nodejs · ruyadorno · Dec 9, 2020
diff --git a/deps/npm/CHANGELOG.md b/deps/npm/CHANGELOG.md
@@ -1,3 +1,50 @@
+## 7.1.1 (2020-12-08)
+
+### DEPENDENCIES
+
+* [`bf09e719c`](https://github.com/npm/cli/commit/bf09e719c7f563a255b1e9af6b1237ebc5598db6)
+  `@npmcli/arborist@2.0.0`
+    * Much stricter tree integrity guarantees
+    * Fix issues where the root project is a symlink, or linked as a
+      workspace
+* [`7ceb5b728`](https://github.com/npm/cli/commit/7ceb5b728b9f326c567f5ffe5831c9eccf013aa0)
+  `ini@1.3.6`
+* [`77c6ced2a`](https://github.com/npm/cli/commit/77c6ced2a6daaadbff715c8f05b2e61ba76e9bab)
+  `make-fetch-happen@8.0.11`
+    * Avoid caching headers that are hazardous or unnecessary to leave
+      lying around (authorization, npm-session, etc.)
+    * [#38](https://github.com/npm/make-fetch-happen/pull/38) Include query
+      string in cache key ([@jpb](https://github.com/jpb))
+* [`0ef25b6cd`](https://github.com/npm/cli/commit/0ef25b6cd2921794d36f066e2b11c406342cf167)
+  `libnpmsearch@3.1.0`:
+    * Update to accept query params as options, so we can paginate.
+      ([@nlf](https://github.com/nlf))
+* [`518a66450`](https://github.com/npm/cli/commit/518a664500bcde30475788e8c1c3e651f23e881b)
+  `@npmcli/config@1.2.4`:
+    * Do not allow path options to be set to a boolean `false` value
+* [`3d7aff9d8`](https://github.com/npm/cli/commit/3d7aff9d8dd1cf29956aa306464cd44fbc2af426)
+  update all dependencies using latest npm to install them
+
+### TESTS
+
+* [`2848f5940`](https://github.com/npm/cli/commit/2848f594034b87939bfc5546e3e603f123d98a01)
+  [npm/statusboard#173](https://github.com/npm/statusboard/issues/173)
+  [#2293](https://github.com/npm/cli/issues/2293) npm shrinkwrap
+  ([@ruyadorno](https://github.com/ruyadorno))
+* [`f6824459a`](https://github.com/npm/cli/commit/f6824459ae0c86e2fa9c84b3dcec85f572ae8e1b)
+  [#2302](https://github.com/npm/cli/issues/2302) npm deprecate
+  ([@nlf](https://github.com/nlf))
+* [`b7d74b627`](https://github.com/npm/cli/commit/b7d74b627859f08fca23209d6e0d3ec6657a4489)
+  [npm/statusboard#180](https://github.com/npm/statusboard/issues/180)
+  [#2304](https://github.com/npm/cli/issues/2304) npm unpublish
+  ([@ruyadorno](https://github.com/ruyadorno))
+
+### FEATURES
+
+* [`3db90d944`](https://github.com/npm/cli/commit/3db90d94474f673591811fdab5eb6a5bfdeba261)
+  [#2303](https://github.com/npm/cli/issues/2303) allow for passing object
+  keys to searchopts to allow pagination ([@nlf](https://github.com/nlf))
+
 ## 7.1.0 (2020-12-04)
 
 ### FEATURES

diff --git a/deps/npm/docs/output/commands/npm-ls.html b/deps/npm/docs/output/commands/npm-ls.html
@@ -156,7 +156,7 @@ <h3 id="description">Description</h3>
 limit the results to only the paths to the packages named.  Note that
 nested packages will <em>also</em> show the paths to the specified packages.
 For example, running <code>npm ls promzard</code> in npm’s source tree will show:</p>
-<pre lang="bash"><code>    npm@7.1.0 /path/to/npm
+<pre lang="bash"><code>    npm@7.1.1 /path/to/npm
     └─┬ init-package-json@0.0.4
       └── promzard@0.1.5
 </code></pre>

diff --git a/deps/npm/docs/output/commands/npm.html b/deps/npm/docs/output/commands/npm.html
@@ -148,7 +148,7 @@ <h2 id="table-of-contents">Table of contents</h2>
 <pre lang="bash"><code>npm &lt;command&gt; [args]
 </code></pre>
 <h3 id="version">Version</h3>
-<p>7.1.0</p>
+<p>7.1.1</p>
 <h3 id="description">Description</h3>
 <p>npm is the package manager for the Node JavaScript platform.  It puts
 modules in place so that node can find them, and manages dependency

diff --git a/deps/npm/lib/deprecate.js b/deps/npm/lib/deprecate.js
@@ -5,68 +5,72 @@ const fetch = require('npm-registry-fetch')
 const otplease = require('./utils/otplease.js')
 const npa = require('npm-package-arg')
 const semver = require('semver')
-const getItentity = require('./utils/get-identity')
+const getIdentity = require('./utils/get-identity.js')
+const libaccess = require('libnpmaccess')
+const usageUtil = require('./utils/usage.js')
 
-module.exports = deprecate
+const UsageError = () =>
+  Object.assign(new Error(`\nUsage: ${usage}`), {
+    code: 'EUSAGE',
+  })
 
-deprecate.usage = 'npm deprecate <pkg>[@<version>] <message>'
+const usage = usageUtil(
+  'deprecate',
+  'npm deprecate <pkg>[@<version>] <message>'
+)
 
-deprecate.completion = function (opts, cb) {
-  return Promise.resolve().then(() => {
-    if (opts.conf.argv.remain.length > 2)
-      return
-    return getItentity(npm.flatOptions).then(username => {
-      if (username) {
-        // first, get a list of remote packages this user owns.
-        // once we have a user account, then don't complete anything.
-        // get the list of packages by user
-        return fetch(
-          `/-/by-user/${encodeURIComponent(username)}`,
-          npm.flatOptions
-        ).then(list => list[username])
-      }
+const completion = (opts, cb) => {
+  if (opts.conf.argv.remain.length > 1)
+    return cb(null, [])
+
+  return getIdentity(npm.flatOptions).then((username) => {
+    return libaccess.lsPackages(username, npm.flatOptions).then((packages) => {
+      return Object.keys(packages)
+        .filter((name) => packages[name] === 'write' &&
+          (opts.conf.argv.remain.length === 0 || name.startsWith(opts.conf.argv.remain[0]))
+        )
     })
-  }).then(() => cb(), er => cb(er))
+  }).then((list) => cb(null, list), (err) => cb(err))
 }
 
-function deprecate ([pkg, msg], opts, cb) {
-  if (typeof cb !== 'function') {
-    cb = opts
-    opts = null
-  }
-  opts = opts || npm.flatOptions
-  return Promise.resolve().then(() => {
-    if (msg == null)
-      throw new Error(`Usage: ${deprecate.usage}`)
-    // fetch the data and make sure it exists.
-    const p = npa(pkg)
+const cmd = (args, cb) =>
+  deprecate(args)
+    .then(() => cb())
+    .catch(err => cb(err.code === 'EUSAGE' ? err.message : err))
+
+const deprecate = async ([pkg, msg]) => {
+  if (!pkg || !msg)
+    throw UsageError()
+
+  // fetch the data and make sure it exists.
+  const p = npa(pkg)
+  // npa makes the default spec "latest", but for deprecation
+  // "*" is the appropriate default.
+  const spec = p.rawSpec === '' ? '*' : p.fetchSpec
 
-    // npa makes the default spec "latest", but for deprecation
-    // "*" is the appropriate default.
-    const spec = p.rawSpec === '' ? '*' : p.fetchSpec
+  if (semver.validRange(spec, true) === null)
+    throw new Error(`invalid version range: ${spec}`)
 
-    if (semver.validRange(spec, true) === null)
-      throw new Error('invalid version range: ' + spec)
+  const uri = '/' + p.escapedName
+  const packument = await fetch.json(uri, {
+    ...npm.flatOptions,
+    spec: p,
+    query: { write: true },
+  })
 
-    const uri = '/' + p.escapedName
-    return fetch.json(uri, {
-      ...opts,
-      spec: p,
-      query: { write: true },
-    }).then(packument => {
-      // filter all the versions that match
-      Object.keys(packument.versions)
-        .filter(v => semver.satisfies(v, spec))
-        .forEach(v => {
-          packument.versions[v].deprecated = msg
-        })
-      return otplease(opts, opts => fetch(uri, {
-        ...opts,
-        spec: p,
-        method: 'PUT',
-        body: packument,
-        ignoreBody: true,
-      }))
+  Object.keys(packument.versions)
+    .filter(v => semver.satisfies(v, spec))
+    .forEach(v => {
+      packument.versions[v].deprecated = msg
     })
-  }).then(() => cb(), cb)
+
+  return otplease(npm.flatOptions, opts => fetch(uri, {
+    ...opts,
+    spec: p,
+    method: 'PUT',
+    body: packument,
+    ignoreBody: true,
+  }))
 }
+
+module.exports = Object.assign(cmd, { completion, usage })
diff --git a/deps/npm/lib/shrinkwrap.js b/deps/npm/lib/shrinkwrap.js
@@ -1,14 +1,17 @@
+'use strict'
+
+const { resolve, basename } = require('path')
+const { promises: { unlink } } = require('fs')
 const Arborist = require('@npmcli/arborist')
+const log = require('npmlog')
+
 const npm = require('./npm.js')
+const completion = require('./utils/completion/none.js')
 const usageUtil = require('./utils/usage.js')
 const usage = usageUtil('shrinkwrap', 'npm shrinkwrap')
-const { resolve, basename } = require('path')
-const log = require('npmlog')
 
 const cmd = (args, cb) => shrinkwrap().then(() => cb()).catch(cb)
 
-const completion = require('./utils/completion/none.js')
-
 const shrinkwrap = async () => {
   // if has a npm-shrinkwrap.json, nothing to do
   // if has a package-lock.json, rename to npm-shrinkwrap.json
@@ -31,7 +34,6 @@ const shrinkwrap = async () => {
   const newFile = meta.hiddenLockfile || !meta.loadedFromDisk
   const oldFilename = meta.filename
   const notSW = !newFile && basename(oldFilename) !== 'npm-shrinkwrap.json'
-  const { promises: { unlink } } = require('fs')
 
   meta.hiddenLockfile = false
   meta.filename = sw

diff --git a/deps/npm/lib/unpublish.js b/deps/npm/lib/unpublish.js
@@ -1,3 +1,5 @@
+'use strict'
+
 const path = require('path')
 const util = require('util')
 const log = require('npmlog')
@@ -11,7 +13,7 @@ const npm = require('./npm.js')
 const usageUtil = require('./utils/usage.js')
 const output = require('./utils/output.js')
 const otplease = require('./utils/otplease.js')
-const whoami = util.promisify(require('./whoami.js'))
+const getIdentity = require('./utils/get-identity.js')
 
 const usage = usageUtil('unpublish', 'npm unpublish [<@scope>/]<pkg>[@<version>]')
 
@@ -25,18 +27,18 @@ const completionFn = async (args) => {
   const { partialWord, conf } = args
 
   if (conf.argv.remain.length >= 3)
-    return
+    return []
 
-  const username = await whoami([], true)
+  const opts = npm.flatOptions
+  const username = await getIdentity({ ...opts }).catch(() => null)
   if (!username)
     return []
-  const opts = npm.flatOptions
 
   const access = await libaccess.lsPackages(username, opts)
   // do a bit of filtering at this point, so that we don't need
   // to fetch versions for more than one thing, but also don't
   // accidentally a whole project
-  let pkgs = Object.keys(access)
+  let pkgs = Object.keys(access || {})
   if (!partialWord || !pkgs.length)
     return pkgs
 
@@ -55,18 +57,20 @@ const completionFn = async (args) => {
 
 async function unpublish (args) {
   if (args.length > 1)
-    throw usage
+    throw new Error(usage)
 
   const spec = args.length && npa(args[0])
   const opts = npm.flatOptions
   const { force, silent, loglevel } = opts
-  let ret
+  let res
+  let pkgName
+  let pkgVersion
 
   log.silly('unpublish', 'args[0]', args[0])
   log.silly('unpublish', 'spec', spec)
 
   if (!spec.rawSpec && !force) {
-    throw (
+    throw new Error(
       'Refusing to delete entire project.\n' +
       'Run with --force to do this.\n' +
       usage
@@ -77,31 +81,34 @@ async function unpublish (args) {
     // if there's a package.json in the current folder, then
     // read the package name and version out of that.
     const pkgJson = path.join(npm.localPrefix, 'package.json')
-    const manifest = await readJson(pkgJson)
-
-    log.verbose('unpublish', manifest)
-
-    const { name, version, publishConfig } = manifest
-    const pkgJsonSpec = npa.resolve(name, version)
-
+    let manifest
     try {
-      ret = await otplease(opts, opts => libunpub(pkgJsonSpec, { ...opts, publishConfig }))
+      manifest = await readJson(pkgJson)
     } catch (err) {
       if (err && err.code !== 'ENOENT' && err.code !== 'ENOTDIR')
         throw err
       else
-        throw `Usage: ${usage}`
+        throw new Error(`Usage: ${usage}`)
     }
-  } else
-    ret = await otplease(opts, opts => libunpub(spec, opts))
 
-  if (!silent && loglevel !== 'silent') {
-    output(`- ${spec.name}${
-      spec.type === 'version' ? `@${spec.rawSpec}` : ''
-    }`)
+    log.verbose('unpublish', manifest)
+
+    const { name, version, publishConfig } = manifest
+    const pkgJsonSpec = npa.resolve(name, version)
+
+    res = await otplease(opts, opts => libunpub(pkgJsonSpec, { ...opts, publishConfig }))
+    pkgName = name
+    pkgVersion = version ? `@${version}` : ''
+  } else {
+    res = await otplease(opts, opts => libunpub(spec, opts))
+    pkgName = spec.name
+    pkgVersion = spec.type === 'version' ? `@${spec.rawSpec}` : ''
   }
 
-  return ret
+  if (!silent && loglevel !== 'silent')
+    output(`- ${pkgName}${pkgVersion}`)
+
+  return res
 }
 
 module.exports = Object.assign(cmd, { completion, usage })
diff --git a/deps/npm/lib/utils/completion/installed-deep.js b/deps/npm/lib/utils/completion/installed-deep.js
@@ -13,6 +13,7 @@ const readNames = async () => {
 
   const getValues = (tree) =>
     [...tree.inventory.values()]
+      .filter(i => i.location !== '' && !i.isRoot)
       .map(i => {
         return i
       })

diff --git a/deps/npm/lib/utils/flat-options.js b/deps/npm/lib/utils/flat-options.js
@@ -3,6 +3,7 @@
 
 const log = require('npmlog')
 const crypto = require('crypto')
+const querystring = require('querystring')
 const npmSession = crypto.randomBytes(8).toString('hex')
 log.verbose('npm-session', npmSession)
 const { join } = require('path')
@@ -92,7 +93,7 @@ const flatten = obj => ({
     description: obj.description,
     exclude: obj.searchexclude,
     limit: obj.searchlimit || 20,
-    opts: obj.searchopts,
+    opts: querystring.parse(obj.searchopts),
     staleness: obj.searchstaleness,
   },
 

diff --git a/deps/npm/man/man1/npm-ls.1 b/deps/npm/man/man1/npm-ls.1
@@ -22,7 +22,7 @@ For example, running \fBnpm ls promzard\fP in npm's source tree will show:
 .P
 .RS 2
 .nf
-    npm@7\.1\.0 /path/to/npm
+    npm@7\.1\.1 /path/to/npm
     └─┬ init\-package\-json@0\.0\.4
       └── promzard@0\.1\.5
 .fi

diff --git a/deps/npm/man/man1/npm.1 b/deps/npm/man/man1/npm.1
@@ -10,7 +10,7 @@ npm <command> [args]
 .RE
 .SS Version
 .P
-7\.1\.0
+7\.1\.1
 .SS Description
 .P
 npm is the package manager for the Node JavaScript platform\.  It puts