MINI-EPIC: next steps for v7 integration 2020-03-03

[isaacs]

• (feat/publish #1000) npm publish, npm unpublish, and libnpmpublish (@claudiahdz)
• use @npmcli/arborist in:
  • ([v7] update npm ci command #1025) npm ci
  • npm update
  • npm shrinkwrap
  • npm audit (somewhat extensive, as this currently uses the v6 Installer class, and so may need Arborist changes to support)
• (feat/publish #1000) leverage pacote more fully in npm pack
• ([v7] Complete npm install command #995) improve install/ci output (may need to revisit the design, since a giant single-color archy representation of the logical tree is not super helpful, even as a silly output log -- if we're going to dump an archy into the log, it should probably be the physical tree, at least). Note that this affects both install and ci.
• ensure deduping of dependencies in node_modules
• Document/RFC (add more to this list as we remember/find/decide them)
  • update is always depth=Infinity
  • --authtype=sso deprecated
  • acceptDependencies
  • --include-staged

[isaacs]

Updated list:

Beta Release Blockers

• npm commands that are a call to Arborist.reify() in some fashion:
  • install
  • ci
  • update
  • link
  • install-test
  • install-ci-test
  • uninstall (easy)
  • prune
  • dedupe (probably needs some work on Arborist.buildIdealTree to actually
    do the deduping bit without completely regenerating it, but should be
    straightforward)
  • audit fix (in progress isaacs)
• Land npm publish PR
  • NB: this and libcipm are the last remaining items holding
    npm-registry-fetch@4 in place.
• Finish Arborist.audit(), and audit integration with
  Arborist.reify()
  • replace npm-audit-report (in progress)
• outdated (in progress - claudiahdz)
• All reify commands above need consistent output at the end of their
  run, including funding, quick audit, and summary results (in progress
  isaacs, pending finishing Arborist.audit)
• shrinkwrap command
• npm install --package-lock-only
• remove lib/fetch-package-metadata.js once nothing is using it
• remove lib/install/*.js once nothing is using it
• npm commands to port to Arborist.loadActual
  • ls
  • fund
• fully remove all uid/gid setting stuff
• update mkdirp to 1.x everywhere
• fully remove these configs which are no longer relevant:
  • user
  • group
  • uid
  • gid
  • umask
  • dev (or convert to alias for --include=dev)
  • onload-script (and actually remove its usage)
  • scripts-prepend-node-path
  • unsafe-perm
• Add support to Arborist for --format-package-lock flag
• do not treat test special in scripts (ie, just go ahead and run and
  fail if no scripts.test present, instead of creating a default fail
  message)
• remove/change these deps (and code using them):
  • uid-number
  • npm-lifecycle
  • gentle-fs
  • figgy-pudding
  • ? detect-indent
  • ? detect-newline
  • fs-vacuum
  • read-package-json -> read-package-json-fast
  • json-parse-better-errors -> json-parse-even-better-errors
  • tar-stream -> tar
  • umask
  • mississippi
  • unpipe
  • lazy-property
  • review all others for usage, and remove if no longer needed

---

7.0.0 release blockers (but not 7.0.0-beta blockers)

• update tar to no longer rely on process.umask()
  • also remove process.umask() everywhere else, but tar is the only hard
    one
• add file-specific unit tests for all files in lib, and enforce 100%
  code coverage with a coverage-map
• Update all dependencies
• review all documentation and correct
• review all failing tests and correct or remove

---

Can be 7.1 or later release

• workspaces integration in CLI
  • Note: work on Arborist support in progress. integration in the CLI
    itself will be more straightforward, but some subtle UX work.
• overrides
• staged publishes
  • installation (partly done, not compliant with RFC yet)
  • server support
  • publishing

[isaacs]

cc: @ethomson @jeremyepling @scottdensmore

[darcyclarke]

Note: we've broken out this Epic into smaller issues & Epics; You can find the in-progress items here: https://app.zenhub.com/workspaces/community--open-source-5dc50ffc58ce25000154fc64/board?labels=release%207.x&repos=139910229,193812680,193818300,206620712,219775300,195874389,1357199,9556133,15821540,19761728,20658455,25002984,87129681,92022198,92569773,98075774,102792426,106227009,122357526,131072921,193812470,193813560,193816752,210390077,233293453,146668808,125480737,156104684,145055756,128109144,27612014,28640038,200085633,193817839,145919620,146349815,145500230,246167265,246110676,235679249,246439333

[ljharb]

those aren't on github tho

[isaacs]

@ljharb You can view the zenhub url by logging in with GitHub. It's just an organizing view of tickets across multiple repos, with some scrummy sprint type decorations applied.

[ljharb]

Not without granting it full write permissions on all my public and private repos :-/

[isaacs]

Could always create an alt account. Idk. 🤷‍♂️