npm · wraithgar · Jan 17, 2025 · Jan 16, 2025 · Jan 16, 2025 · Jan 16, 2025
@@ -124,7 +124,6 @@ class BaseCommand {
     } else if (!this.npm.config.isDefault('expect-result-count')) {
       const expected = this.npm.config.get('expect-result-count')
       if (expected !== entries) {
-        /* eslint-disable-next-line max-len */
         log.warn(this.name, `Expected ${expected} result${expected === 1 ? '' : 's'}, got ${entries}`)
         process.exitCode = 1
       }

@@ -1,5 +1,3 @@
-/* eslint-disable max-len */
-
 // Separated out for easier unit testing
 module.exports = async (process, validateEngines) => {
   // set it here so that regardless of what happens later, we don't

@@ -11,10 +11,8 @@ const npm = `v${version}`
 module.exports = (process, getCli) => {
   const node = process.version
 
-  /* eslint-disable-next-line max-len */
   const unsupportedMessage = `npm ${npm} does not support Node.js ${node}. This version of npm supports the following node versions: \`${engines}\`. You can find the latest version at https://nodejs.org/.`
 
-  /* eslint-disable-next-line max-len */
   const brokenMessage = `ERROR: npm ${npm} is known not to run on Node.js ${node}.  This version of npm supports the following node versions: \`${engines}\`. You can find the latest version at https://nodejs.org/.`
 
   // coverage ignored because this is only hit in very unsupported node versions

@@ -10,7 +10,6 @@ const localeCompare = require('@isaacs/string-locale-compare')('en')
 const { log, output } = require('proc-log')
 
 const searchCachePackage = async (path, parsed, cacheKeys) => {
-  /* eslint-disable-next-line max-len */
   const searchMFH = new RegExp(`^make-fetch-happen:request-cache:.*(?<!/[@a-zA-Z]+)/${parsed.name}/-/(${parsed.name}[^/]+.tgz)$`)
   const searchPack = new RegExp(`^make-fetch-happen:request-cache:.*/${parsed.escapedName}$`)
   const results = new Set()
@@ -181,7 +180,6 @@ class Cache extends BaseCommand {
       output.standard(`Corrupted content removed: ${stats.badContentCount}`)
     }
     if (stats.reclaimedCount) {
-      /* eslint-disable-next-line max-len */
       output.standard(`Content garbage-collected: ${stats.reclaimedCount} (${stats.reclaimedSize} bytes)`)
     }
     if (stats.missingContent) {

@@ -128,7 +128,6 @@ class Doctor extends BaseCommand {
 
     if (!allOk) {
       if (this.npm.silent) {
-        /* eslint-disable-next-line max-len */
         throw new Error('Some problems found. Check logs or disable silent mode for recommendations.')
       } else {
         throw new Error('Some problems found. See above for recommendations.')

@@ -115,7 +115,6 @@ class Install extends ArboristWorkspaceCmd {
         if (forced) {
           log.warn(
             'install',
-            /* eslint-disable-next-line max-len */
             `Forcing global npm install with incompatible version ${npmManifest.version} into node ${process.version}`
           )
         } else {

@@ -61,7 +61,6 @@ class Org extends BaseCommand {
 
     if (!['owner', 'admin', 'developer'].find(x => x === role)) {
       throw new Error(
-        /* eslint-disable-next-line max-len */
         'Third argument `role` must be one of `owner`, `admin`, or `developer`, with `developer` being the default value if omitted.'
       )
     }

@@ -61,7 +61,6 @@ class Publish extends BaseCommand {
         if (err.code !== 'EPRIVATE') {
           throw err
         }
-        // eslint-disable-next-line max-len
         log.warn('publish', `Skipping workspace ${this.npm.chalk.cyan(name)}, marked as ${this.npm.chalk.bold('private')}`)
       }
     }
@@ -117,7 +116,7 @@ class Publish extends BaseCommand {
     manifest = await this.#getManifest(spec, opts, true)
 
     const isPreRelease = Boolean(semver.parse(manifest.version).prerelease.length)
-    const isDefaultTag = this.npm.config.isDefault('tag')
+    const isDefaultTag = this.npm.config.isDefault('tag') && !manifest.publishConfig?.tag
 
     if (isPreRelease && isDefaultTag) {
       throw new Error('You must specify a tag using --tag when publishing a prerelease version.')
@@ -157,11 +156,10 @@ class Publish extends BaseCommand {
       }
     }
 
-    const latestVersion = await this.#latestPublishedVersion(resolved, registry)
+    const latestVersion = await this.#highestPublishedVersion(resolved, registry)
     const latestSemverIsGreater = !!latestVersion && semver.gte(latestVersion, manifest.version)
 
     if (latestSemverIsGreater && isDefaultTag) {
-      /* eslint-disable-next-line max-len */
       throw new Error(`Cannot implicitly apply the "latest" tag because published version ${latestVersion} is higher than the new version ${manifest.version}. You must specify a tag using --tag.`)
     }
 
@@ -204,7 +202,7 @@ class Publish extends BaseCommand {
     }
   }
 
-  async #latestPublishedVersion (spec, registry) {
+  async #highestPublishedVersion (spec, registry) {
     try {
       const packument = await pacote.packument(spec, {
         ...this.npm.flatOptions,
@@ -217,7 +215,10 @@ class Publish extends BaseCommand {
       const ordered = Object.keys(packument?.versions)
         .flatMap(v => {
           const s = new semver.SemVer(v)
-          return s.prerelease.length > 0 ? [] : s
+          if ((s.prerelease.length > 0) || packument.versions[v].deprecated) {
+            return []
+          }
+          return s
         })
         .sort((a, b) => b.compare(a))
       return ordered.length >= 1 ? ordered[0].version : null
@@ -235,7 +236,6 @@ class Publish extends BaseCommand {
       const changes = []
       const pkg = await pkgJson.fix(spec.fetchSpec, { changes })
       if (changes.length && logWarnings) {
-        /* eslint-disable-next-line max-len */
         log.warn('publish', 'npm auto-corrected some errors in your package.json when publishing.  Please run "npm pkg fix" to address these errors.')
         log.warn('publish', `errors corrected:\n${changes.join('\n')}`)
       }

@@ -27,7 +27,6 @@ class SBOM extends BaseCommand {
     const packageLockOnly = this.npm.config.get('package-lock-only')
 
     if (!sbomFormat) {
-      /* eslint-disable-next-line max-len */
       throw this.usageError(`Must specify --sbom-format flag with one of: ${SBOM_FORMATS.join(', ')}.`)
     }
 
@@ -40,7 +39,6 @@ class SBOM extends BaseCommand {
     const arb = new Arborist(opts)
 
     const tree = packageLockOnly ? await arb.loadVirtual(opts).catch(() => {
-      /* eslint-disable-next-line max-len */
       throw this.usageError('A package lock or shrinkwrap file is required in package-lock-only mode')
     }) : await arb.loadActual(opts)
 

@@ -73,7 +73,6 @@ class Token extends BaseCommand {
     for (const token of tokens) {
       const level = token.readonly ? 'Read only token' : 'Publish token'
       const created = String(token.created).slice(0, 10)
-      /* eslint-disable-next-line max-len */
       output.standard(`${chalk.blue(level)} ${token.token}… with id ${chalk.cyan(token.id)} created ${created}`)
       if (token.cidr_whitelist) {
         output.standard(`with IP whitelist: ${chalk.green(token.cidr_whitelist.join(','))}`)
@@ -99,7 +98,6 @@ class Token extends BaseCommand {
         toRemove.push(matches[0].key)
       } else if (matches.length > 1) {
         throw new Error(
-          /* eslint-disable-next-line max-len */
           `Token ID "${id}" was ambiguous, a new token may have been created since you last ran \`npm token list\`.`
         )
       } else {

@@ -22,7 +22,6 @@ class Version extends BaseCommand {
   static workspaces = true
   static ignoreImplicitWorkspace = false
 
-  /* eslint-disable-next-line max-len */
   static usage = ['[<newversion> | major | minor | patch | premajor | preminor | prepatch | prerelease | from-git]']
 
   static async completion (opts) {

@@ -19,7 +19,6 @@ const didYouMean = (pkg, scmd) => {
       .map(str => [`run ${str}`, `run the "${str}" package script`]),
     ...Object.keys(bin)
       .filter(cmd => isClose(scmd, cmd))
-      /* eslint-disable-next-line max-len */
       .map(str => [`exec ${str}`, `run the "${str}" command from either this or a remote npm package`]),
   ]
 

@@ -1,4 +1,3 @@
-/* eslint-disable max-len */
 const { stripVTControlCharacters: strip } = require('node:util')
 const { Minipass } = require('minipass')
 
@@ -83,7 +82,10 @@ class TextOutputStream extends Minipass {
   constructor (opts) {
     super()
     // Consider a search for "cowboys" and "boy".  If we highlight "boys" first the "cowboys" string will no longer string match because of the ansi highlighting added to "boys".  If we highlight "boy" second then the ansi reset at the end will make the highlighting only on "cowboy" with a normal "s".  Neither is perfect but at least the first option doesn't do partial highlighting. So, we sort strings smaller to larger
-    this.#args = opts.args.map(s => s.toLowerCase()).filter(Boolean).sort((a, b) => a.length - b.length)
+    this.#args = opts.args
+      .map(s => s.toLowerCase())
+      .filter(Boolean)
+      .sort((a, b) => a.length - b.length)
     this.#chalk = opts.npm.chalk
     this.#exclude = opts.exclude
     this.#parseable = opts.parseable

@@ -50,7 +50,6 @@ const reifyOutput = (npm, arb) => {
         switch (d.action) {
           case 'REMOVE':
             if (showDiff) {
-              /* eslint-disable-next-line max-len */
               output.standard(`${chalk.blue('remove')} ${d.actual.name} ${d.actual.package.version}`)
             }
             summary.removed++
@@ -63,7 +62,6 @@ const reifyOutput = (npm, arb) => {
             break
           case 'CHANGE':
             if (showDiff) {
-              /* eslint-disable-next-line max-len */
               output.standard(`${chalk.cyan('change')} ${d.actual.name} ${d.actual.package.version} => ${d.ideal.package.version}`)
             }
             summary.changed++

@@ -36,7 +36,6 @@ const logTar = (tarball, { unicode = false, json, key } = {}) => {
   log.notice('', `package size: ${formatBytes(tarball.size)}`)
   log.notice('', `unpacked size: ${formatBytes(tarball.unpackedSize)}`)
   log.notice('', `shasum: ${tarball.shasum}`)
-  /* eslint-disable-next-line max-len */
   log.notice('', `integrity: ${tarball.integrity.toString().slice(0, 20)}[...]${tarball.integrity.toString().slice(80)}`)
   if (tarball.bundled.length) {
     log.notice('', `bundled deps: ${tarball.bundled.length}`)

@@ -75,21 +75,17 @@ class VerifySignatures {
     const verifiedBold = this.npm.chalk.bold('verified')
     if (this.verifiedSignatureCount) {
       if (this.verifiedSignatureCount === 1) {
-        /* eslint-disable-next-line max-len */
         output.standard(`${this.verifiedSignatureCount} package has a ${verifiedBold} registry signature`)
       } else {
-        /* eslint-disable-next-line max-len */
         output.standard(`${this.verifiedSignatureCount} packages have ${verifiedBold} registry signatures`)
       }
       output.standard('')
     }
 
     if (this.verifiedAttestationCount) {
       if (this.verifiedAttestationCount === 1) {
-        /* eslint-disable-next-line max-len */
         output.standard(`${this.verifiedAttestationCount} package has a ${verifiedBold} attestation`)
       } else {
-        /* eslint-disable-next-line max-len */
         output.standard(`${this.verifiedAttestationCount} packages have ${verifiedBold} attestations`)
       }
       output.standard('')
@@ -98,10 +94,8 @@ class VerifySignatures {
     if (missing.length) {
       const missingClr = this.npm.chalk.redBright('missing')
       if (missing.length === 1) {
-        /* eslint-disable-next-line max-len */
         output.standard(`1 package has a ${missingClr} registry signature but the registry is providing signing keys:`)
       } else {
-        /* eslint-disable-next-line max-len */
         output.standard(`${missing.length} packages have ${missingClr} registry signatures but the registry is providing signing keys:`)
       }
       output.standard('')
@@ -121,7 +115,6 @@ class VerifySignatures {
         if (invalidSignatures.length === 1) {
           output.standard(`1 package has an ${invalidClr} registry signature:`)
         } else {
-          /* eslint-disable-next-line max-len */
           output.standard(`${invalidSignatures.length} packages have ${invalidClr} registry signatures:`)
         }
         output.standard('')
@@ -136,7 +129,6 @@ class VerifySignatures {
         if (invalidAttestations.length === 1) {
           output.standard(`1 package has an ${invalidClr} attestation:`)
         } else {
-          /* eslint-disable-next-line max-len */
           output.standard(`${invalidAttestations.length} packages have ${invalidClr} attestations:`)
         }
         output.standard('')
@@ -147,10 +139,8 @@ class VerifySignatures {
       }
 
       if (invalid.length === 1) {
-        /* eslint-disable-next-line max-len */
         output.standard(`Someone might have tampered with this package since it was published on the registry!`)
       } else {
-        /* eslint-disable-next-line max-len */
         output.standard(`Someone might have tampered with these packages since they were published on the registry!`)
       }
       output.standard('')

@@ -157,7 +157,7 @@
       },
       "devDependencies": {
         "@npmcli/docs": "^1.0.0",
-        "@npmcli/eslint-config": "^5.0.1",
+        "@npmcli/eslint-config": "^5.1.0",
         "@npmcli/git": "^6.0.1",
         "@npmcli/mock-globals": "^1.0.0",
         "@npmcli/mock-registry": "^1.0.0",
@@ -3411,9 +3411,9 @@
       "link": true
     },
     "node_modules/@npmcli/eslint-config": {
-      "version": "5.0.1",
-      "resolved": "https://registry.npmjs.org/@npmcli/eslint-config/-/eslint-config-5.0.1.tgz",
-      "integrity": "sha512-S/YyfSAyiQWGzXBeX8D/Fe363628zXwraLVbRe080VdWn9FdT9ILVk55ATRpAXefa5JJwgsbMM5vA1V9tDrjqw==",
+      "version": "5.1.0",
+      "resolved": "https://registry.npmjs.org/@npmcli/eslint-config/-/eslint-config-5.1.0.tgz",
+      "integrity": "sha512-L4FAYndvARxkbTBNbsbDDkArIf8A8WmTFGVKdevJ3jd9nPzDKWiuC9TW0QtEnRsFHr5IX7G6qkRLK+drLIGoEA==",
       "dev": true,
       "license": "ISC",
       "dependencies": {

@@ -188,7 +188,7 @@
   ],
   "devDependencies": {
     "@npmcli/docs": "^1.0.0",
-    "@npmcli/eslint-config": "^5.0.1",
+    "@npmcli/eslint-config": "^5.1.0",
     "@npmcli/git": "^6.0.1",
     "@npmcli/mock-globals": "^1.0.0",
     "@npmcli/mock-registry": "^1.0.0",

@@ -134,7 +134,7 @@ silly logfile done cleaning log files
 verbose stack Error: The developer of this package has specified the following through devEngines
 verbose stack Invalid engine "runtime"
 verbose stack Invalid name "nondescript" does not match "node" for "runtime"
-verbose stack     at Install.checkDevEngines ({CWD}/lib/base-cmd.js:182:27)
+verbose stack     at Install.checkDevEngines ({CWD}/lib/base-cmd.js:181:27)
 verbose stack     at MockNpm.#exec ({CWD}/lib/npm.js:251:7)
 verbose stack     at MockNpm.exec ({CWD}/lib/npm.js:207:9)
 error code EBADDEVENGINES
@@ -199,7 +199,7 @@ warn EBADDEVENGINES }
 verbose stack Error: The developer of this package has specified the following through devEngines
 verbose stack Invalid engine "runtime"
 verbose stack Invalid name "nondescript" does not match "node" for "runtime"
-verbose stack     at Install.checkDevEngines ({CWD}/lib/base-cmd.js:182:27)
+verbose stack     at Install.checkDevEngines ({CWD}/lib/base-cmd.js:181:27)
 verbose stack     at MockNpm.#exec ({CWD}/lib/npm.js:251:7)
 verbose stack     at MockNpm.exec ({CWD}/lib/npm.js:207:9)
 error code EBADDEVENGINES
@@ -225,7 +225,7 @@ silly logfile done cleaning log files
 verbose stack Error: The developer of this package has specified the following through devEngines
 verbose stack Invalid engine "runtime"
 verbose stack Invalid name "nondescript" does not match "node" for "runtime"
-verbose stack     at Install.checkDevEngines ({CWD}/lib/base-cmd.js:182:27)
+verbose stack     at Install.checkDevEngines ({CWD}/lib/base-cmd.js:181:27)
 verbose stack     at MockNpm.#exec ({CWD}/lib/npm.js:251:7)
 verbose stack     at MockNpm.exec ({CWD}/lib/npm.js:207:9)
 error code EBADDEVENGINES