-line no-console
console.log(config.globalPrefix)
} catch (err) {
// eslint-disable-next-line no-console
console.error(err)
process.exit(1)
}
}
main()
3 changes: 2 additions & 1 deletion deps/npm/bin/npm.cmd
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,9 @@ IF NOT EXIST "%NODE_EXE%" (
SET "NODE_EXE=node"
)

SET "NPM_PREFIX_JS=%~dp0\node_modules\npm\bin\npm-prefix.js"
SET "NPM_CLI_JS=%~dp0\node_modules\npm\bin\npm-cli.js"
FOR /F "delims=" %%F IN ('CALL "%NODE_EXE%" "%NPM_CLI_JS%" prefix -g') DO (
FOR /F "delims=" %%F IN ('CALL "%NODE_EXE%" "%NPM_PREFIX_JS%"') DO (
SET "NPM_PREFIX_NPM_CLI_JS=%%F\node_modules\npm\bin\npm-cli.js"
)
IF EXIST "%NPM_PREFIX_NPM_CLI_JS%" (
Expand Down
4 changes: 2 additions & 2 deletions deps/npm/bin/npm.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,8 @@ if ($nodebin -eq $null) {
}
$nodedir = $(New-Object -ComObject Scripting.FileSystemObject).GetFile("$nodebin").ParentFolder.Path

$npmclijs="$nodedir/node_modules/npm/bin/npm-cli.js"
$npmprefix=(& $nodeexe $npmclijs prefix -g)
$npmprefixjs="$nodedir/node_modules/npm/bin/npm-prefix.js"
$npmprefix=(& $nodeexe $npmprefixjs)
if ($LASTEXITCODE -ne 0) {
Write-Host "Could not determine Node.js install directory"
exit 1
Expand Down
4 changes: 2 additions & 2 deletions deps/npm/bin/npx
Original file line number Diff line number Diff line change
Expand Up @@ -41,9 +41,9 @@ if [ $? -ne 0 ]; then
fi
no_node_dir
fi
NPM_CLI_JS="$CLI_BASEDIR/node_modules/npm/bin/npm-cli.js"
NPM_PREFIX_JS="$CLI_BASEDIR/node_modules/npm/bin/npm-prefix.js"
NPX_CLI_JS="$CLI_BASEDIR/node_modules/npm/bin/npx-cli.js"
NPM_PREFIX=`"$NODE_EXE" "$NPM_CLI_JS" prefix -g`
NPM_PREFIX=`"$NODE_EXE" "$NPM_PREFIX_JS"`
if [ $? -ne 0 ]; then
no_node_dir
fi
Expand Down
4 changes: 2 additions & 2 deletions deps/npm/bin/npx.cmd
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,9 @@ IF NOT EXIST "%NODE_EXE%" (
SET "NODE_EXE=node"
)

SET "NPM_CLI_JS=%~dp0\node_modules\npm\bin\npm-cli.js"
SET "NPM_PREFIX_JS=%~dp0\node_modules\npm\bin\npm-prefix.js"
SET "NPX_CLI_JS=%~dp0\node_modules\npm\bin\npx-cli.js"
FOR /F "delims=" %%F IN ('CALL "%NODE_EXE%" "%NPM_CLI_JS%" prefix -g') DO (
FOR /F "delims=" %%F IN ('CALL "%NODE_EXE%" "%NPM_PREFIX_JS%"') DO (
SET "NPM_PREFIX_NPX_CLI_JS=%%F\node_modules\npm\bin\npx-cli.js"
)
IF EXIST "%NPM_PREFIX_NPX_CLI_JS%" (
Expand Down
4 changes: 2 additions & 2 deletions deps/npm/bin/npx.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,8 @@ if ($nodebin -eq $null) {
}
$nodedir = $(New-Object -ComObject Scripting.FileSystemObject).GetFile("$nodebin").ParentFolder.Path

$npmclijs="$nodedir/node_modules/npm/bin/npm-cli.js"
$npmprefix=(& $nodeexe $npmclijs prefix -g)
$npmprefixjs="$nodedir/node_modules/npm/bin/npm-prefix.js"
$npmprefix=(& $nodeexe $npmprefixjs)
if ($LASTEXITCODE -ne 0) {
Write-Host "Could not determine Node.js install directory"
exit 1
Expand Down
9 changes: 8 additions & 1 deletion deps/npm/docs/content/commands/npm-audit.md
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,13 @@ Registry signatures can be verified using the following `audit` command:
$ npm audit signatures
```

The `audit signatures` command will also verify the provenance attestations of
downloaded packages. Because provenance attestations are such a new feature,
security features may be added to (or changed in) the attestation format over
time. To ensure that you're always able to verify attestation signatures check
that you're running the latest version of the npm CLI. Please note this often
means updating npm beyond the version that ships with Node.js.

The npm CLI supports registry signatures and signing keys provided by any registry if the following conventions are followed:

1. Signatures are provided in the package's `packument` in each published version within the `dist` object:
Expand Down Expand Up @@ -89,7 +96,7 @@ Keys response:
- `scheme`: only `ecdsa-sha2-nistp256` is currently supported by the npm CLI
- `key`: base64 encoded public key

See this [example key's response from the public npm registry](https://registry.npmjs.org/-/npm/v1/keys").
See this [example key's response from the public npm registry](https://registry.npmjs.org/-/npm/v1/keys).

### Audit Endpoints

Expand Down
2 changes: 1 addition & 1 deletion deps/npm/docs/content/commands/npm-ls.md
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ packages will *also* show the paths to the specified packages. For
example, running `npm ls promzard` in npm's source tree will show:

```bash
npm@10.5.0 /path/to/npm
npm@10.5.1 /path/to/npm
└─┬ init-package-json@0.0.4
└── promzard@0.1.5
```
Expand Down
10 changes: 10 additions & 0 deletions deps/npm/docs/content/commands/npm-search.md
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,16 @@ Show the description in `npm search`



#### `searchlimit`

* Default: 20
* Type: Number

Number of items to limit search results to. Will not apply at all to legacy
searches.



#### `searchopts`

* Default: ""
Expand Down
2 changes: 1 addition & 1 deletion deps/npm/docs/content/commands/npm.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ Note: This command is unaware of workspaces.

### Version

10.5.0
10.5.1

### Description

Expand Down
20 changes: 10 additions & 10 deletions deps/npm/docs/content/configuring-npm/package-json.md
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ Some tips:
* Don't use the same name as a core Node module.
* Don't put "js" or "node" in the name. It's assumed that it's js, since
you're writing a package.json file, and you can specify the engine using
the "engines" field. (See below.)
the "[engines](#engines)" field. (See below.)
* The name will probably be passed as an argument to require(), so it
should be something short, but also reasonably descriptive.
* You may want to check the npm registry to see if there's something by
Expand Down Expand Up @@ -75,7 +75,7 @@ your package as it's listed in `npm search`.

### homepage

The url to the project homepage.
The URL to the project homepage.

Example:

Expand All @@ -85,7 +85,7 @@ Example:

### bugs

The url to your project's issue tracker and / or the email address to which
The URL to your project's issue tracker and / or the email address to which
issues should be reported. These are helpful for people who encounter
issues with your package.

Expand All @@ -101,10 +101,10 @@ It should look like this:
```

You can specify either one or both values. If you want to provide only a
url, you can specify the value for "bugs" as a simple string instead of an
URL, you can specify the value for "bugs" as a simple string instead of an
object.

If a url is provided, it will be used by the `npm bugs` command.
If a URL is provided, it will be used by the `npm bugs` command.

### license

Expand Down Expand Up @@ -511,9 +511,9 @@ Do it like this:
}
```

The URL should be a publicly available (perhaps read-only) url that can be
The URL should be a publicly available (perhaps read-only) URL that can be
handed directly to a VCS program without any modification. It should not
be a url to an html project page that you put in your browser. It's for
be a URL to an html project page that you put in your browser. It's for
computers.

For GitHub, GitHub gist, Bitbucket, or GitLab repositories you can use the
Expand Down Expand Up @@ -636,7 +636,7 @@ install time.

#### Git URLs as Dependencies

Git urls are of the form:
Git URLs are of the form:

```bash
<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>[#<commit-ish> | #semver:<semver>]
Expand Down Expand Up @@ -683,7 +683,7 @@ will be rebuilt for every installation.

#### GitHub URLs

As of version 1.1.65, you can refer to GitHub urls as just "foo":
As of version 1.1.65, you can refer to GitHub URLs as just "foo":
"user/foo-project". Just as with git URLs, a `commit-ish` suffix can be
included. For example:

Expand Down Expand Up @@ -889,7 +889,7 @@ none.
If a dependency can be used, but you would like npm to proceed if it cannot
be found or fails to install, then you may put it in the
`optionalDependencies` object. This is a map of package name to version or
url, just like the `dependencies` object. The difference is that build
URL, just like the `dependencies` object. The difference is that build
failures do not cause installation to fail. Running `npm install
--omit=optional` will prevent these dependencies from being installed.

Expand Down
8 changes: 7 additions & 1 deletion deps/npm/docs/output/commands/npm-audit.html
Original file line number Diff line number Diff line change
Expand Up @@ -174,6 +174,12 @@ <h3 id="audit-signatures">Audit Signatures</h3>
<p>Registry signatures can be verified using the following <code>audit</code> command:</p>
<pre><code class="language-bash">$ npm audit signatures
</code></pre>
<p>The <code>audit signatures</code> command will also verify the provenance attestations of
downloaded packages. Because provenance attestations are such a new feature,
security features may be added to (or changed in) the attestation format over
time. To ensure that you're always able to verify attestation signatures check
that you're running the latest version of the npm CLI. Please note this often
means updating npm beyond the version that ships with Node.js.</p>
<p>The npm CLI supports registry signatures and signing keys provided by any registry if the following conventions are followed:</p>
<ol>
<li>Signatures are provided in the package's <code>packument</code> in each published version within the <code>dist</code> object:</li>
Expand Down Expand Up @@ -209,7 +215,7 @@ <h3 id="audit-signatures">Audit Signatures</h3>
<li><code>scheme</code>: only <code>ecdsa-sha2-nistp256</code> is currently supported by the npm CLI</li>
<li><code>key</code>: base64 encoded public key</li>
</ul>
<p>See this <a href="https://registry.npmjs.org/-/npm/v1/keys%22">example key's response from the public npm registry</a>.</p>
<p>See this <a href="https://registry.npmjs.org/-/npm/v1/keys">example key's response from the public npm registry</a>.</p>
<h3 id="audit-endpoints">Audit Endpoints</h3>
<p>There are two audit endpoints that npm may use to fetch vulnerability
information: the <code>Bulk Advisory</code> endpoint and the <code>Quick Audit</code> endpoint.</p>
Expand Down
2 changes: 1 addition & 1 deletion deps/npm/docs/output/commands/npm-ls.html
Original file line number Diff line number Diff line change
Expand Up @@ -160,7 +160,7 @@ <h3 id="description">Description</h3>
the results to only the paths to the packages named. Note that nested
packages will <em>also</em> show the paths to the specified packages. For
example, running <code>npm ls promzard</code> in npm's source tree will show:</p>
<pre><code class="language-bash">npm@10.5.0 /path/to/npm
<pre><code class="language-bash">npm@10.5.1 /path/to/npm
└─┬ init-package-json@0.0.4
└── promzard@0.1.5
</code></pre>
Expand Down
9 changes: 8 additions & 1 deletion deps/npm/docs/output/commands/npm-search.html
Original file line number Diff line number Diff line change
Expand Up @@ -142,7 +142,7 @@ <h1 id="npm-search">npm-search</h1>

<section id="table_of_contents">
<h2 id="table-of-contents">Table of contents</h2>
<div id="_table_of_contents"><ul><li><a href="#synopsis">Synopsis</a></li><li><a href="#description">Description</a></li><li><a href="#configuration">Configuration</a></li><ul><li><a href="#long"><code>long</code></a></li><li><a href="#json"><code>json</code></a></li><li><a href="#color"><code>color</code></a></li><li><a href="#parseable"><code>parseable</code></a></li><li><a href="#description2"><code>description</code></a></li><li><a href="#searchopts"><code>searchopts</code></a></li><li><a href="#searchexclude"><code>searchexclude</code></a></li><li><a href="#registry"><code>registry</code></a></li><li><a href="#prefer-online"><code>prefer-online</code></a></li><li><a href="#prefer-offline"><code>prefer-offline</code></a></li><li><a href="#offline"><code>offline</code></a></li></ul><li><a href="#see-also">See Also</a></li></ul></div>
<div id="_table_of_contents"><ul><li><a href="#synopsis">Synopsis</a></li><li><a href="#description">Description</a></li><li><a href="#configuration">Configuration</a></li><ul><li><a href="#long"><code>long</code></a></li><li><a href="#json"><code>json</code></a></li><li><a href="#color"><code>color</code></a></li><li><a href="#parseable"><code>parseable</code></a></li><li><a href="#description2"><code>description</code></a></li><li><a href="#searchlimit"><code>searchlimit</code></a></li><li><a href="#searchopts"><code>searchopts</code></a></li><li><a href="#searchexclude"><code>searchexclude</code></a></li><li><a href="#registry"><code>registry</code></a></li><li><a href="#prefer-online"><code>prefer-online</code></a></li><li><a href="#prefer-offline"><code>prefer-offline</code></a></li><li><a href="#offline"><code>offline</code></a></li></ul><li><a href="#see-also">See Also</a></li></ul></div>
</section>

<div id="_content"><h3 id="synopsis">Synopsis</h3>
Expand Down Expand Up @@ -207,6 +207,13 @@ <h4 id="description2"><code>description</code></h4>
<li>Type: Boolean</li>
</ul>
<p>Show the description in <code>npm search</code></p>
<h4 id="searchlimit"><code>searchlimit</code></h4>
<ul>
<li>Default: 20</li>
<li>Type: Number</li>
</ul>
<p>Number of items to limit search results to. Will not apply at all to legacy
searches.</p>
<h4 id="searchopts"><code>searchopts</code></h4>
<ul>
<li>Default: ""</li>
Expand Down
2 changes: 1 addition & 1 deletion deps/npm/docs/output/commands/npm.html
Original file line number Diff line number Diff line change
Expand Up @@ -150,7 +150,7 @@ <h2 id="table-of-contents">Table of contents</h2>
</code></pre>
<p>Note: This command is unaware of workspaces.</p>
<h3 id="version">Version</h3>
<p>10.5.0</p>
<p>10.5.1</p>
<h3 id="description">Description</h3>
<p>npm is the package manager for the Node JavaScript platform. It puts
modules in place so that node can find them, and manages dependency
Expand Down
20 changes: 10 additions & 10 deletions deps/npm/docs/output/configuring-npm/package-json.html
Original file line number Diff line number Diff line change
Expand Up @@ -175,7 +175,7 @@ <h3 id="name">name</h3>
<li>Don't use the same name as a core Node module.</li>
<li>Don't put "js" or "node" in the name. It's assumed that it's js, since
you're writing a package.json file, and you can specify the engine using
the "engines" field. (See below.)</li>
the "<a href="#engines">engines</a>" field. (See below.)</li>
<li>The name will probably be passed as an argument to require(), so it
should be something short, but also reasonably descriptive.</li>
<li>You may want to check the npm registry to see if there's something by
Expand All @@ -201,12 +201,12 @@ <h3 id="keywords">keywords</h3>
<p>Put keywords in it. It's an array of strings. This helps people discover
your package as it's listed in <code>npm search</code>.</p>
<h3 id="homepage">homepage</h3>
<p>The url to the project homepage.</p>
<p>The URL to the project homepage.</p>
<p>Example:</p>
<pre><code class="language-json">"homepage": "https://github.com/owner/project#readme"
</code></pre>
<h3 id="bugs">bugs</h3>
<p>The url to your project's issue tracker and / or the email address to which
<p>The URL to your project's issue tracker and / or the email address to which
issues should be reported. These are helpful for people who encounter
issues with your package.</p>
<p>It should look like this:</p>
Expand All @@ -218,9 +218,9 @@ <h3 id="bugs">bugs</h3>
}
</code></pre>
<p>You can specify either one or both values. If you want to provide only a
url, you can specify the value for "bugs" as a simple string instead of an
URL, you can specify the value for "bugs" as a simple string instead of an
object.</p>
<p>If a url is provided, it will be used by the <code>npm bugs</code> command.</p>
<p>If a URL is provided, it will be used by the <code>npm bugs</code> command.</p>
<h3 id="license">license</h3>
<p>You should specify a license for your package so that people know how they
are permitted to use it, and any restrictions you're placing on it.</p>
Expand Down Expand Up @@ -531,9 +531,9 @@ <h3 id="repository">repository</h3>
}
}
</code></pre>
<p>The URL should be a publicly available (perhaps read-only) url that can be
<p>The URL should be a publicly available (perhaps read-only) URL that can be
handed directly to a VCS program without any modification. It should not
be a url to an html project page that you put in your browser. It's for
be a URL to an html project page that you put in your browser. It's for
computers.</p>
<p>For GitHub, GitHub gist, Bitbucket, or GitLab repositories you can use the
same shortcut syntax you use for <code>npm install</code>:</p>
Expand Down Expand Up @@ -630,7 +630,7 @@ <h4 id="urls-as-dependencies">URLs as Dependencies</h4>
<p>This tarball will be downloaded and installed locally to your package at
install time.</p>
<h4 id="git-urls-as-dependencies">Git URLs as Dependencies</h4>
<p>Git urls are of the form:</p>
<p>Git URLs are of the form:</p>
<pre><code class="language-bash">&lt;protocol&gt;://[&lt;user&gt;[:&lt;password&gt;]@]&lt;hostname&gt;[:&lt;port&gt;][:][/]&lt;path&gt;[#&lt;commit-ish&gt; | #semver:&lt;semver&gt;]
</code></pre>
<p><code>&lt;protocol&gt;</code> is one of <code>git</code>, <code>git+ssh</code>, <code>git+http</code>, <code>git+https</code>, or
Expand Down Expand Up @@ -666,7 +666,7 @@ <h4 id="git-urls-as-dependencies">Git URLs as Dependencies</h4>
make sure that none of the above scripts are defined, or your dependency
will be rebuilt for every installation.</p>
<h4 id="github-urls">GitHub URLs</h4>
<p>As of version 1.1.65, you can refer to GitHub urls as just "foo":
<p>As of version 1.1.65, you can refer to GitHub URLs as just "foo":
"user/foo-project". Just as with git URLs, a <code>commit-ish</code> suffix can be
included. For example:</p>
<pre><code class="language-json">{
Expand Down Expand Up @@ -820,7 +820,7 @@ <h3 id="optionaldependencies">optionalDependencies</h3>
<p>If a dependency can be used, but you would like npm to proceed if it cannot
be found or fails to install, then you may put it in the
<code>optionalDependencies</code> object. This is a map of package name to version or
url, just like the <code>dependencies</code> object. The difference is that build
URL, just like the <code>dependencies</code> object. The difference is that build
failures do not cause installation to fail. Running <code>npm install --omit=optional</code> will prevent these dependencies from being installed.</p>
<p>It is still your program's responsibility to handle the lack of the
dependency. For example, something like this:</p>
Expand Down
2 changes: 1 addition & 1 deletion deps/npm/lib/commands/adduser.js
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
const log = require('../utils/log-shim.js')
const replaceInfo = require('../utils/replace-info.js')
const { redactLog: replaceInfo } = require('@npmcli/redact')
const auth = require('../utils/auth.js')

const BaseCommand = require('../base-command.js')
Expand Down
Loading

0 comments on commit 24bd695

Please sign in to comment.