From 4b174ce7f6f585f9d868cd06a87ed5b107af8157 Mon Sep 17 00:00:00 2001 From: npm team Date: Thu, 20 Jan 2022 22:08:53 +0000 Subject: [PATCH] deps: upgrade npm to 8.3.2 PR-URL: https://github.com/nodejs/node/pull/41621 Reviewed-By: Ruy Adorno Reviewed-By: Rich Trott Reviewed-By: Colin Ihrig Reviewed-By: Luigi Pinca Reviewed-By: Mohammed Keyvanzadeh Reviewed-By: Richard Lau --- deps/npm/docs/content/commands/npm-dedupe.md | 6 + deps/npm/docs/content/commands/npm-update.md | 6 + deps/npm/docs/content/using-npm/config.md | 9 +- deps/npm/docs/output/commands/npm-dedupe.html | 5 + deps/npm/docs/output/commands/npm-ls.html | 2 +- deps/npm/docs/output/commands/npm-update.html | 5 + deps/npm/docs/output/commands/npm.html | 2 +- deps/npm/docs/output/using-npm/config.html | 8 +- deps/npm/lib/base-command.js | 8 ++ deps/npm/lib/commands/dedupe.js | 8 ++ deps/npm/lib/commands/update.js | 15 ++- deps/npm/lib/utils/config/definitions.js | 8 +- deps/npm/lib/workspaces/get-workspaces.js | 6 +- deps/npm/man/man1/npm-dedupe.1 | 6 + deps/npm/man/man1/npm-ls.1 | 2 +- deps/npm/man/man1/npm-update.1 | 6 + deps/npm/man/man1/npm.1 | 2 +- deps/npm/man/man7/config.7 | 9 +- .../arborist/lib/arborist/build-ideal-tree.js | 13 ++- .../@npmcli/arborist/lib/arborist/reify.js | 106 ++++++++++++++---- .../@npmcli/arborist/lib/shrinkwrap.js | 22 ++-- .../@npmcli/arborist/package.json | 4 +- .../node_modules/bin-links/lib/bin-target.js | 8 +- .../node_modules/bin-links/lib/check-bin.js | 47 ++++---- .../node_modules/bin-links/lib/check-bins.js | 8 +- .../bin-links/lib/get-node-modules.js | 5 +- .../node_modules/bin-links/lib/get-paths.js | 17 +-- .../node_modules/bin-links/lib/get-prefix.js | 2 +- .../node_modules/bin-links/{ => lib}/index.js | 19 ++-- .../node_modules/bin-links/lib/link-bin.js | 4 +- .../node_modules/bin-links/lib/link-bins.js | 9 +- .../node_modules/bin-links/lib/link-gently.js | 47 +++++--- .../node_modules/bin-links/lib/link-mans.js | 9 +- .../node_modules/bin-links/lib/man-target.js | 4 +- .../node_modules/bin-links/lib/shim-bin.js | 42 +++---- deps/npm/node_modules/bin-links/package.json | 28 +++-- deps/npm/node_modules/libnpmexec/package.json | 2 +- .../typedarray-to-buffer/.airtap.yml | 15 --- .../typedarray-to-buffer/index.js | 19 +--- .../typedarray-to-buffer/package.json | 28 +++-- .../typedarray-to-buffer/test/basic.js | 50 --------- .../write-file-atomic/{LICENSE => LICENSE.md} | 1 - .../write-file-atomic/{ => lib}/index.js | 19 +++- .../write-file-atomic/package.json | 36 +++--- deps/npm/package.json | 6 +- .../test/lib/load-all-commands.js.test.cjs | 7 +- .../lib/utils/config/definitions.js.test.cjs | 9 +- .../lib/utils/config/describe-all.js.test.cjs | 9 +- .../test/lib/utils/npm-usage.js.test.cjs | 7 +- deps/npm/test/fixtures/mock-npm.js | 2 + deps/npm/test/lib/arborist-cmd.js | 2 +- deps/npm/test/lib/commands/dedupe.js | 4 +- deps/npm/test/lib/commands/update.js | 15 ++- 53 files changed, 450 insertions(+), 288 deletions(-) rename deps/npm/node_modules/bin-links/{ => lib}/index.js (70%) delete mode 100644 deps/npm/node_modules/typedarray-to-buffer/.airtap.yml delete mode 100644 deps/npm/node_modules/typedarray-to-buffer/test/basic.js rename deps/npm/node_modules/write-file-atomic/{LICENSE => LICENSE.md} (99%) rename deps/npm/node_modules/write-file-atomic/{ => lib}/index.js (94%) diff --git a/deps/npm/docs/content/commands/npm-dedupe.md b/deps/npm/docs/content/commands/npm-dedupe.md index 377e17d814a6f6..53d2e64272a67b 100644 --- a/deps/npm/docs/content/commands/npm-dedupe.md +++ b/deps/npm/docs/content/commands/npm-dedupe.md @@ -72,6 +72,12 @@ result in new modules being installed. Using `npm find-dupes` will run the command in `--dry-run` mode. +Note that by default `npm dedupe` will not update the semver values of direct +dependencies in your project `package.json`, if you want to also update +values in `package.json` you can run: `npm dedupe --save` (or add the +`save=true` option to a [configuration file](/configuring-npm/npmrc) +to make that the default behavior). + ### Configuration diff --git a/deps/npm/docs/content/commands/npm-update.md b/deps/npm/docs/content/commands/npm-update.md index ad02118e4687f1..1889d60569fe5c 100644 --- a/deps/npm/docs/content/commands/npm-update.md +++ b/deps/npm/docs/content/commands/npm-update.md @@ -27,6 +27,12 @@ packages. If no package name is specified, all packages in the specified location (global or local) will be updated. +Note that by default `npm update` will not update the semver values of direct +dependencies in your project `package.json`, if you want to also update +values in `package.json` you can run: `npm update --save` (or add the +`save=true` option to a [configuration file](/configuring-npm/npmrc) +to make that the default behavior). + ### Example For the examples below, assume that the current package is `app` and it depends diff --git a/deps/npm/docs/content/using-npm/config.md b/deps/npm/docs/content/using-npm/config.md index fe197e344dbc08..83a385e08344f5 100644 --- a/deps/npm/docs/content/using-npm/config.md +++ b/deps/npm/docs/content/using-npm/config.md @@ -1326,13 +1326,16 @@ The base URL of the npm registry. #### `save` -* Default: true +* Default: `true` unless when using `npm update` or `npm dedupe` where it + defaults to `false` * Type: Boolean -Save installed packages to a package.json file as dependencies. +Save installed packages to a `package.json` file as dependencies. When used with the `npm rm` command, removes the dependency from -package.json. +`package.json`. + +Will also prevent writing to `package-lock.json` if set to `false`. diff --git a/deps/npm/docs/output/commands/npm-dedupe.html b/deps/npm/docs/output/commands/npm-dedupe.html index ea811c28e94cb1..a31af824b2061f 100644 --- a/deps/npm/docs/output/commands/npm-dedupe.html +++ b/deps/npm/docs/output/commands/npm-dedupe.html @@ -192,6 +192,11 @@

Description

Note that this operation transforms the dependency tree, but will never result in new modules being installed.

Using npm find-dupes will run the command in --dry-run mode.

+

Note that by default npm dedupe will not update the semver values of direct +dependencies in your project package.json, if you want to also update +values in package.json you can run: npm dedupe --save (or add the +save=true option to a configuration file +to make that the default behavior).

Configuration

diff --git a/deps/npm/docs/output/commands/npm-ls.html b/deps/npm/docs/output/commands/npm-ls.html index 3ad752bcac4c97..341a3fee9da0e6 100644 --- a/deps/npm/docs/output/commands/npm-ls.html +++ b/deps/npm/docs/output/commands/npm-ls.html @@ -160,7 +160,7 @@

Description

the results to only the paths to the packages named. Note that nested packages will also show the paths to the specified packages. For example, running npm ls promzard in npm's source tree will show:

-
npm@8.3.1 /path/to/npm
+
npm@8.3.2 /path/to/npm
 └─┬ init-package-json@0.0.4
   └── promzard@0.1.5
 
diff --git a/deps/npm/docs/output/commands/npm-update.html b/deps/npm/docs/output/commands/npm-update.html index 065feee3eb382b..6185df91e8d127 100644 --- a/deps/npm/docs/output/commands/npm-update.html +++ b/deps/npm/docs/output/commands/npm-update.html @@ -160,6 +160,11 @@

Description

packages.

If no package name is specified, all packages in the specified location (global or local) will be updated.

+

Note that by default npm update will not update the semver values of direct +dependencies in your project package.json, if you want to also update +values in package.json you can run: npm update --save (or add the +save=true option to a configuration file +to make that the default behavior).

Example

For the examples below, assume that the current package is app and it depends on dependencies, dep1 (dep2, .. etc.). The published versions of dep1 diff --git a/deps/npm/docs/output/commands/npm.html b/deps/npm/docs/output/commands/npm.html index 044d90faec666b..ab49c472ab6075 100644 --- a/deps/npm/docs/output/commands/npm.html +++ b/deps/npm/docs/output/commands/npm.html @@ -149,7 +149,7 @@

Table of contents

npm <command> [args]
 

Version

-

8.3.1

+

8.3.2

Description

npm is the package manager for the Node JavaScript platform. It puts modules in place so that node can find them, and manages dependency diff --git a/deps/npm/docs/output/using-npm/config.html b/deps/npm/docs/output/using-npm/config.html index f3db847b48abf1..b96eecd3902657 100644 --- a/deps/npm/docs/output/using-npm/config.html +++ b/deps/npm/docs/output/using-npm/config.html @@ -1210,12 +1210,14 @@

registry

save

    -
  • Default: true
  • +
  • Default: true unless when using npm update or npm dedupe where it +defaults to false
  • Type: Boolean
-

Save installed packages to a package.json file as dependencies.

+

Save installed packages to a package.json file as dependencies.

When used with the npm rm command, removes the dependency from -package.json.

+package.json.

+

Will also prevent writing to package-lock.json if set to false.

save-bundle

diff --git a/deps/npm/lib/base-command.js b/deps/npm/lib/base-command.js index ad261b5148bd29..f67f99f36367c1 100644 --- a/deps/npm/lib/base-command.js +++ b/deps/npm/lib/base-command.js @@ -1,4 +1,7 @@ // Base class for npm commands + +const { relative } = require('path') + const usageUtil = require('./utils/usage.js') const ConfigDefinitions = require('./utils/config/definitions.js') const getWorkspaces = require('./workspaces/get-workspaces.js') @@ -78,9 +81,14 @@ class BaseCommand { this.includeWorkspaceRoot = false } + const relativeFrom = relative(this.npm.localPrefix, process.cwd()).startsWith('..') + ? this.npm.localPrefix + : process.cwd() + const ws = await getWorkspaces(filters, { path: this.npm.localPrefix, includeWorkspaceRoot: this.includeWorkspaceRoot, + relativeFrom, }) this.workspaces = ws this.workspaceNames = [...ws.keys()] diff --git a/deps/npm/lib/commands/dedupe.js b/deps/npm/lib/commands/dedupe.js index cc4b119d09d2ab..1c270249adb3fb 100644 --- a/deps/npm/lib/commands/dedupe.js +++ b/deps/npm/lib/commands/dedupe.js @@ -13,6 +13,7 @@ class Dedupe extends ArboristWorkspaceCmd { 'legacy-bundling', 'strict-peer-deps', 'package-lock', + 'save', 'omit', 'ignore-scripts', 'audit', @@ -29,6 +30,12 @@ class Dedupe extends ArboristWorkspaceCmd { throw er } + // In the context of `npm dedupe` the save + // config value should default to `false` + const save = this.npm.config.isDefault('save') + ? false + : this.npm.config.get('save') + const dryRun = this.npm.config.get('dry-run') const where = this.npm.prefix const opts = { @@ -36,6 +43,7 @@ class Dedupe extends ArboristWorkspaceCmd { log, path: where, dryRun, + save, workspaces: this.workspaceNames, } const arb = new Arborist(opts) diff --git a/deps/npm/lib/commands/update.js b/deps/npm/lib/commands/update.js index a8bbc4c969251d..c55d7cf575d88e 100644 --- a/deps/npm/lib/commands/update.js +++ b/deps/npm/lib/commands/update.js @@ -16,6 +16,7 @@ class Update extends ArboristWorkspaceCmd { 'legacy-bundling', 'strict-peer-deps', 'package-lock', + 'save', 'omit', 'ignore-scripts', 'audit', @@ -40,19 +41,27 @@ class Update extends ArboristWorkspaceCmd { ? global : this.npm.prefix + // In the context of `npm update` the save + // config value should default to `false` + const save = this.npm.config.isDefault('save') + ? false + : this.npm.config.get('save') + if (this.npm.config.get('depth')) { log.warn('update', 'The --depth option no longer has any effect. See RFC0019.\n' + 'https://github.com/npm/rfcs/blob/latest/implemented/0019-remove-update-depth-option.md') } - const arb = new Arborist({ + const opts = { ...this.npm.flatOptions, log, path: where, + save, workspaces: this.workspaceNames, - }) + } + const arb = new Arborist(opts) - await arb.reify({ update }) + await arb.reify({ ...opts, update }) await reifyFinish(this.npm, arb) } } diff --git a/deps/npm/lib/utils/config/definitions.js b/deps/npm/lib/utils/config/definitions.js index ac8a4e2f6749d5..95d79f0f053253 100644 --- a/deps/npm/lib/utils/config/definitions.js +++ b/deps/npm/lib/utils/config/definitions.js @@ -1583,14 +1583,18 @@ define('registry', { define('save', { default: true, + defaultDescription: `\`true\` unless when using \`npm update\` or + \`npm dedupe\` where it defaults to \`false\``, usage: '-S|--save|--no-save|--save-prod|--save-dev|--save-optional|--save-peer', type: Boolean, short: 'S', description: ` - Save installed packages to a package.json file as dependencies. + Save installed packages to a \`package.json\` file as dependencies. When used with the \`npm rm\` command, removes the dependency from - package.json. + \`package.json\`. + + Will also prevent writing to \`package-lock.json\` if set to \`false\`. `, flatten, }) diff --git a/deps/npm/lib/workspaces/get-workspaces.js b/deps/npm/lib/workspaces/get-workspaces.js index a59b5a6c54b70d..0cddae2a462f11 100644 --- a/deps/npm/lib/workspaces/get-workspaces.js +++ b/deps/npm/lib/workspaces/get-workspaces.js @@ -5,7 +5,7 @@ const rpj = require('read-package-json-fast') // Returns an Map of paths to workspaces indexed by workspace name // { foo => '/path/to/foo' } -const getWorkspaces = async (filters, { path, includeWorkspaceRoot }) => { +const getWorkspaces = async (filters, { path, includeWorkspaceRoot, relativeFrom }) => { // TODO we need a better error to be bubbled up here if this rpj call fails const pkg = await rpj(resolve(path, 'package.json')) const workspaces = await mapWorkspaces({ cwd: path, pkg }) @@ -21,8 +21,8 @@ const getWorkspaces = async (filters, { path, includeWorkspaceRoot }) => { for (const filterArg of filters) { for (const [workspaceName, workspacePath] of workspaces.entries()) { if (filterArg === workspaceName - || resolve(path, filterArg) === workspacePath - || minimatch(workspacePath, `${resolve(path, filterArg)}/*`)) { + || resolve(relativeFrom || path, filterArg) === workspacePath + || minimatch(workspacePath, `${resolve(relativeFrom || path, filterArg)}/*`)) { res.set(workspaceName, workspacePath) } } diff --git a/deps/npm/man/man1/npm-dedupe.1 b/deps/npm/man/man1/npm-dedupe.1 index 959b3ffb6d0272..cf2734ac96a6e2 100644 --- a/deps/npm/man/man1/npm-dedupe.1 +++ b/deps/npm/man/man1/npm-dedupe.1 @@ -75,6 +75,12 @@ Note that this operation transforms the dependency tree, but will never result in new modules being installed\. .P Using \fBnpm find\-dupes\fP will run the command in \fB\-\-dry\-run\fP mode\. +.P +Note that by default \fBnpm dedupe\fP will not update the semver values of direct +dependencies in your project \fBpackage\.json\fP, if you want to also update +values in \fBpackage\.json\fP you can run: \fBnpm dedupe \-\-save\fP (or add the +\fBsave=true\fP option to a npm help configuration file +to make that the default behavior)\. .SS Configuration diff --git a/deps/npm/man/man1/npm-ls.1 b/deps/npm/man/man1/npm-ls.1 index 2b0338e3f30867..038eb5e72ddd03 100644 --- a/deps/npm/man/man1/npm-ls.1 +++ b/deps/npm/man/man1/npm-ls.1 @@ -26,7 +26,7 @@ example, running \fBnpm ls promzard\fP in npm's source tree will show: .P .RS 2 .nf -npm@8\.3\.1 /path/to/npm +npm@8\.3\.2 /path/to/npm └─┬ init\-package\-json@0\.0\.4 └── promzard@0\.1\.5 .fi diff --git a/deps/npm/man/man1/npm-update.1 b/deps/npm/man/man1/npm-update.1 index b5afea48f73c6d..f4c4adf45f7f22 100644 --- a/deps/npm/man/man1/npm-update.1 +++ b/deps/npm/man/man1/npm-update.1 @@ -24,6 +24,12 @@ packages\. .P If no package name is specified, all packages in the specified location (global or local) will be updated\. +.P +Note that by default \fBnpm update\fP will not update the semver values of direct +dependencies in your project \fBpackage\.json\fP, if you want to also update +values in \fBpackage\.json\fP you can run: \fBnpm update \-\-save\fP (or add the +\fBsave=true\fP option to a npm help configuration file +to make that the default behavior)\. .SS Example .P For the examples below, assume that the current package is \fBapp\fP and it depends diff --git a/deps/npm/man/man1/npm.1 b/deps/npm/man/man1/npm.1 index 875c883fcf060e..bdb9becfe23402 100644 --- a/deps/npm/man/man1/npm.1 +++ b/deps/npm/man/man1/npm.1 @@ -10,7 +10,7 @@ npm [args] .RE .SS Version .P -8\.3\.1 +8\.3\.2 .SS Description .P npm is the package manager for the Node JavaScript platform\. It puts diff --git a/deps/npm/man/man7/config.7 b/deps/npm/man/man7/config.7 index 2e05f320075441..0e9cbcb1f2a4b2 100644 --- a/deps/npm/man/man7/config.7 +++ b/deps/npm/man/man7/config.7 @@ -1673,16 +1673,19 @@ The base URL of the npm registry\. .SS \fBsave\fP .RS 0 .IP \(bu 2 -Default: true +Default: \fBtrue\fP unless when using \fBnpm update\fP or \fBnpm dedupe\fP where it +defaults to \fBfalse\fP .IP \(bu 2 Type: Boolean .RE .P -Save installed packages to a package\.json file as dependencies\. +Save installed packages to a \fBpackage\.json\fP file as dependencies\. .P When used with the \fBnpm rm\fP command, removes the dependency from -package\.json\. +\fBpackage\.json\fP\|\. +.P +Will also prevent writing to \fBpackage\-lock\.json\fP if set to \fBfalse\fP\|\. diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/build-ideal-tree.js b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/build-ideal-tree.js index 899d92ca937cca..f20a554bd5ee8e 100644 --- a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/build-ideal-tree.js +++ b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/build-ideal-tree.js @@ -41,7 +41,7 @@ const _complete = Symbol('complete') const _depsSeen = Symbol('depsSeen') const _depsQueue = Symbol('depsQueue') const _currentDep = Symbol('currentDep') -const _updateAll = Symbol('updateAll') +const _updateAll = Symbol.for('updateAll') const _mutateTree = Symbol('mutateTree') const _flagsSuspect = Symbol.for('flagsSuspect') const _workspaces = Symbol.for('workspaces') @@ -176,7 +176,7 @@ module.exports = cls => class IdealTreeBuilder extends cls { // public method async buildIdealTree (options = {}) { if (this.idealTree) { - return Promise.resolve(this.idealTree) + return this.idealTree } // allow the user to set reify options on the ctor as well. @@ -194,8 +194,7 @@ module.exports = cls => class IdealTreeBuilder extends cls { process.emit('time', 'idealTree') if (!options.add && !options.rm && !options.update && this[_global]) { - const er = new Error('global requires add, rm, or update option') - return Promise.reject(er) + throw new Error('global requires add, rm, or update option') } // first get the virtual tree, if possible. If there's a lockfile, then @@ -334,6 +333,7 @@ module.exports = cls => class IdealTreeBuilder extends cls { root.meta.lockfileVersion = defaultLockfileVersion } } + root.meta.inferFormattingOptions(root.package) return root }) @@ -1180,6 +1180,11 @@ This is a one-time fix-up, please be patient... return true } + // If the edge is a workspace, and it's valid, leave it alone + if (edge.to.isWorkspace) { + return false + } + // user explicitly asked to update this package by name, problem if (this[_updateNames].includes(edge.name)) { return true diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js index 547e54ac376700..d5e70323830b61 100644 --- a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js +++ b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js @@ -58,6 +58,8 @@ const _bundleUnpacked = Symbol('bundleUnpacked') const _bundleMissing = Symbol('bundleMissing') const _reifyNode = Symbol.for('reifyNode') const _extractOrLink = Symbol('extractOrLink') +const _updateAll = Symbol.for('updateAll') +const _updateNames = Symbol.for('updateNames') // defined by rebuild mixin const _checkBins = Symbol.for('checkBins') const _symlink = Symbol('symlink') @@ -1140,21 +1142,33 @@ module.exports = cls => class Reifier extends cls { // for install failures. Those still end up in the shrinkwrap, so we // save it first, then prune out the optional trash, and then return it. - // support save=false option - if (options.save === false || this[_global] || this[_dryRun]) { + const save = !(options.save === false) + + // we check for updates in order to make sure we run save ideal tree + // even though save=false since we want `npm update` to be able to + // write to package-lock files by default + const hasUpdates = this[_updateAll] || this[_updateNames].length + + // we're going to completely skip save ideal tree in case of a global or + // dry-run install and also if the save option is set to false, EXCEPT for + // update since the expected behavior for npm7+ is for update to + // NOT save to package.json, we make that exception since we still want + // saveIdealTree to be able to write the lockfile by default. + const saveIdealTree = !( + (!save && !hasUpdates) + || this[_global] + || this[_dryRun] + ) + + if (!saveIdealTree) { return false } process.emit('time', 'reify:save') const updatedTrees = new Set() - - // resolvedAdd is the list of user add requests, but with names added - // to things like git repos and tarball file/urls. However, if the - // user requested 'foo@', and we have a foo@file:../foo, then we should - // end up saving the spec we actually used, not whatever they gave us. - if (this[_resolvedAdd].length) { - for (const { name, tree: addTree } of this[_resolvedAdd]) { + const updateNodes = nodes => { + for (const { name, tree: addTree } of nodes) { // addTree either the root, or a workspace const edge = addTree.edgesOut.get(name) const pkg = addTree.package @@ -1168,7 +1182,7 @@ module.exports = cls => class Reifier extends cls { // that we couldn't resolve, this MAY be missing. if we haven't // blown up by now, it's because it was not a problem, though, so // just move on. - if (!child) { + if (!child || !addTree.isTop) { continue } @@ -1259,6 +1273,63 @@ module.exports = cls => class Reifier extends cls { } } + // helper that retrieves an array of nodes that were + // potentially updated during the reify process, in order + // to limit the number of nodes to check and update, only + // select nodes from the inventory that are direct deps + // of a given package.json (project root or a workspace) + // and in ase of using a list of `names`, restrict nodes + // to only names that are found in this list + const retrieveUpdatedNodes = names => { + const filterDirectDependencies = node => + !node.isRoot && node.resolveParent.isRoot + && (!names || names.includes(node.name)) + const directDeps = this.idealTree.inventory + .filter(filterDirectDependencies) + + // traverses the list of direct dependencies and collect all nodes + // to be updated, since any of them might have changed during reify + const nodes = [] + for (const node of directDeps) { + for (const edgeIn of node.edgesIn) { + nodes.push({ + name: node.name, + tree: edgeIn.from.target, + }) + } + } + return nodes + } + + if (save) { + // when using update all alongside with save, we'll make + // sure to refresh every dependency of the root idealTree + if (this[_updateAll]) { + const nodes = retrieveUpdatedNodes() + updateNodes(nodes) + } else { + // resolvedAdd is the list of user add requests, but with names added + // to things like git repos and tarball file/urls. However, if the + // user requested 'foo@', and we have a foo@file:../foo, then we should + // end up saving the spec we actually used, not whatever they gave us. + if (this[_resolvedAdd].length) { + updateNodes(this[_resolvedAdd]) + } + + // if updating given dependencies by name, restrict the list of + // nodes to check to only those currently in _updateNames + if (this[_updateNames].length) { + const nodes = retrieveUpdatedNodes(this[_updateNames]) + updateNodes(nodes) + } + + // grab any from explicitRequests that had deps removed + for (const { from: tree } of this.explicitRequests) { + updatedTrees.add(tree) + } + } + } + // preserve indentation, if possible const { [Symbol.for('indent')]: indent, @@ -1291,15 +1362,12 @@ module.exports = cls => class Reifier extends cls { await pkgJson.save() } - // grab any from explicitRequests that had deps removed - for (const { from: tree } of this.explicitRequests) { - updatedTrees.add(tree) - } - - for (const tree of updatedTrees) { - // refresh the edges so they have the correct specs - tree.package = tree.package - promises.push(updatePackageJson(tree)) + if (save) { + for (const tree of updatedTrees) { + // refresh the edges so they have the correct specs + tree.package = tree.package + promises.push(updatePackageJson(tree)) + } } await Promise.all(promises) diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/shrinkwrap.js b/deps/npm/node_modules/@npmcli/arborist/lib/shrinkwrap.js index a7a68c98c6d6d1..b45fea0ac61112 100644 --- a/deps/npm/node_modules/@npmcli/arborist/lib/shrinkwrap.js +++ b/deps/npm/node_modules/@npmcli/arborist/lib/shrinkwrap.js @@ -424,6 +424,18 @@ class Shrinkwrap { .map(fn => fn && maybeStatFile(fn))) } + inferFormattingOptions (packageJSONData) { + // don't use detect-indent, just pick the first line. + // if the file starts with {" then we have an indent of '', ie, none + // which will default to 2 at save time. + const { + [Symbol.for('indent')]: indent, + [Symbol.for('newline')]: newline, + } = packageJSONData + this.indent = indent !== undefined ? indent : this.indent + this.newline = newline !== undefined ? newline : this.newline + } + load () { // we don't need to load package-lock.json except for top of tree nodes, // only npm-shrinkwrap.json. @@ -451,15 +463,7 @@ class Shrinkwrap { return data ? parseJSON(data) : {} }).then(async data => { - // don't use detect-indent, just pick the first line. - // if the file starts with {" then we have an indent of '', ie, none - // which will default to 2 at save time. - const { - [Symbol.for('indent')]: indent, - [Symbol.for('newline')]: newline, - } = data - this.indent = indent !== undefined ? indent : this.indent - this.newline = newline !== undefined ? newline : this.newline + this.inferFormattingOptions(data) if (!this.hiddenLockfile || !data.packages) { return data diff --git a/deps/npm/node_modules/@npmcli/arborist/package.json b/deps/npm/node_modules/@npmcli/arborist/package.json index ac2922bc9655d5..493a0a78c5c465 100644 --- a/deps/npm/node_modules/@npmcli/arborist/package.json +++ b/deps/npm/node_modules/@npmcli/arborist/package.json @@ -1,6 +1,6 @@ { "name": "@npmcli/arborist", - "version": "4.2.0", + "version": "4.2.1", "description": "Manage node_modules trees", "dependencies": { "@isaacs/string-locale-compare": "^1.1.0", @@ -12,7 +12,7 @@ "@npmcli/node-gyp": "^1.0.3", "@npmcli/package-json": "^1.0.1", "@npmcli/run-script": "^2.0.0", - "bin-links": "^2.3.0", + "bin-links": "^3.0.0", "cacache": "^15.0.3", "common-ancestor-path": "^1.0.1", "json-parse-even-better-errors": "^2.3.1", diff --git a/deps/npm/node_modules/bin-links/lib/bin-target.js b/deps/npm/node_modules/bin-links/lib/bin-target.js index 7ea0c2a96ed686..0629285d5144c4 100644 --- a/deps/npm/node_modules/bin-links/lib/bin-target.js +++ b/deps/npm/node_modules/bin-links/lib/bin-target.js @@ -1,9 +1,9 @@ const isWindows = require('./is-windows.js') const getPrefix = require('./get-prefix.js') const getNodeModules = require('./get-node-modules.js') -const {dirname} = require('path') +const { dirname } = require('path') -module.exports = ({top, path}) => +module.exports = ({ top, path }) => !top ? getNodeModules(path) + '/.bin' - : isWindows ? getPrefix(path) - : dirname(getPrefix(path)) + '/bin' + : isWindows ? getPrefix(path) + : dirname(getPrefix(path)) + '/bin' diff --git a/deps/npm/node_modules/bin-links/lib/check-bin.js b/deps/npm/node_modules/bin-links/lib/check-bin.js index 45eec8affc92a9..8bbe45188a479c 100644 --- a/deps/npm/node_modules/bin-links/lib/check-bin.js +++ b/deps/npm/node_modules/bin-links/lib/check-bin.js @@ -2,53 +2,56 @@ // either rejects or resolves to nothing. return value not relevant. const isWindows = require('./is-windows.js') const binTarget = require('./bin-target.js') -const {resolve, dirname} = require('path') +const { resolve, dirname } = require('path') const readCmdShim = require('read-cmd-shim') const fs = require('fs') -const {promisify} = require('util') +const { promisify } = require('util') const readlink = promisify(fs.readlink) -const checkBin = async ({bin, path, top, global, force}) => { +const checkBin = async ({ bin, path, top, global, force }) => { // always ok to clobber when forced // always ok to clobber local bins, or when forced - if (force || !global || !top) + if (force || !global || !top) { return + } // ok, need to make sure, then - const target = resolve(binTarget({path, top}), bin) + const target = resolve(binTarget({ path, top }), bin) path = resolve(path) - return isWindows ? checkShim({target, path}) : checkLink({target, path}) + return isWindows ? checkShim({ target, path }) : checkLink({ target, path }) } // only enoent is allowed. anything else is a problem. -const handleReadLinkError = async ({er, target}) => +const handleReadLinkError = async ({ er, target }) => er.code === 'ENOENT' ? null - : failEEXIST({target}) + : failEEXIST({ target }) -const checkLink = async ({target, path}) => { +const checkLink = async ({ target, path }) => { const current = await readlink(target) - .catch(er => handleReadLinkError({er, target})) + .catch(er => handleReadLinkError({ er, target })) - if (!current) + if (!current) { return + } const resolved = resolve(dirname(target), current) - if (resolved.toLowerCase().indexOf(path.toLowerCase()) !== 0) - return failEEXIST({target}) + if (resolved.toLowerCase().indexOf(path.toLowerCase()) !== 0) { + return failEEXIST({ target }) + } } -const handleReadCmdShimError = ({er, target}) => +const handleReadCmdShimError = ({ er, target }) => er.code === 'ENOENT' ? null - : failEEXIST({target}) + : failEEXIST({ target }) -const failEEXIST = ({target}) => +const failEEXIST = ({ target }) => Promise.reject(Object.assign(new Error('EEXIST: file already exists'), { path: target, code: 'EEXIST', })) -const checkShim = async ({target, path}) => { +const checkShim = async ({ target, path }) => { const shims = [ target, target + '.cmd', @@ -56,15 +59,17 @@ const checkShim = async ({target, path}) => { ] await Promise.all(shims.map(async target => { const current = await readCmdShim(target) - .catch(er => handleReadCmdShimError({er, target})) + .catch(er => handleReadCmdShimError({ er, target })) - if (!current) + if (!current) { return + } const resolved = resolve(dirname(target), current.replace(/\\/g, '/')) - if (resolved.toLowerCase().indexOf(path.toLowerCase()) !== 0) - return failEEXIST({target}) + if (resolved.toLowerCase().indexOf(path.toLowerCase()) !== 0) { + return failEEXIST({ target }) + } })) } diff --git a/deps/npm/node_modules/bin-links/lib/check-bins.js b/deps/npm/node_modules/bin-links/lib/check-bins.js index 0addbffe55abb0..76a683c91d7c22 100644 --- a/deps/npm/node_modules/bin-links/lib/check-bins.js +++ b/deps/npm/node_modules/bin-links/lib/check-bins.js @@ -3,14 +3,16 @@ const normalize = require('npm-normalize-package-bin') const checkBins = async ({ pkg, path, top, global, force }) => { // always ok to clobber when forced // always ok to clobber local bins, or when forced - if (force || !global || !top) + if (force || !global || !top) { return + } pkg = normalize(pkg) - if (!pkg.bin) + if (!pkg.bin) { return + } await Promise.all(Object.keys(pkg.bin) - .map(bin => checkBin({bin, path, top, global, force}))) + .map(bin => checkBin({ bin, path, top, global, force }))) } module.exports = checkBins diff --git a/deps/npm/node_modules/bin-links/lib/get-node-modules.js b/deps/npm/node_modules/bin-links/lib/get-node-modules.js index b67c198eff3485..5c16b3b8afbfb5 100644 --- a/deps/npm/node_modules/bin-links/lib/get-node-modules.js +++ b/deps/npm/node_modules/bin-links/lib/get-node-modules.js @@ -2,12 +2,13 @@ // {prefix}/node_modules/{name}. Can't rely on pkg.name, because // it might be installed as an alias. -const {dirname, basename} = require('path') +const { dirname, basename } = require('path') // this gets called a lot and can't change, so memoize it const memo = new Map() module.exports = path => { - if (memo.has(path)) + if (memo.has(path)) { return memo.get(path) + } const scopeOrNm = dirname(path) const nm = basename(scopeOrNm) === 'node_modules' ? scopeOrNm diff --git a/deps/npm/node_modules/bin-links/lib/get-paths.js b/deps/npm/node_modules/bin-links/lib/get-paths.js index 614c85652a1aa9..631aef9f9117f5 100644 --- a/deps/npm/node_modules/bin-links/lib/get-paths.js +++ b/deps/npm/node_modules/bin-links/lib/get-paths.js @@ -3,14 +3,15 @@ // are present, then we can assume that they're associated. const binTarget = require('./bin-target.js') const manTarget = require('./man-target.js') -const {resolve, basename} = require('path') +const { resolve, basename } = require('path') const isWindows = require('./is-windows.js') -module.exports = ({path, pkg, global, top}) => { - if (top && !global) +module.exports = ({ path, pkg, global, top }) => { + if (top && !global) { return [] + } const binSet = [] - const binTarg = binTarget({path, top}) + const binTarg = binTarget({ path, top }) if (pkg.bin) { for (const bin of Object.keys(pkg.bin)) { const b = resolve(binTarg, bin) @@ -22,14 +23,15 @@ module.exports = ({path, pkg, global, top}) => { } } - const manTarg = manTarget({path, top}) + const manTarg = manTarget({ path, top }) const manSet = [] if (manTarg && pkg.man && Array.isArray(pkg.man) && pkg.man.length) { for (const man of pkg.man) { const parseMan = man.match(/(.*\.([0-9]+)(\.gz)?)$/) // invalid entries invalidate the entire man set - if (!parseMan) + if (!parseMan) { return binSet + } const stem = parseMan[1] const sxn = parseMan[2] @@ -37,8 +39,9 @@ module.exports = ({path, pkg, global, top}) => { const absFrom = resolve(path, man) /* istanbul ignore if - should be impossible */ - if (absFrom.indexOf(path) !== 0) + if (absFrom.indexOf(path) !== 0) { return binSet + } manSet.push(resolve(manTarg, 'man' + sxn, base)) } diff --git a/deps/npm/node_modules/bin-links/lib/get-prefix.js b/deps/npm/node_modules/bin-links/lib/get-prefix.js index 96112bf0a2b979..d5cf9c9d01c202 100644 --- a/deps/npm/node_modules/bin-links/lib/get-prefix.js +++ b/deps/npm/node_modules/bin-links/lib/get-prefix.js @@ -1,3 +1,3 @@ -const {dirname} = require('path') +const { dirname } = require('path') const getNodeModules = require('./get-node-modules.js') module.exports = path => dirname(getNodeModules(path)) diff --git a/deps/npm/node_modules/bin-links/index.js b/deps/npm/node_modules/bin-links/lib/index.js similarity index 70% rename from deps/npm/node_modules/bin-links/index.js rename to deps/npm/node_modules/bin-links/lib/index.js index 2e8519737220a2..ab3bd13c0be6b3 100644 --- a/deps/npm/node_modules/bin-links/index.js +++ b/deps/npm/node_modules/bin-links/lib/index.js @@ -1,5 +1,5 @@ -const linkBins = require('./lib/link-bins.js') -const linkMans = require('./lib/link-mans.js') +const linkBins = require('./link-bins.js') +const linkMans = require('./link-mans.js') const binLinks = opts => { const { path, pkg, force, global, top } = opts @@ -14,27 +14,28 @@ const binLinks = opts => { // non-global top pkgs don't have any bins or mans linked. From here on // out, if it's top, we know that it's global, so no need to pass that // option further down the stack. - if (top && !global) + if (top && !global) { return Promise.resolve() + } return Promise.all([ // allow clobbering within the local node_modules/.bin folder. // only global bins are protected in this way, or else it is // yet another vector for excessive dependency conflicts. - linkBins({path, pkg, top, force: force || !top}), - linkMans({path, pkg, top, force}), + linkBins({ path, pkg, top, force: force || !top }), + linkMans({ path, pkg, top, force }), ]) } -const shimBin = require('./lib/shim-bin.js') -const linkGently = require('./lib/link-gently.js') +const shimBin = require('./shim-bin.js') +const linkGently = require('./link-gently.js') const resetSeen = () => { shimBin.resetSeen() linkGently.resetSeen() } -const checkBins = require('./lib/check-bins.js') -const getPaths = require('./lib/get-paths.js') +const checkBins = require('./check-bins.js') +const getPaths = require('./get-paths.js') module.exports = Object.assign(binLinks, { checkBins, diff --git a/deps/npm/node_modules/bin-links/lib/link-bin.js b/deps/npm/node_modules/bin-links/lib/link-bin.js index 4c0bde489348a1..fb579350994d03 100644 --- a/deps/npm/node_modules/bin-links/lib/link-bin.js +++ b/deps/npm/node_modules/bin-links/lib/link-bin.js @@ -2,8 +2,8 @@ const linkGently = require('./link-gently.js') const fixBin = require('./fix-bin.js') // linking bins is simple. just symlink, and if we linked it, fix the bin up -const linkBin = ({path, to, from, absFrom, force}) => - linkGently({path, to, from, absFrom, force}) +const linkBin = ({ path, to, from, absFrom, force }) => + linkGently({ path, to, from, absFrom, force }) .then(linked => linked && fixBin(absFrom)) module.exports = linkBin diff --git a/deps/npm/node_modules/bin-links/lib/link-bins.js b/deps/npm/node_modules/bin-links/lib/link-bins.js index 6a1086b92b2649..9bf7d72117fbbe 100644 --- a/deps/npm/node_modules/bin-links/lib/link-bins.js +++ b/deps/npm/node_modules/bin-links/lib/link-bins.js @@ -4,17 +4,18 @@ const { dirname, resolve, relative } = require('path') const linkBin = isWindows ? require('./shim-bin.js') : require('./link-bin.js') const normalize = require('npm-normalize-package-bin') -const linkBins = ({path, pkg, top, force}) => { +const linkBins = ({ path, pkg, top, force }) => { pkg = normalize(pkg) - if (!pkg.bin) + if (!pkg.bin) { return Promise.resolve([]) + } const promises = [] - const target = binTarget({path, top}) + const target = binTarget({ path, top }) for (const [key, val] of Object.entries(pkg.bin)) { const to = resolve(target, key) const absFrom = resolve(path, val) const from = relative(dirname(to), absFrom) - promises.push(linkBin({path, from, to, absFrom, force})) + promises.push(linkBin({ path, from, to, absFrom, force })) } return Promise.all(promises) } diff --git a/deps/npm/node_modules/bin-links/lib/link-gently.js b/deps/npm/node_modules/bin-links/lib/link-gently.js index 6a6e555de7cf52..671ce38a586e7d 100644 --- a/deps/npm/node_modules/bin-links/lib/link-gently.js +++ b/deps/npm/node_modules/bin-links/lib/link-gently.js @@ -11,7 +11,11 @@ const fs = require('fs') const symlink = promisify(fs.symlink) const readlink = promisify(fs.readlink) const lstat = promisify(fs.lstat) -const throwNonEnoent = er => { if (er.code !== 'ENOENT') throw er } +const throwNonEnoent = er => { + if (er.code !== 'ENOENT') { + throw er + } +} // even in --force mode, we never create a link over a link we've // already created. you can have multiple packages in a tree trying @@ -24,11 +28,12 @@ const rimraf = promisify(require('rimraf')) const rm = path => rimraf(path, { glob: false }) const SKIP = Symbol('skip - missing or already installed') -const CLOBBER = Symbol('clobber - ours or in forceful mode') +const CLOBBER = Symbol('clobber - ours or in forceful mode') -const linkGently = async ({path, to, from, absFrom, force}) => { - if (seen.has(to)) +const linkGently = async ({ path, to, from, absFrom, force }) => { + if (seen.has(to)) { return true + } seen.add(to) // if the script or manpage isn't there, just ignore it. @@ -40,36 +45,42 @@ const linkGently = async ({path, to, from, absFrom, force}) => { lstat(to).catch(throwNonEnoent), ]).then(([stFrom, stTo]) => { // not present in package, skip it - if (!stFrom) + if (!stFrom) { return SKIP + } // exists! maybe clobber if we can if (stTo) { - if (!stTo.isSymbolicLink()) + if (!stTo.isSymbolicLink()) { return force && rm(to).then(() => CLOBBER) + } return readlink(to).then(target => { - if (target === from) - return SKIP // skip it, already set up like we want it. + if (target === from) { + return SKIP + } // skip it, already set up like we want it. target = resolve(dirname(to), target) - if (target.indexOf(path) === 0 || force) + if (target.indexOf(path) === 0 || force) { return rm(to).then(() => CLOBBER) + } }) } else { // doesn't exist, dir might not either return mkdirp(dirname(to)) } }) - .then(skipOrClobber => { - if (skipOrClobber === SKIP) - return false - return symlink(from, to, 'file').catch(er => { - if (skipOrClobber === CLOBBER || force) - return rm(to).then(() => symlink(from, to, 'file')) - throw er - }).then(() => true) - }) + .then(skipOrClobber => { + if (skipOrClobber === SKIP) { + return false + } + return symlink(from, to, 'file').catch(er => { + if (skipOrClobber === CLOBBER || force) { + return rm(to).then(() => symlink(from, to, 'file')) + } + throw er + }).then(() => true) + }) } const resetSeen = () => { diff --git a/deps/npm/node_modules/bin-links/lib/link-mans.js b/deps/npm/node_modules/bin-links/lib/link-mans.js index 6fb167e480a740..54b17d1fc16d4f 100644 --- a/deps/npm/node_modules/bin-links/lib/link-mans.js +++ b/deps/npm/node_modules/bin-links/lib/link-mans.js @@ -2,10 +2,11 @@ const { dirname, relative, join, resolve, basename } = require('path') const linkGently = require('./link-gently.js') const manTarget = require('./man-target.js') -const linkMans = ({path, pkg, top, force}) => { - const target = manTarget({path, top}) - if (!target || !pkg.man || !Array.isArray(pkg.man) || !pkg.man.length) +const linkMans = ({ path, pkg, top, force }) => { + const target = manTarget({ path, top }) + if (!target || !pkg.man || !Array.isArray(pkg.man) || !pkg.man.length) { return Promise.resolve([]) + } // break any links to c:\\blah or /foo/blah or ../blah // and filter out duplicates @@ -44,7 +45,7 @@ const linkMans = ({path, pkg, top, force}) => { const to = resolve(target, 'man' + sxn, base) const from = relative(dirname(to), absFrom) - return linkGently({from, to, path, absFrom, force}) + return linkGently({ from, to, path, absFrom, force }) })) } diff --git a/deps/npm/node_modules/bin-links/lib/man-target.js b/deps/npm/node_modules/bin-links/lib/man-target.js index 832d2ea35e43cf..efe66f38a5543f 100644 --- a/deps/npm/node_modules/bin-links/lib/man-target.js +++ b/deps/npm/node_modules/bin-links/lib/man-target.js @@ -1,6 +1,6 @@ const isWindows = require('./is-windows.js') const getPrefix = require('./get-prefix.js') -const {dirname} = require('path') +const { dirname } = require('path') -module.exports = ({top, path}) => !top || isWindows ? null +module.exports = ({ top, path }) => !top || isWindows ? null : dirname(getPrefix(path)) + '/share/man' diff --git a/deps/npm/node_modules/bin-links/lib/shim-bin.js b/deps/npm/node_modules/bin-links/lib/shim-bin.js index f2dfd7a7825d1e..70259a49e5b0c0 100644 --- a/deps/npm/node_modules/bin-links/lib/shim-bin.js +++ b/deps/npm/node_modules/bin-links/lib/shim-bin.js @@ -2,7 +2,11 @@ const { promisify } = require('util') const { resolve, dirname } = require('path') const fs = require('fs') const lstat = promisify(fs.lstat) -const throwNonEnoent = er => { if (er.code !== 'ENOENT') throw er } +const throwNonEnoent = er => { + if (er.code !== 'ENOENT') { + throw er + } +} const cmdShim = require('cmd-shim') const readCmdShim = require('read-cmd-shim') @@ -15,20 +19,20 @@ const fixBin = require('./fix-bin.js') // nondeterminism. const seen = new Set() -const failEEXIST = ({path, to, from}) => +const failEEXIST = ({ path, to, from }) => Promise.reject(Object.assign(new Error('EEXIST: file already exists'), { path: to, dest: from, code: 'EEXIST', })) -const handleReadCmdShimError = ({er, from, to}) => +const handleReadCmdShimError = ({ er, from, to }) => er.code === 'ENOENT' ? null - : er.code === 'ENOTASHIM' ? failEEXIST({from, to}) + : er.code === 'ENOTASHIM' ? failEEXIST({ from, to }) : Promise.reject(er) const SKIP = Symbol('skip - missing or already installed') -const shimBin = ({path, to, from, absFrom, force}) => { +const shimBin = ({ path, to, from, absFrom, force }) => { const shims = [ to, to + '.cmd', @@ -36,8 +40,9 @@ const shimBin = ({path, to, from, absFrom, force}) => { ] for (const shim of shims) { - if (seen.has(shim)) + if (seen.has(shim)) { return true + } seen.add(shim) } @@ -45,30 +50,29 @@ const shimBin = ({path, to, from, absFrom, force}) => { ...shims, absFrom, ].map(f => lstat(f).catch(throwNonEnoent))).then((stats) => { - const [ - stToBase, - stToCmd, - stToPs1, - stFrom, - ] = stats - if (!stFrom) + const [, , , stFrom] = stats + if (!stFrom) { return SKIP + } - if (force) + if (force) { return + } return Promise.all(shims.map((s, i) => [s, stats[i]]).map(([s, st]) => { - if (!st) + if (!st) { return + } return readCmdShim(s) .then(target => { target = resolve(dirname(to), target) - if (target.indexOf(resolve(path)) !== 0) - return failEEXIST({from, to, path}) - }, er => handleReadCmdShimError({er, from, to})) + if (target.indexOf(resolve(path)) !== 0) { + return failEEXIST({ from, to, path }) + } + }, er => handleReadCmdShimError({ er, from, to })) })) }) - .then(skip => skip !== SKIP && doShim(absFrom, to)) + .then(skip => skip !== SKIP && doShim(absFrom, to)) } const doShim = (absFrom, to) => diff --git a/deps/npm/node_modules/bin-links/package.json b/deps/npm/node_modules/bin-links/package.json index 8293d77d1a85af..0325ab4437656d 100644 --- a/deps/npm/node_modules/bin-links/package.json +++ b/deps/npm/node_modules/bin-links/package.json @@ -1,14 +1,18 @@ { "name": "bin-links", - "version": "2.3.0", + "version": "3.0.0", "description": "JavaScript package binary linker", - "main": "index.js", + "main": "./lib/index.js", "scripts": { - "preversion": "npm t", + "preversion": "npm test", "postversion": "npm publish", - "prepublishOnly": "git push --follow-tags", + "prepublishOnly": "git push origin --follow-tags", "snap": "tap", - "test": "tap" + "test": "tap", + "lint": "eslint '**/*.js'", + "postlint": "npm-template-check", + "lintfix": "npm run lint -- --fix", + "posttest": "npm run lint" }, "repository": { "type": "git", @@ -26,9 +30,10 @@ "npm-normalize-package-bin": "^1.0.0", "read-cmd-shim": "^2.0.0", "rimraf": "^3.0.0", - "write-file-atomic": "^3.0.3" + "write-file-atomic": "^4.0.0" }, "devDependencies": { + "@npmcli/template-oss": "^2.5.0", "mkdirp": "^1.0.3", "require-inject": "^1.4.4", "tap": "^15.0.10" @@ -38,10 +43,15 @@ "coverage-map": "map.js" }, "files": [ - "index.js", - "lib/*.js" + "bin", + "lib" ], "engines": { - "node": ">=10" + "node": "^12.13.0 || ^14.15.0 || >=16" + }, + "author": "GitHub Inc.", + "templateOSS": { + "windowsCI": false, + "version": "2.5.0" } } diff --git a/deps/npm/node_modules/libnpmexec/package.json b/deps/npm/node_modules/libnpmexec/package.json index 8c8812a651a053..ff728b5473bc96 100644 --- a/deps/npm/node_modules/libnpmexec/package.json +++ b/deps/npm/node_modules/libnpmexec/package.json @@ -46,7 +46,7 @@ }, "devDependencies": { "@npmcli/template-oss": "^2.4.2", - "bin-links": "^2.2.1", + "bin-links": "^3.0.0", "tap": "^15.0.6" }, "dependencies": { diff --git a/deps/npm/node_modules/typedarray-to-buffer/.airtap.yml b/deps/npm/node_modules/typedarray-to-buffer/.airtap.yml deleted file mode 100644 index 3417780255e8e2..00000000000000 --- a/deps/npm/node_modules/typedarray-to-buffer/.airtap.yml +++ /dev/null @@ -1,15 +0,0 @@ -sauce_connect: true -loopback: airtap.local -browsers: - - name: chrome - version: latest - - name: firefox - version: latest - - name: safari - version: latest - - name: microsoftedge - version: latest - - name: ie - version: latest - - name: iphone - version: latest diff --git a/deps/npm/node_modules/typedarray-to-buffer/index.js b/deps/npm/node_modules/typedarray-to-buffer/index.js index 5fa394dd201d2e..fd1e192b2656b1 100644 --- a/deps/npm/node_modules/typedarray-to-buffer/index.js +++ b/deps/npm/node_modules/typedarray-to-buffer/index.js @@ -1,3 +1,4 @@ +/*! typedarray-to-buffer. MIT License. Feross Aboukhadijeh */ /** * Convert a typed array to a Buffer without a copy * @@ -7,19 +8,11 @@ * `npm install typedarray-to-buffer` */ -var isTypedArray = require('is-typedarray').strict - module.exports = function typedarrayToBuffer (arr) { - if (isTypedArray(arr)) { - // To avoid a copy, use the typed array's underlying ArrayBuffer to back new Buffer - var buf = Buffer.from(arr.buffer) - if (arr.byteLength !== arr.buffer.byteLength) { - // Respect the "view", i.e. byteOffset and byteLength, without doing a copy - buf = buf.slice(arr.byteOffset, arr.byteOffset + arr.byteLength) - } - return buf - } else { + return ArrayBuffer.isView(arr) + // To avoid a copy, use the typed array's underlying ArrayBuffer to back + // new Buffer, respecting the "view", i.e. byteOffset and byteLength + ? Buffer.from(arr.buffer, arr.byteOffset, arr.byteLength) // Pass through all other types to `Buffer.from` - return Buffer.from(arr) - } + : Buffer.from(arr) } diff --git a/deps/npm/node_modules/typedarray-to-buffer/package.json b/deps/npm/node_modules/typedarray-to-buffer/package.json index 5ec5656157991e..502a322c6d7460 100644 --- a/deps/npm/node_modules/typedarray-to-buffer/package.json +++ b/deps/npm/node_modules/typedarray-to-buffer/package.json @@ -1,22 +1,20 @@ { "name": "typedarray-to-buffer", "description": "Convert a typed array to a Buffer without a copy", - "version": "3.1.5", + "version": "4.0.0", "author": { "name": "Feross Aboukhadijeh", "email": "feross@feross.org", - "url": "http://feross.org/" + "url": "https://feross.org" }, "bugs": { "url": "https://github.com/feross/typedarray-to-buffer/issues" }, - "dependencies": { - "is-typedarray": "^1.0.0" - }, + "dependencies": {}, "devDependencies": { - "airtap": "0.0.4", + "airtap": "^3.0.0", "standard": "*", - "tape": "^4.0.0" + "tape": "^5.0.1" }, "homepage": "http://feross.org", "keywords": [ @@ -46,5 +44,19 @@ "test-browser": "airtap -- test/*.js", "test-browser-local": "airtap --local -- test/*.js", "test-node": "tape test/*.js" - } + }, + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ] } diff --git a/deps/npm/node_modules/typedarray-to-buffer/test/basic.js b/deps/npm/node_modules/typedarray-to-buffer/test/basic.js deleted file mode 100644 index 352109682f5c12..00000000000000 --- a/deps/npm/node_modules/typedarray-to-buffer/test/basic.js +++ /dev/null @@ -1,50 +0,0 @@ -var test = require('tape') -var toBuffer = require('../') - -test('convert to buffer from Uint8Array', function (t) { - if (typeof Uint8Array !== 'undefined') { - var arr = new Uint8Array([1, 2, 3]) - arr = toBuffer(arr) - - t.deepEqual(arr, Buffer.from([1, 2, 3]), 'contents equal') - t.ok(Buffer.isBuffer(arr), 'is buffer') - t.equal(arr.readUInt8(0), 1) - t.equal(arr.readUInt8(1), 2) - t.equal(arr.readUInt8(2), 3) - } else { - t.pass('browser lacks Uint8Array support, skip test') - } - t.end() -}) - -test('convert to buffer from another arrayview type (Uint32Array)', function (t) { - if (typeof Uint32Array !== 'undefined' && Buffer.TYPED_ARRAY_SUPPORT !== false) { - var arr = new Uint32Array([1, 2, 3]) - arr = toBuffer(arr) - - t.deepEqual(arr, Buffer.from([1, 0, 0, 0, 2, 0, 0, 0, 3, 0, 0, 0]), 'contents equal') - t.ok(Buffer.isBuffer(arr), 'is buffer') - t.equal(arr.readUInt32LE(0), 1) - t.equal(arr.readUInt32LE(4), 2) - t.equal(arr.readUInt32LE(8), 3) - t.equal(arr instanceof Uint8Array, true) - } else { - t.pass('browser lacks Uint32Array support, skip test') - } - t.end() -}) - -test('convert to buffer from ArrayBuffer', function (t) { - if (typeof Uint32Array !== 'undefined' && Buffer.TYPED_ARRAY_SUPPORT !== false) { - var arr = new Uint32Array([1, 2, 3]).subarray(1, 2) - arr = toBuffer(arr) - - t.deepEqual(arr, Buffer.from([2, 0, 0, 0]), 'contents equal') - t.ok(Buffer.isBuffer(arr), 'is buffer') - t.equal(arr.readUInt32LE(0), 2) - t.equal(arr instanceof Uint8Array, true) - } else { - t.pass('browser lacks ArrayBuffer support, skip test') - } - t.end() -}) diff --git a/deps/npm/node_modules/write-file-atomic/LICENSE b/deps/npm/node_modules/write-file-atomic/LICENSE.md similarity index 99% rename from deps/npm/node_modules/write-file-atomic/LICENSE rename to deps/npm/node_modules/write-file-atomic/LICENSE.md index 95e65a7706e0e9..af4588069db82d 100644 --- a/deps/npm/node_modules/write-file-atomic/LICENSE +++ b/deps/npm/node_modules/write-file-atomic/LICENSE.md @@ -3,4 +3,3 @@ Copyright (c) 2015, Rebecca Turner Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - diff --git a/deps/npm/node_modules/write-file-atomic/index.js b/deps/npm/node_modules/write-file-atomic/lib/index.js similarity index 94% rename from deps/npm/node_modules/write-file-atomic/index.js rename to deps/npm/node_modules/write-file-atomic/lib/index.js index df5b72a14f74a4..9a7d183aecb4c6 100644 --- a/deps/npm/node_modules/write-file-atomic/index.js +++ b/deps/npm/node_modules/write-file-atomic/lib/index.js @@ -48,10 +48,14 @@ function cleanupOnExit (tmpfile) { function serializeActiveFile (absoluteName) { return new Promise(resolve => { // make a queue if it doesn't already exist - if (!activeFiles[absoluteName]) activeFiles[absoluteName] = [] + if (!activeFiles[absoluteName]) { + activeFiles[absoluteName] = [] + } activeFiles[absoluteName].push(resolve) // add this job to the queue - if (activeFiles[absoluteName].length === 1) resolve() // kick off the first one + if (activeFiles[absoluteName].length === 1) { + resolve() + } // kick off the first one }) } @@ -151,7 +155,9 @@ async function writeFileAsync (filename, data, options = {}) { activeFiles[absoluteName].shift() // remove the element added by serializeSameFile if (activeFiles[absoluteName].length > 0) { activeFiles[absoluteName][0]() // start next job if one is pending - } else delete activeFiles[absoluteName] + } else { + delete activeFiles[absoluteName] + } } } @@ -170,8 +176,11 @@ function writeFile (filename, data, options, callback) { } function writeFileSync (filename, data, options) { - if (typeof options === 'string') options = { encoding: options } - else if (!options) options = {} + if (typeof options === 'string') { + options = { encoding: options } + } else if (!options) { + options = {} + } try { filename = fs.realpathSync(filename) } catch (ex) { diff --git a/deps/npm/node_modules/write-file-atomic/package.json b/deps/npm/node_modules/write-file-atomic/package.json index 98a29a053453a6..031eccdba87071 100644 --- a/deps/npm/node_modules/write-file-atomic/package.json +++ b/deps/npm/node_modules/write-file-atomic/package.json @@ -1,16 +1,18 @@ { "name": "write-file-atomic", - "version": "3.0.3", + "version": "4.0.0", "description": "Write files in an atomic fashion w/configurable ownership", - "main": "index.js", + "main": "./lib/index.js", "scripts": { "test": "tap", "posttest": "npm run lint", - "lint": "standard", - "postlint": "rimraf chowncopy good nochmod nochown nofsync nofsyncopt noopen norename \"norename nounlink\" nowrite", + "lint": "eslint '**/*.js'", + "postlint": "npm-template-check", "preversion": "npm test", "postversion": "npm publish", - "prepublishOnly": "git push origin --follow-tags" + "prepublishOnly": "git push origin --follow-tags", + "lintfix": "npm run lint -- --fix", + "snap": "tap" }, "repository": { "type": "git", @@ -20,7 +22,7 @@ "writeFile", "atomic" ], - "author": "Rebecca Turner (http://re-becca.org)", + "author": "GitHub Inc.", "license": "ISC", "bugs": { "url": "https://github.com/npm/write-file-atomic/issues" @@ -30,19 +32,23 @@ "imurmurhash": "^0.1.4", "is-typedarray": "^1.0.0", "signal-exit": "^3.0.2", - "typedarray-to-buffer": "^3.1.5" + "typedarray-to-buffer": "^4.0.0" }, "devDependencies": { - "mkdirp": "^0.5.1", - "require-inject": "^1.4.4", - "rimraf": "^2.6.3", - "standard": "^14.3.1", - "tap": "^14.10.6" + "@npmcli/template-oss": "^2.5.1", + "mkdirp": "^1.0.4", + "rimraf": "^3.0.2", + "tap": "^15.1.6" }, "files": [ - "index.js" + "bin", + "lib" ], - "tap": { - "100": true + "engines": { + "node": "^12.13.0 || ^14.15.0 || >=16" + }, + "templateOSS": { + "windowsCI": false, + "version": "2.5.1" } } diff --git a/deps/npm/package.json b/deps/npm/package.json index a4a5fcc6e8d4db..508f6158471235 100644 --- a/deps/npm/package.json +++ b/deps/npm/package.json @@ -1,5 +1,5 @@ { - "version": "8.3.1", + "version": "8.3.2", "name": "npm", "description": "a package manager for JavaScript", "workspaces": [ @@ -55,7 +55,7 @@ }, "dependencies": { "@isaacs/string-locale-compare": "^1.1.0", - "@npmcli/arborist": "^4.2.0", + "@npmcli/arborist": "^4.2.1", "@npmcli/ci-detect": "^1.4.0", "@npmcli/config": "^2.4.0", "@npmcli/map-workspaces": "^2.0.0", @@ -124,7 +124,7 @@ "treeverse": "^1.0.4", "validate-npm-package-name": "~3.0.0", "which": "^2.0.2", - "write-file-atomic": "^3.0.3" + "write-file-atomic": "^4.0.0" }, "bundleDependencies": [ "@isaacs/string-locale-compare", diff --git a/deps/npm/tap-snapshots/test/lib/load-all-commands.js.test.cjs b/deps/npm/tap-snapshots/test/lib/load-all-commands.js.test.cjs index 6efecf2089e831..e7142c24923224 100644 --- a/deps/npm/tap-snapshots/test/lib/load-all-commands.js.test.cjs +++ b/deps/npm/tap-snapshots/test/lib/load-all-commands.js.test.cjs @@ -170,6 +170,7 @@ npm dedupe Options: [--global-style] [--legacy-bundling] [--strict-peer-deps] [--no-package-lock] +[-S|--save|--no-save|--save-prod|--save-dev|--save-optional|--save-peer] [--omit [--omit ...]] [--ignore-scripts] [--no-audit] [--no-bin-links] [--no-fund] [--dry-run] [-w|--workspace [-w|--workspace ...]] @@ -1061,8 +1062,10 @@ npm update [...] Options: [-g|--global] [--global-style] [--legacy-bundling] [--strict-peer-deps] -[--no-package-lock] [--omit [--omit ...]] -[--ignore-scripts] [--no-audit] [--no-bin-links] [--no-fund] [--dry-run] +[--no-package-lock] +[-S|--save|--no-save|--save-prod|--save-dev|--save-optional|--save-peer] +[--omit [--omit ...]] [--ignore-scripts] +[--no-audit] [--no-bin-links] [--no-fund] [--dry-run] [-w|--workspace [-w|--workspace ...]] [-ws|--workspaces] [--include-workspace-root] diff --git a/deps/npm/tap-snapshots/test/lib/utils/config/definitions.js.test.cjs b/deps/npm/tap-snapshots/test/lib/utils/config/definitions.js.test.cjs index 84bb22ff0ef59e..459c5de8dc2843 100644 --- a/deps/npm/tap-snapshots/test/lib/utils/config/definitions.js.test.cjs +++ b/deps/npm/tap-snapshots/test/lib/utils/config/definitions.js.test.cjs @@ -1406,13 +1406,16 @@ The base URL of the npm registry. exports[`test/lib/utils/config/definitions.js TAP > config description for save 1`] = ` #### \`save\` -* Default: true +* Default: \`true\` unless when using \`npm update\` or \`npm dedupe\` where it + defaults to \`false\` * Type: Boolean -Save installed packages to a package.json file as dependencies. +Save installed packages to a \`package.json\` file as dependencies. When used with the \`npm rm\` command, removes the dependency from -package.json. +\`package.json\`. + +Will also prevent writing to \`package-lock.json\` if set to \`false\`. ` exports[`test/lib/utils/config/definitions.js TAP > config description for save-bundle 1`] = ` diff --git a/deps/npm/tap-snapshots/test/lib/utils/config/describe-all.js.test.cjs b/deps/npm/tap-snapshots/test/lib/utils/config/describe-all.js.test.cjs index 3db90f7679d4ed..ffa6617328bc62 100644 --- a/deps/npm/tap-snapshots/test/lib/utils/config/describe-all.js.test.cjs +++ b/deps/npm/tap-snapshots/test/lib/utils/config/describe-all.js.test.cjs @@ -1200,13 +1200,16 @@ The base URL of the npm registry. #### \`save\` -* Default: true +* Default: \`true\` unless when using \`npm update\` or \`npm dedupe\` where it + defaults to \`false\` * Type: Boolean -Save installed packages to a package.json file as dependencies. +Save installed packages to a \`package.json\` file as dependencies. When used with the \`npm rm\` command, removes the dependency from -package.json. +\`package.json\`. + +Will also prevent writing to \`package-lock.json\` if set to \`false\`. diff --git a/deps/npm/tap-snapshots/test/lib/utils/npm-usage.js.test.cjs b/deps/npm/tap-snapshots/test/lib/utils/npm-usage.js.test.cjs index ca4b745f5dd1d7..e3a572be459545 100644 --- a/deps/npm/tap-snapshots/test/lib/utils/npm-usage.js.test.cjs +++ b/deps/npm/tap-snapshots/test/lib/utils/npm-usage.js.test.cjs @@ -311,6 +311,7 @@ All commands: Options: [--global-style] [--legacy-bundling] [--strict-peer-deps] [--no-package-lock] + [-S|--save|--no-save|--save-prod|--save-dev|--save-optional|--save-peer] [--omit [--omit ...]] [--ignore-scripts] [--no-audit] [--no-bin-links] [--no-fund] [--dry-run] [-w|--workspace [-w|--workspace ...]] @@ -1096,8 +1097,10 @@ All commands: Options: [-g|--global] [--global-style] [--legacy-bundling] [--strict-peer-deps] - [--no-package-lock] [--omit [--omit ...]] - [--ignore-scripts] [--no-audit] [--no-bin-links] [--no-fund] [--dry-run] + [--no-package-lock] + [-S|--save|--no-save|--save-prod|--save-dev|--save-optional|--save-peer] + [--omit [--omit ...]] [--ignore-scripts] + [--no-audit] [--no-bin-links] [--no-fund] [--dry-run] [-w|--workspace [-w|--workspace ...]] [-ws|--workspaces] [--include-workspace-root] diff --git a/deps/npm/test/fixtures/mock-npm.js b/deps/npm/test/fixtures/mock-npm.js index 7518855319b4ae..c3dc47f5dde4f7 100644 --- a/deps/npm/test/fixtures/mock-npm.js +++ b/deps/npm/test/fixtures/mock-npm.js @@ -147,6 +147,8 @@ class MockNpm { // for now just set `find` to what config.find should return // this works cause `find` is not an existing config entry find: (k) => ({ ...realConfig.defaults, ...config })[k], + // for now isDefault is going to just return false if a value was defined + isDefault: (k) => !Object.prototype.hasOwnProperty.call(config, k), get: (k) => ({ ...realConfig.defaults, ...config })[k], set: (k, v) => config[k] = v, list: [{ ...realConfig.defaults, ...config }], diff --git a/deps/npm/test/lib/arborist-cmd.js b/deps/npm/test/lib/arborist-cmd.js index 3db862d233dc7e..91d8a7b333bf9d 100644 --- a/deps/npm/test/lib/arborist-cmd.js +++ b/deps/npm/test/lib/arborist-cmd.js @@ -98,7 +98,7 @@ t.test('handle getWorkspaces raising an error', async t => { }) class TestCmd extends ArboristCmd {} const cmd = new TestCmd() - cmd.npm = {} + cmd.npm = { localPrefix: t.testdir() } await t.rejects( cmd.execWorkspaces(['foo'], ['a']), diff --git a/deps/npm/test/lib/commands/dedupe.js b/deps/npm/test/lib/commands/dedupe.js index 2e2fae238103ff..bf6964081ca79e 100644 --- a/deps/npm/test/lib/commands/dedupe.js +++ b/deps/npm/test/lib/commands/dedupe.js @@ -38,11 +38,12 @@ t.test('should remove dupes using Arborist', async (t) => { }) t.test('should remove dupes using Arborist - no arguments', async (t) => { - t.plan(1) + t.plan(2) const { npm } = await loadMockNpm(t, { mocks: { '@npmcli/arborist': function (args) { t.ok(args.dryRun, 'gets dryRun from config') + t.ok(args.save, 'gets user-set save value from config') this.dedupe = () => {} }, '../../lib/utils/reify-output.js': () => {}, @@ -50,6 +51,7 @@ t.test('should remove dupes using Arborist - no arguments', async (t) => { }, config: { 'dry-run': true, + save: true, }, }) await npm.exec('dedupe', []) diff --git a/deps/npm/test/lib/commands/update.js b/deps/npm/test/lib/commands/update.js index aecb2c32b5e3f1..2b464bfabbfcd6 100644 --- a/deps/npm/test/lib/commands/update.js +++ b/deps/npm/test/lib/commands/update.js @@ -27,7 +27,7 @@ t.afterEach(() => { }) t.test('no args', async t => { - t.plan(4) + t.plan(5) npm.prefix = '/project/a' @@ -39,6 +39,7 @@ t.test('no args', async t => { { ...npm.flatOptions, path: npm.prefix, + save: false, workspaces: null, }, 'should call arborist contructor with expected args' @@ -46,7 +47,8 @@ t.test('no args', async t => { t.match(log, {}, 'log is passed in') } - reify ({ update }) { + reify ({ save, update }) { + t.equal(save, false, 'should default to save=false') t.equal(update, true, 'should update all deps') } } @@ -64,9 +66,10 @@ t.test('no args', async t => { }) t.test('with args', async t => { - t.plan(4) + t.plan(5) npm.prefix = '/project/a' + config.save = true class Arborist { constructor (args) { @@ -76,6 +79,7 @@ t.test('with args', async t => { { ...npm.flatOptions, path: npm.prefix, + save: true, workspaces: null, }, 'should call arborist contructor with expected args' @@ -83,7 +87,8 @@ t.test('with args', async t => { t.match(log, {}, 'log is passed in') } - reify ({ update }) { + reify ({ save, update }) { + t.equal(save, true, 'should pass save if manually set') t.same(update, ['ipt'], 'should update listed deps') } } @@ -140,7 +145,7 @@ t.test('update --global', async t => { const { path, log, ...rest } = args t.same( rest, - { ...npm.flatOptions, workspaces: undefined }, + { ...npm.flatOptions, save: true, workspaces: undefined }, 'should call arborist contructor with expected options' )