Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: devEngines #7766

Merged
merged 3 commits into from
Oct 3, 2024
Merged

feat: devEngines #7766

merged 3 commits into from
Oct 3, 2024

Conversation

reggi
Copy link
Contributor

@reggi reggi commented Sep 5, 2024

This PR adds a check for devEngines in the current projects package.json as defined in the spec here:
openjs-foundation/package-metadata-interoperability-collab-space#15

This PR utilizes a checkDevEngines function defined within npm-install-checks open here:
npm/npm-install-checks#116

The goal of this pr is to have a check for specific npm commands install, and run consult the devEngines property before execution and check if the current system / environment. For npm the runtime will always be node and the packageManager will always be npm, if a project is defined as not those two envs and it's required we'll throw.

Note the current engines property is checked when you install your dependencies. Each packages engines are checked with your environment. However, devEngines operates on commands for maintainers of a package, service, project when install and run commands are executed and is meant to enforce / guide maintainers to all be using the same engine / env and or versions.

@ljharb
Copy link
Contributor

ljharb commented Sep 5, 2024

What happens without --force?

@reggi
Copy link
Contributor Author

reggi commented Sep 5, 2024

Hey @ljharb, it works as it should. Is this in reference to the description or something you saw in the code?

@ljharb
Copy link
Contributor

ljharb commented Sep 5, 2024

No, just from reading your OP - the implication is that npm install will fail with a mismatched devEngines, and that --force is the only way to bypass that, but --force is generally treated as a dangerous command, so it might be nice to have an alternative way to change the default behavior from failure to just a warning?

@reggi
Copy link
Contributor Author

reggi commented Sep 5, 2024

No, just from reading your OP - the implication is that npm install will fail with a mismatched devEngines, and that --force is the only way to bypass that, but --force is generally treated as a dangerous command, so it might be nice to have an alternative way to change the default behavior from failure to just a warning?

As per the spec it fails if onFail is undefined or set to error and --force is the only way to bypass it.

@ljharb
Copy link
Contributor

ljharb commented Sep 5, 2024

ah ok, so if i don't want to use --force, i'd just set onFail to warn in package.json? that works for me :-)

@ljharb
Copy link
Contributor

ljharb commented Sep 5, 2024

One additional consideration - only in CI, you'd explicitly need it to not fail (because devEngines might say "node 22" but engines might say "node 18, 20, or 22", and you'd want to be testing on all 3 majors). How could I set that only in CI, if there's no env var or npmrc config to do that?

@reggi
Copy link
Contributor Author

reggi commented Sep 5, 2024

One additional consideration - only in CI, you'd explicitly need it to not fail (because devEngines might say "node 22" but engines might say "node 18, 20, or 22", and you'd want to be testing on all 3 majors). How could I set that only in CI, if there's no env var or npmrc config to do that?

If you support node 18, 20, or 22 then devEngines should reflect that with a proper semver range.

@ljharb
Copy link
Contributor

ljharb commented Sep 5, 2024

That's not the intended usage of the field, though - otherwise engines and devEngines must always be the same, and what's the point of the feature?

package.json Outdated Show resolved Hide resolved
@reggi
Copy link
Contributor Author

reggi commented Sep 5, 2024

That's not the intended usage of the field, though - otherwise engines and devEngines must always be the same, and what's the point of the feature?

I updated the description with some clarifications on engines v devEngines

@ljharb
Copy link
Contributor

ljharb commented Sep 5, 2024

Your OP looks great! What I was trying to convey is that, for typical and desired CI usage, there needs to be an npm config-based mechanism to change "fail" to "warn" or "none" (or, to cause it to look at the union of engines + devEngines instead and THEN fail - which might be even better!)

@wraithgar
Copy link
Member

If you are testing something in CI why are you setting devEngines outside the bounds of where you test it?

@ljharb
Copy link
Contributor

ljharb commented Sep 5, 2024

@wraithgar for a package, CI is for testing what engines matches - the thing consumers will see. devEngines is what contributors should be running locally, which should always be a non-strict subset of engines.

@wraithgar
Copy link
Member

Makes sense. That's a whole larger discussion in npm itself in "how do I interact with this code base as if it were a package being used elsewhere". I don't think it's a blocker for this feature.

@ljharb
Copy link
Contributor

ljharb commented Sep 5, 2024

It's a blocker for its use in packages, but certainly not one for its use in applications.

It would be very nice for the initial implementation to have an answer for this, though - and my suggestion is either an npm config (and thus an env var) that can override "fail" to "warn", and/or, an npm config (and thus an env var) for checking the union of engines and devEngines before failing/warning/etc.

@wraithgar
Copy link
Member

wraithgar commented Sep 5, 2024

That's a much bigger feature than you think. It effectively means "npm please interact with this top level package.json as if it were a package you are installing" which means parsing engines, os, etc differently. If this is something you need to do then you are much better off doing something like npm pack and then installing that tarball into a separate folder with its own package.json.

Tacking on a "ok just ignore devEngines" flag masks the reality of this disconnect.

ETA: Even the lifecycle scripts act differently when you are installing as a package. Again this is a much bigger issue than just devEngines.

@ljharb
Copy link
Contributor

ljharb commented Sep 5, 2024

Fair that it may be large enough of a change to need doing in a separate effort - but "pack in CI and test the output of the tarball" is wildly impractical and incredible difficult to achieve (because of how tests are written), so i don't think that's a viable alternative.

npm already parses engines in your current project, though, and due to workspaces and overrides, it already does something different when it's a project vs a dependency, so I'm not sure why it would be that much larger a feature.

@wraithgar
Copy link
Member

so I'm not sure why it would be that much larger a feature

PRs welcome.

@ljharb
Copy link
Contributor

ljharb commented Sep 5, 2024

Great, after this lands I'll submit one :-)

@reggi reggi marked this pull request as ready for review September 6, 2024 16:41
@reggi reggi requested a review from a team as a code owner September 6, 2024 16:41
@hashtagchris
Copy link
Contributor

Possibly related to @ljharb's comments, what kind of devEngines will we add to npm/node-semver, and how would we change the CI? Or will we intentionally not add one for the time being?

@reggi
Copy link
Contributor Author

reggi commented Sep 9, 2024

Possibly related to @ljharb's comments, what kind of devEngines will we add to npm/node-semver, and how would we change the CI? Or will we intentionally not add one for the time being?

Because we're still operating on a widely popular runtime / packageManager I don't see much value in adding it, but if we were to add devEngines to npm-semver it would need to match what we have in CI. Something like this:

{
  "devEngines": {
    "runtime": {
      "name": "node",
      "version": ">10.0.0",
      "onFail": "error"
    },
    "packageManager": {
      "name": "npm",
      "version": ">10.0.0",
      "onFail": "error"
    }
  }
}

@hashtagchris
Copy link
Contributor

hashtagchris commented Sep 10, 2024

Thanks @reggi. In practice I think you'd need a newer version of node for development tasks like running lint and postlint. But maybe fully ensuring package developers are set up for success (#7766 (comment)) is a larger feature, like @wraithgar said.

@reggi
Copy link
Contributor Author

reggi commented Sep 11, 2024

Some thoughts on devEngines in CI:

devEngines was created to enforce mainly packageManager (and runtime) locally. Having just the name specified is a huge help in defining what tools a JS codebase should be developed with. Having version assigned along with the name is simply viewed as another limiting factor. Unlike engines, where the version is a property value of a key and is a requirement, version in devEngines is not required and is viewed as extra.

In CI, codebases support old versions of Node.js. For example, node-semver's npm test script should be runnable and pass in an old version of Node.js, such as version 10. However, npm run lint should be running a modern version of Node.js. It's not within the scope of the devEngines spec to assign specific versions of Node.js for each script in package.json. Again, the job of devEngines is to enforce that the project should be run using npm with packageManager and node. In the case of node-semver, we'd specify npm and node with no version, or have a wide semver range for node so that CI will run.

@ljharb
Copy link
Contributor

ljharb commented Sep 11, 2024

As I explained upthread, the only reason for devEngines to exist is so it can be a subset of engines - iow, if the only path forward is to no limit it to the point CI would fail, then the entire feature isn't worth adding, because engines already does that.

npm already does some things automatically in CI when certain env vars are present; it seems pretty reasonable to me to default that flag to true only in CI?

@reggi
Copy link
Contributor Author

reggi commented Sep 11, 2024

The point of devEngines is for people who use yarn, or bun to enforce that tooling in their project, it seems as an alternative to or additional definition for corepack.

The point of engines is to warn when a dependency is not aligned with the project it's being used in.

then the entire feature isn't worth adding

Maybe it's not for you, if you're just gonna use node / npm.

engines already does that.

engines doesn't throw if there's a mismatch locally, it only warns. engines doesn't cause npm to fail if yarn is specified which there isn't even valid consideration for.

I think engines and devEngines are quite different in purpose, object shape, I don't think devEngines is even an apt descriptor and causes more confusion.

@ljharb
Copy link
Contributor

ljharb commented Sep 11, 2024

It's true that devEngines has more than just runtime/package manager, and it's definitely true that engines doesn't fail, but as part of the group that designed this feature in the first place, I can assure you that the explicit intention of its design is to have engines be expansive, and devEngines (or whatever it's called) be a subset.

@reggi reggi force-pushed the reggi/dev-engines branch from c7802c9 to 4fedafb Compare October 2, 2024 20:54
wraithgar
wraithgar previously approved these changes Oct 2, 2024
Copy link
Contributor

@hashtagchris hashtagchris left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Following up on a few minor things before I approve.

lib/base-cmd.js Show resolved Hide resolved
lib/npm.js Show resolved Hide resolved
hashtagchris
hashtagchris previously approved these changes Oct 2, 2024
Copy link
Contributor

@hashtagchris hashtagchris left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:shipit:

@reggi reggi dismissed stale reviews from hashtagchris and wraithgar via e59797f October 3, 2024 14:42
hashtagchris
hashtagchris previously approved these changes Oct 3, 2024
Copy link
Contributor

@hashtagchris hashtagchris left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Left some minor non-blocking feedback

test/lib/commands/install.js Outdated Show resolved Hide resolved
test/lib/commands/install.js Outdated Show resolved Hide resolved
Copy link
Member

@wraithgar wraithgar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Re-approving to get things moving since the last feedback was "nonblocking"

@reggi reggi merged commit 4d57928 into latest Oct 3, 2024
43 checks passed
@reggi reggi deleted the reggi/dev-engines branch October 3, 2024 16:44
@github-actions github-actions bot mentioned this pull request Oct 3, 2024
zemnmez-renovate-bot added a commit to zemn-me/monorepo that referenced this pull request Oct 3, 2024
##### [`v10.9.0](https://github.com/npm/cli/blob/HEAD/CHANGELOG.md#1090-2024-10-03)

##### Features

-   [`4d57928`](npm/cli@4d57928) [#7766](npm/cli#7766) devEngines ([#7766](npm/cli#7766)) ([@reggi](https://github.com/reggi))

##### Bug Fixes

-   [`6ca609e`](npm/cli@6ca609e) [#7789](npm/cli#7789) ping and doctor commands fix for checking if registry is online ([#7789](npm/cli#7789)) ([@milaninfy](https://github.com/milaninfy))

##### Documentation

-   [`63d6a73`](npm/cli@63d6a73) [#7783](npm/cli#7783) package.json: add brief section on exports, link to Node.js docs ([#7783](npm/cli#7783)) ([@wheresrhys](https://github.com/wheresrhys))
-   [`366c07e`](npm/cli@366c07e) [#7776](npm/cli#7776) remove incorrect note about npm install ([#7776](npm/cli#7776)) ([@wraithgar](https://github.com/wraithgar))

##### Dependencies

-   [`60a7ee5`](npm/cli@60a7ee5) [#7803](npm/cli#7803) hoist npm-normalize-package-bin
-   [`20dd44f`](npm/cli@20dd44f) [#7803](npm/cli#7803) hoist minipass-fetch
-   [`5795987`](npm/cli@5795987) [#7803](npm/cli#7803) update `proggy@3.0.0`
-   [`99ccae3`](npm/cli@99ccae3) [#7803](npm/cli#7803) update `bin-links@5.0.0`
-   [`75786ad`](npm/cli@75786ad) [#7803](npm/cli#7803) update `@npmcli/query@4.0.0`
-   [`1c25a1d`](npm/cli@1c25a1d) [#7803](npm/cli#7803) update `@npmcli/node-gyp@4.0.0`
-   [`2d7fc3d`](npm/cli@2d7fc3d) [#7803](npm/cli#7803) update `@npmcli/name-from-folder@3.0.0`
-   [`1e09334`](npm/cli@1e09334) [#7803](npm/cli#7803) update `@npmcli/metavuln-calculator@8.0.0`
-   [`820e983`](npm/cli@820e983) [#7803](npm/cli#7803) update `@npmcli/installed-package-contents@3.0.0`
-   [`9cd6603`](npm/cli@9cd6603) [#7803](npm/cli#7803) update `read-package-json-fast@4.0.0`
-   [`b84d907`](npm/cli@b84d907) [#7803](npm/cli#7803) update `@npmcli/git@6.0.1`
-   [`53ed632`](npm/cli@53ed632) [#7803](npm/cli#7803) update `write-file-atomic@6.0.0`
-   [`ab40dab`](npm/cli@ab40dab) [#7803](npm/cli#7803) update `which@5.0.0`
-   [`b1c4770`](npm/cli@b1c4770) [#7803](npm/cli#7803) update `validate-npm-package-name@6.0.0`
-   [`8206c4f`](npm/cli@8206c4f) [#7803](npm/cli#7803) update `ssri@12.0.0`
-   [`8b7dbc8`](npm/cli@8b7dbc8) [#7803](npm/cli#7803) update `read@4.0.0`
-   [`f6909a0`](npm/cli@f6909a0) [#7803](npm/cli#7803) update `proc-log@5.0.0`
-   [`f9b2e18`](npm/cli@f9b2e18) [#7803](npm/cli#7803) update `parse-conflict-json@4.0.0`
-   [`e7ab206`](npm/cli@e7ab206) [#7803](npm/cli#7803) update `pacote@19.0.0`
-   [`b28dbb1`](npm/cli@b28dbb1) [#7803](npm/cli#7803) update `npm-user-validate@3.0.0`
-   [`d13a20b`](npm/cli@d13a20b) [#7803](npm/cli#7803) update `npm-registry-fetch@18.0.1`
-   [`5208f74`](npm/cli@5208f74) [#7803](npm/cli#7803) update `npm-profile@11.0.1`
-   [`092f41f`](npm/cli@092f41f) [#7803](npm/cli#7803) update `npm-pick-manifest@10.0.0`
-   [`50a7bc8`](npm/cli@50a7bc8) [#7803](npm/cli#7803) update `npm-package-arg@12.0.0`
-   [`591130d`](npm/cli@591130d) [#7803](npm/cli#7803) update `npm-install-checks@7.1.0`
-   [`be6ae96`](npm/cli@be6ae96) [#7803](npm/cli#7803) update `npm-audit-report@6.0.0`
-   [`8d4060a`](npm/cli@8d4060a) [#7803](npm/cli#7803) update `normalize-package-data@7.0.0`
-   [`105fa2b`](npm/cli@105fa2b) [#7803](npm/cli#7803) update `nopt@8.0.0`
-   [`eae4f57`](npm/cli@eae4f57) [#7803](npm/cli#7803) update `make-fetch-happen@14.0.1`
-   [`7214149`](npm/cli@7214149) [#7803](npm/cli#7803) update `json-parse-even-better-errors@4.0.0`
-   [`c4bed31`](npm/cli@c4bed31) [#7803](npm/cli#7803) update `init-package-json@7.0.1`
-   [`f54b155`](npm/cli@f54b155) [#7803](npm/cli#7803) update `ini@5.0.0`
-   [`6deae9e`](npm/cli@6deae9e) [#7803](npm/cli#7803) update `hosted-git-info@8.0.0`
-   [`034c729`](npm/cli@034c729) [#7803](npm/cli#7803) update `cacache@19.0.1`
-   [`ddb8be0`](npm/cli@ddb8be0) [#7803](npm/cli#7803) update `abbrev@3.0.0`
-   [`538a4cc`](npm/cli@538a4cc) [#7803](npm/cli#7803) update `@npmcli/run-script@9.0.1`
-   [`b80d048`](npm/cli@b80d048) [#7803](npm/cli#7803) update `@npmcli/redact@3.0.0`
-   [`81137fc`](npm/cli@81137fc) [#7803](npm/cli#7803) update `@npmcli/promise-spawn@8.0.1`
-   [`2076368`](npm/cli@2076368) [#7803](npm/cli#7803) update `@npmcli/package-json@6.0.1`
-   [`feac87c`](npm/cli@feac87c) [#7803](npm/cli#7803) update `@npmcli/map-workspaces@4.0.1`
-   [`dd90f9e`](npm/cli@dd90f9e) [#7803](npm/cli#7803) update `@npmcli/fs@4.0.0`

##### Chores

-   [`95e2cb1`](npm/cli@95e2cb1) [#7810](npm/cli#7810) ignore .github folder in release-please ([@reggi](https://github.com/reggi))
-   [`be1e6da`](npm/cli@be1e6da) [#7803](npm/cli#7803) update `minify-registry-metadata@4.0.0` ([@reggi](https://github.com/reggi))
-   [`43f2374`](npm/cli@43f2374) [#7803](npm/cli#7803) update `ignore-walk@7.0.0` ([@reggi](https://github.com/reggi))
-   [`bb03036`](npm/cli@bb03036) [#7803](npm/cli#7803) update `npm-packlist@9.0.0` ([@reggi](https://github.com/reggi))
-   [`2072705`](npm/cli@2072705) [#7803](npm/cli#7803) update `@npmcli/eslint-config@5.0.1` ([@reggi](https://github.com/reggi))
-   [`949d8f8`](npm/cli@949d8f8) [#7803](npm/cli#7803) engine ^18.17.0 || >=20.5.0 in package template ([@reggi](https://github.com/reggi))
-   [`fefd509`](npm/cli@fefd509) [#7764](npm/cli#7764) deps: bump actions/download-artifact from 3 to 4 in /.github/workflows ([#7764](npm/cli#7764)) ([@dependabot](https://github.com/dependabot)\[bot], [@wraithgar](https://github.com/wraithgar))
-   [workspace](https://github.com/npm/cli/releases/tag/arborist-v8.0.0): `@npmcli/arborist@8.0.0`
-   [workspace](https://github.com/npm/cli/releases/tag/config-v9.0.0): `@npmcli/config@9.0.0`
-   [workspace](https://github.com/npm/cli/releases/tag/libnpmaccess-v9.0.0): `libnpmaccess@9.0.0`
-   [workspace](https://github.com/npm/cli/releases/tag/libnpmdiff-v7.0.0): `libnpmdiff@7.0.0`
-   [workspace](https://github.com/npm/cli/releases/tag/libnpmexec-v9.0.0): `libnpmexec@9.0.0`
-   [workspace](https://github.com/npm/cli/releases/tag/libnpmfund-v6.0.0): `libnpmfund@6.0.0`
-   [workspace](https://github.com/npm/cli/releases/tag/libnpmhook-v11.0.0): `libnpmhook@11.0.0`
-   [workspace](https://github.com/npm/cli/releases/tag/libnpmorg-v7.0.0): `libnpmorg@7.0.0`
-   [workspace](https://github.com/npm/cli/releases/tag/libnpmpack-v8.0.0): `libnpmpack@8.0.0`
-   [workspace](https://github.com/npm/cli/releases/tag/libnpmpublish-v10.0.0): `libnpmpublish@10.0.0`
-   [workspace](https://github.com/npm/cli/releases/tag/libnpmsearch-v8.0.0): `libnpmsearch@8.0.0`
-   [workspace](https://github.com/npm/cli/releases/tag/libnpmteam-v7.0.0): `libnpmteam@7.0.0`
-   [workspace](https://github.com/npm/cli/releases/tag/libnpmversion-v7.0.0): `libnpmversion@7.0.0`
zemnmez-renovate-bot added a commit to zemn-me/monorepo that referenced this pull request Oct 3, 2024
##### [`v10.9.0](https://github.com/npm/cli/blob/HEAD/CHANGELOG.md#1090-2024-10-03)

##### Features

-   [`4d57928`](npm/cli@4d57928) [#7766](npm/cli#7766) devEngines ([#7766](npm/cli#7766)) ([@reggi](https://github.com/reggi))

##### Bug Fixes

-   [`6ca609e`](npm/cli@6ca609e) [#7789](npm/cli#7789) ping and doctor commands fix for checking if registry is online ([#7789](npm/cli#7789)) ([@milaninfy](https://github.com/milaninfy))

##### Documentation

-   [`63d6a73`](npm/cli@63d6a73) [#7783](npm/cli#7783) package.json: add brief section on exports, link to Node.js docs ([#7783](npm/cli#7783)) ([@wheresrhys](https://github.com/wheresrhys))
-   [`366c07e`](npm/cli@366c07e) [#7776](npm/cli#7776) remove incorrect note about npm install ([#7776](npm/cli#7776)) ([@wraithgar](https://github.com/wraithgar))

##### Dependencies

-   [`60a7ee5`](npm/cli@60a7ee5) [#7803](npm/cli#7803) hoist npm-normalize-package-bin
-   [`20dd44f`](npm/cli@20dd44f) [#7803](npm/cli#7803) hoist minipass-fetch
-   [`5795987`](npm/cli@5795987) [#7803](npm/cli#7803) update `proggy@3.0.0`
-   [`99ccae3`](npm/cli@99ccae3) [#7803](npm/cli#7803) update `bin-links@5.0.0`
-   [`75786ad`](npm/cli@75786ad) [#7803](npm/cli#7803) update `@npmcli/query@4.0.0`
-   [`1c25a1d`](npm/cli@1c25a1d) [#7803](npm/cli#7803) update `@npmcli/node-gyp@4.0.0`
-   [`2d7fc3d`](npm/cli@2d7fc3d) [#7803](npm/cli#7803) update `@npmcli/name-from-folder@3.0.0`
-   [`1e09334`](npm/cli@1e09334) [#7803](npm/cli#7803) update `@npmcli/metavuln-calculator@8.0.0`
-   [`820e983`](npm/cli@820e983) [#7803](npm/cli#7803) update `@npmcli/installed-package-contents@3.0.0`
-   [`9cd6603`](npm/cli@9cd6603) [#7803](npm/cli#7803) update `read-package-json-fast@4.0.0`
-   [`b84d907`](npm/cli@b84d907) [#7803](npm/cli#7803) update `@npmcli/git@6.0.1`
-   [`53ed632`](npm/cli@53ed632) [#7803](npm/cli#7803) update `write-file-atomic@6.0.0`
-   [`ab40dab`](npm/cli@ab40dab) [#7803](npm/cli#7803) update `which@5.0.0`
-   [`b1c4770`](npm/cli@b1c4770) [#7803](npm/cli#7803) update `validate-npm-package-name@6.0.0`
-   [`8206c4f`](npm/cli@8206c4f) [#7803](npm/cli#7803) update `ssri@12.0.0`
-   [`8b7dbc8`](npm/cli@8b7dbc8) [#7803](npm/cli#7803) update `read@4.0.0`
-   [`f6909a0`](npm/cli@f6909a0) [#7803](npm/cli#7803) update `proc-log@5.0.0`
-   [`f9b2e18`](npm/cli@f9b2e18) [#7803](npm/cli#7803) update `parse-conflict-json@4.0.0`
-   [`e7ab206`](npm/cli@e7ab206) [#7803](npm/cli#7803) update `pacote@19.0.0`
-   [`b28dbb1`](npm/cli@b28dbb1) [#7803](npm/cli#7803) update `npm-user-validate@3.0.0`
-   [`d13a20b`](npm/cli@d13a20b) [#7803](npm/cli#7803) update `npm-registry-fetch@18.0.1`
-   [`5208f74`](npm/cli@5208f74) [#7803](npm/cli#7803) update `npm-profile@11.0.1`
-   [`092f41f`](npm/cli@092f41f) [#7803](npm/cli#7803) update `npm-pick-manifest@10.0.0`
-   [`50a7bc8`](npm/cli@50a7bc8) [#7803](npm/cli#7803) update `npm-package-arg@12.0.0`
-   [`591130d`](npm/cli@591130d) [#7803](npm/cli#7803) update `npm-install-checks@7.1.0`
-   [`be6ae96`](npm/cli@be6ae96) [#7803](npm/cli#7803) update `npm-audit-report@6.0.0`
-   [`8d4060a`](npm/cli@8d4060a) [#7803](npm/cli#7803) update `normalize-package-data@7.0.0`
-   [`105fa2b`](npm/cli@105fa2b) [#7803](npm/cli#7803) update `nopt@8.0.0`
-   [`eae4f57`](npm/cli@eae4f57) [#7803](npm/cli#7803) update `make-fetch-happen@14.0.1`
-   [`7214149`](npm/cli@7214149) [#7803](npm/cli#7803) update `json-parse-even-better-errors@4.0.0`
-   [`c4bed31`](npm/cli@c4bed31) [#7803](npm/cli#7803) update `init-package-json@7.0.1`
-   [`f54b155`](npm/cli@f54b155) [#7803](npm/cli#7803) update `ini@5.0.0`
-   [`6deae9e`](npm/cli@6deae9e) [#7803](npm/cli#7803) update `hosted-git-info@8.0.0`
-   [`034c729`](npm/cli@034c729) [#7803](npm/cli#7803) update `cacache@19.0.1`
-   [`ddb8be0`](npm/cli@ddb8be0) [#7803](npm/cli#7803) update `abbrev@3.0.0`
-   [`538a4cc`](npm/cli@538a4cc) [#7803](npm/cli#7803) update `@npmcli/run-script@9.0.1`
-   [`b80d048`](npm/cli@b80d048) [#7803](npm/cli#7803) update `@npmcli/redact@3.0.0`
-   [`81137fc`](npm/cli@81137fc) [#7803](npm/cli#7803) update `@npmcli/promise-spawn@8.0.1`
-   [`2076368`](npm/cli@2076368) [#7803](npm/cli#7803) update `@npmcli/package-json@6.0.1`
-   [`feac87c`](npm/cli@feac87c) [#7803](npm/cli#7803) update `@npmcli/map-workspaces@4.0.1`
-   [`dd90f9e`](npm/cli@dd90f9e) [#7803](npm/cli#7803) update `@npmcli/fs@4.0.0`

##### Chores

-   [`95e2cb1`](npm/cli@95e2cb1) [#7810](npm/cli#7810) ignore .github folder in release-please ([@reggi](https://github.com/reggi))
-   [`be1e6da`](npm/cli@be1e6da) [#7803](npm/cli#7803) update `minify-registry-metadata@4.0.0` ([@reggi](https://github.com/reggi))
-   [`43f2374`](npm/cli@43f2374) [#7803](npm/cli#7803) update `ignore-walk@7.0.0` ([@reggi](https://github.com/reggi))
-   [`bb03036`](npm/cli@bb03036) [#7803](npm/cli#7803) update `npm-packlist@9.0.0` ([@reggi](https://github.com/reggi))
-   [`2072705`](npm/cli@2072705) [#7803](npm/cli#7803) update `@npmcli/eslint-config@5.0.1` ([@reggi](https://github.com/reggi))
-   [`949d8f8`](npm/cli@949d8f8) [#7803](npm/cli#7803) engine ^18.17.0 || >=20.5.0 in package template ([@reggi](https://github.com/reggi))
-   [`fefd509`](npm/cli@fefd509) [#7764](npm/cli#7764) deps: bump actions/download-artifact from 3 to 4 in /.github/workflows ([#7764](npm/cli#7764)) ([@dependabot](https://github.com/dependabot)\[bot], [@wraithgar](https://github.com/wraithgar))
-   [workspace](https://github.com/npm/cli/releases/tag/arborist-v8.0.0): `@npmcli/arborist@8.0.0`
-   [workspace](https://github.com/npm/cli/releases/tag/config-v9.0.0): `@npmcli/config@9.0.0`
-   [workspace](https://github.com/npm/cli/releases/tag/libnpmaccess-v9.0.0): `libnpmaccess@9.0.0`
-   [workspace](https://github.com/npm/cli/releases/tag/libnpmdiff-v7.0.0): `libnpmdiff@7.0.0`
-   [workspace](https://github.com/npm/cli/releases/tag/libnpmexec-v9.0.0): `libnpmexec@9.0.0`
-   [workspace](https://github.com/npm/cli/releases/tag/libnpmfund-v6.0.0): `libnpmfund@6.0.0`
-   [workspace](https://github.com/npm/cli/releases/tag/libnpmhook-v11.0.0): `libnpmhook@11.0.0`
-   [workspace](https://github.com/npm/cli/releases/tag/libnpmorg-v7.0.0): `libnpmorg@7.0.0`
-   [workspace](https://github.com/npm/cli/releases/tag/libnpmpack-v8.0.0): `libnpmpack@8.0.0`
-   [workspace](https://github.com/npm/cli/releases/tag/libnpmpublish-v10.0.0): `libnpmpublish@10.0.0`
-   [workspace](https://github.com/npm/cli/releases/tag/libnpmsearch-v8.0.0): `libnpmsearch@8.0.0`
-   [workspace](https://github.com/npm/cli/releases/tag/libnpmteam-v7.0.0): `libnpmteam@7.0.0`
-   [workspace](https://github.com/npm/cli/releases/tag/libnpmversion-v7.0.0): `libnpmversion@7.0.0`
github-merge-queue bot pushed a commit to zemn-me/monorepo that referenced this pull request Oct 3, 2024
##### [`v10.9.0](https://github.com/npm/cli/blob/HEAD/CHANGELOG.md#1090-2024-10-03)

##### Features

-   [`4d57928`](npm/cli@4d57928) [#7766](npm/cli#7766) devEngines ([#7766](npm/cli#7766)) ([@reggi](https://github.com/reggi))

##### Bug Fixes

-   [`6ca609e`](npm/cli@6ca609e) [#7789](npm/cli#7789) ping and doctor commands fix for checking if registry is online ([#7789](npm/cli#7789)) ([@milaninfy](https://github.com/milaninfy))

##### Documentation

-   [`63d6a73`](npm/cli@63d6a73) [#7783](npm/cli#7783) package.json: add brief section on exports, link to Node.js docs ([#7783](npm/cli#7783)) ([@wheresrhys](https://github.com/wheresrhys))
-   [`366c07e`](npm/cli@366c07e) [#7776](npm/cli#7776) remove incorrect note about npm install ([#7776](npm/cli#7776)) ([@wraithgar](https://github.com/wraithgar))

##### Dependencies

-   [`60a7ee5`](npm/cli@60a7ee5) [#7803](npm/cli#7803) hoist npm-normalize-package-bin
-   [`20dd44f`](npm/cli@20dd44f) [#7803](npm/cli#7803) hoist minipass-fetch
-   [`5795987`](npm/cli@5795987) [#7803](npm/cli#7803) update `proggy@3.0.0`
-   [`99ccae3`](npm/cli@99ccae3) [#7803](npm/cli#7803) update `bin-links@5.0.0`
-   [`75786ad`](npm/cli@75786ad) [#7803](npm/cli#7803) update `@npmcli/query@4.0.0`
-   [`1c25a1d`](npm/cli@1c25a1d) [#7803](npm/cli#7803) update `@npmcli/node-gyp@4.0.0`
-   [`2d7fc3d`](npm/cli@2d7fc3d) [#7803](npm/cli#7803) update `@npmcli/name-from-folder@3.0.0`
-   [`1e09334`](npm/cli@1e09334) [#7803](npm/cli#7803) update `@npmcli/metavuln-calculator@8.0.0`
-   [`820e983`](npm/cli@820e983) [#7803](npm/cli#7803) update `@npmcli/installed-package-contents@3.0.0`
-   [`9cd6603`](npm/cli@9cd6603) [#7803](npm/cli#7803) update `read-package-json-fast@4.0.0`
-   [`b84d907`](npm/cli@b84d907) [#7803](npm/cli#7803) update `@npmcli/git@6.0.1`
-   [`53ed632`](npm/cli@53ed632) [#7803](npm/cli#7803) update `write-file-atomic@6.0.0`
-   [`ab40dab`](npm/cli@ab40dab) [#7803](npm/cli#7803) update `which@5.0.0`
-   [`b1c4770`](npm/cli@b1c4770) [#7803](npm/cli#7803) update `validate-npm-package-name@6.0.0`
-   [`8206c4f`](npm/cli@8206c4f) [#7803](npm/cli#7803) update `ssri@12.0.0`
-   [`8b7dbc8`](npm/cli@8b7dbc8) [#7803](npm/cli#7803) update `read@4.0.0`
-   [`f6909a0`](npm/cli@f6909a0) [#7803](npm/cli#7803) update `proc-log@5.0.0`
-   [`f9b2e18`](npm/cli@f9b2e18) [#7803](npm/cli#7803) update `parse-conflict-json@4.0.0`
-   [`e7ab206`](npm/cli@e7ab206) [#7803](npm/cli#7803) update `pacote@19.0.0`
-   [`b28dbb1`](npm/cli@b28dbb1) [#7803](npm/cli#7803) update `npm-user-validate@3.0.0`
-   [`d13a20b`](npm/cli@d13a20b) [#7803](npm/cli#7803) update `npm-registry-fetch@18.0.1`
-   [`5208f74`](npm/cli@5208f74) [#7803](npm/cli#7803) update `npm-profile@11.0.1`
-   [`092f41f`](npm/cli@092f41f) [#7803](npm/cli#7803) update `npm-pick-manifest@10.0.0`
-   [`50a7bc8`](npm/cli@50a7bc8) [#7803](npm/cli#7803) update `npm-package-arg@12.0.0`
-   [`591130d`](npm/cli@591130d) [#7803](npm/cli#7803) update `npm-install-checks@7.1.0`
-   [`be6ae96`](npm/cli@be6ae96) [#7803](npm/cli#7803) update `npm-audit-report@6.0.0`
-   [`8d4060a`](npm/cli@8d4060a) [#7803](npm/cli#7803) update `normalize-package-data@7.0.0`
-   [`105fa2b`](npm/cli@105fa2b) [#7803](npm/cli#7803) update `nopt@8.0.0`
-   [`eae4f57`](npm/cli@eae4f57) [#7803](npm/cli#7803) update `make-fetch-happen@14.0.1`
-   [`7214149`](npm/cli@7214149) [#7803](npm/cli#7803) update `json-parse-even-better-errors@4.0.0`
-   [`c4bed31`](npm/cli@c4bed31) [#7803](npm/cli#7803) update `init-package-json@7.0.1`
-   [`f54b155`](npm/cli@f54b155) [#7803](npm/cli#7803) update `ini@5.0.0`
-   [`6deae9e`](npm/cli@6deae9e) [#7803](npm/cli#7803) update `hosted-git-info@8.0.0`
-   [`034c729`](npm/cli@034c729) [#7803](npm/cli#7803) update `cacache@19.0.1`
-   [`ddb8be0`](npm/cli@ddb8be0) [#7803](npm/cli#7803) update `abbrev@3.0.0`
-   [`538a4cc`](npm/cli@538a4cc) [#7803](npm/cli#7803) update `@npmcli/run-script@9.0.1`
-   [`b80d048`](npm/cli@b80d048) [#7803](npm/cli#7803) update `@npmcli/redact@3.0.0`
-   [`81137fc`](npm/cli@81137fc) [#7803](npm/cli#7803) update `@npmcli/promise-spawn@8.0.1`
-   [`2076368`](npm/cli@2076368) [#7803](npm/cli#7803) update `@npmcli/package-json@6.0.1`
-   [`feac87c`](npm/cli@feac87c) [#7803](npm/cli#7803) update `@npmcli/map-workspaces@4.0.1`
-   [`dd90f9e`](npm/cli@dd90f9e) [#7803](npm/cli#7803) update `@npmcli/fs@4.0.0`

##### Chores

-   [`95e2cb1`](npm/cli@95e2cb1) [#7810](npm/cli#7810) ignore .github folder in release-please ([@reggi](https://github.com/reggi))
-   [`be1e6da`](npm/cli@be1e6da) [#7803](npm/cli#7803) update `minify-registry-metadata@4.0.0` ([@reggi](https://github.com/reggi))
-   [`43f2374`](npm/cli@43f2374) [#7803](npm/cli#7803) update `ignore-walk@7.0.0` ([@reggi](https://github.com/reggi))
-   [`bb03036`](npm/cli@bb03036) [#7803](npm/cli#7803) update `npm-packlist@9.0.0` ([@reggi](https://github.com/reggi))
-   [`2072705`](npm/cli@2072705) [#7803](npm/cli#7803) update `@npmcli/eslint-config@5.0.1` ([@reggi](https://github.com/reggi))
-   [`949d8f8`](npm/cli@949d8f8) [#7803](npm/cli#7803) engine ^18.17.0 || >=20.5.0 in package template ([@reggi](https://github.com/reggi))
-   [`fefd509`](npm/cli@fefd509) [#7764](npm/cli#7764) deps: bump actions/download-artifact from 3 to 4 in /.github/workflows ([#7764](npm/cli#7764)) ([@dependabot](https://github.com/dependabot)\[bot], [@wraithgar](https://github.com/wraithgar))
-   [workspace](https://github.com/npm/cli/releases/tag/arborist-v8.0.0): `@npmcli/arborist@8.0.0`
-   [workspace](https://github.com/npm/cli/releases/tag/config-v9.0.0): `@npmcli/config@9.0.0`
-   [workspace](https://github.com/npm/cli/releases/tag/libnpmaccess-v9.0.0): `libnpmaccess@9.0.0`
-   [workspace](https://github.com/npm/cli/releases/tag/libnpmdiff-v7.0.0): `libnpmdiff@7.0.0`
-   [workspace](https://github.com/npm/cli/releases/tag/libnpmexec-v9.0.0): `libnpmexec@9.0.0`
-   [workspace](https://github.com/npm/cli/releases/tag/libnpmfund-v6.0.0): `libnpmfund@6.0.0`
-   [workspace](https://github.com/npm/cli/releases/tag/libnpmhook-v11.0.0): `libnpmhook@11.0.0`
-   [workspace](https://github.com/npm/cli/releases/tag/libnpmorg-v7.0.0): `libnpmorg@7.0.0`
-   [workspace](https://github.com/npm/cli/releases/tag/libnpmpack-v8.0.0): `libnpmpack@8.0.0`
-   [workspace](https://github.com/npm/cli/releases/tag/libnpmpublish-v10.0.0): `libnpmpublish@10.0.0`
-   [workspace](https://github.com/npm/cli/releases/tag/libnpmsearch-v8.0.0): `libnpmsearch@8.0.0`
-   [workspace](https://github.com/npm/cli/releases/tag/libnpmteam-v7.0.0): `libnpmteam@7.0.0`
-   [workspace](https://github.com/npm/cli/releases/tag/libnpmversion-v7.0.0): `libnpmversion@7.0.0`
@styfle
Copy link
Contributor

styfle commented Oct 3, 2024

onFail can be warn, error, or ignore, and if left undefined is of the same value as error.

What happens when "onFail": "download"? Are there plans to implement that?

@wraithgar
Copy link
Member

onFail can be warn, error, or ignore, and if left undefined is of the same value as error.

What happens when "onFail": "download"? Are there plans to implement that?

npm treats that as error.

https://github.com/npm/npm-install-checks/blob/4751cb40207cf48ac21ac041b0c239e3c10d37e0/lib/dev-engines.js#L124-L126

There are no plans for npm to automatically download via this spec.

reggi added a commit to npm/types that referenced this pull request Oct 7, 2024
Adds new "devEngines" field to package.json type.

This would wait for this to land in the cli and be released.

npm/cli#7766
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants