[pull] latest from npm:latest #14
Open
+51,939
−13,645
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![pull[bot]](https://avatars.githubusercontent.com/in/12910?s=60&v=4){kind=small}
The [Auth related configuration](https://docs.npmjs.com/cli/v10/configuring-npm/npmrc#auth-related-configuration) docs contains a mistakenly commented configuration line. This PR makes the scope examples more clear by adding newlines and uncomment the valid configuration line.
This PR fixes an issue where the `npm publish` command would fail when run from within a workspace directory with package-spec fixes: #7726
Updating Docs for `npmrc` - Updated example config, instead of `prefix` which can not be changed for project, instead added `cache` which can be used for all three config types project, user and global `package-json` - added alias example in package-json docs, which can be used to define alias for a package closes: #6839 closes: #7188
Updated `npm init <pkg-spec>` command usage documentation for npx equivalent command format `npx create-<pkg-spec>` Fixes: #7011
…orkflows (#7764) Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 3 to . <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/download-artifact/releases">actions/download-artifact's releases</a>.</em></p> <blockquote> <h2>v4.1.7</h2> <h2>What's Changed</h2> <ul> <li>Update <code>@actions/artifact</code> dependency by <a href="https://github.com/bethanyj28"><code>@bethanyj28</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/325">actions/download-artifact#325</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/download-artifact/compare/v4.1.6...v4.1.7">https://github.com/actions/download-artifact/compare/v4.1.6...v4.1.7</a></p> <h2>v4.1.6</h2> <h2>What's Changed</h2> <ul> <li>updating <code>@actions/artifact</code> dependency to v2.1.6 by <a href="https://github.com/eggyhead"><code>@eggyhead</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/324">actions/download-artifact#324</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/download-artifact/compare/v4.1.5...v4.1.6">https://github.com/actions/download-artifact/compare/v4.1.5...v4.1.6</a></p> <h2>v4.1.5</h2> <h2>What's Changed</h2> <ul> <li>Update readme with v3/v2/v1 deprecation notice by <a href="https://github.com/robherley"><code>@robherley</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/322">actions/download-artifact#322</a></li> <li>Update dependencies <code>@actions/core</code> to v1.10.1 and <code>@actions/artifact</code> to v2.1.5</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/download-artifact/compare/v4.1.4...v4.1.5">https://github.com/actions/download-artifact/compare/v4.1.4...v4.1.5</a></p> <h2>v4.1.4</h2> <h2>What's Changed</h2> <ul> <li>Update <code>@actions/artifact</code> by <a href="https://github.com/bethanyj28"><code>@bethanyj28</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/307">actions/download-artifact#307</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/download-artifact/compare/v4...v4.1.4">https://github.com/actions/download-artifact/compare/v4...v4.1.4</a></p> <h2>v4.1.3</h2> <h2>What's Changed</h2> <ul> <li>Update release-new-action-version.yml by <a href="https://github.com/konradpabjan"><code>@konradpabjan</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/292">actions/download-artifact#292</a></li> <li>Update toolkit dependency with updated unzip logic by <a href="https://github.com/bethanyj28"><code>@bethanyj28</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/299">actions/download-artifact#299</a></li> <li>Update <code>@actions/artifact</code> by <a href="https://github.com/bethanyj28"><code>@bethanyj28</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/303">actions/download-artifact#303</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/bethanyj28"><code>@bethanyj28</code></a> made their first contribution in <a href="https://redirect.github.com/actions/download-artifact/pull/299">actions/download-artifact#299</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/download-artifact/compare/v4...v4.1.3">https://github.com/actions/download-artifact/compare/v4...v4.1.3</a></p> <h2>v4.1.2</h2> <ul> <li>Bump <code>@actions/artifacts</code> to latest version to include <a href="https://redirect.github.com/actions/toolkit/pull/1648">updated GHES host check</a></li> </ul> <h2>v4.1.1</h2> <ul> <li>Fix transient request timeouts <a href="https://redirect.github.com/actions/download-artifact/issues/249">actions/download-artifact#249</a></li> <li>Bump <code>@actions/artifacts</code> to latest version</li> </ul> <h2>v4.1.0</h2> <h2>What's Changed</h2> <ul> <li>Some cleanup by <a href="https://github.com/robherley"><code>@robherley</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/247">actions/download-artifact#247</a></li> <li>Fix default for run-id by <a href="https://github.com/stchr"><code>@stchr</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/252">actions/download-artifact#252</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/download-artifact/commit/65a9edc5881444af0b9093a5e628f2fe47ea3b2e"><code>65a9edc</code></a> Merge pull request <a href="https://redirect.github.com/actions/download-artifact/issues/325">#325</a> from bethanyj28/main</li> <li><a href="https://github.com/actions/download-artifact/commit/fdd1595981c1a29187d3de99c28c28a166bc38f7"><code>fdd1595</code></a> licensed</li> <li><a href="https://github.com/actions/download-artifact/commit/c13dba102f4bb92b3f679fa086db9e2973960ca7"><code>c13dba1</code></a> update <code>@actions/artifact</code> dependency</li> <li><a href="https://github.com/actions/download-artifact/commit/0daa75ebeac4617faeb127496dbd716b8bcce26e"><code>0daa75e</code></a> Merge pull request <a href="https://redirect.github.com/actions/download-artifact/issues/324">#324</a> from actions/eggyhead/use-artifact-v2.1.6</li> <li><a href="https://github.com/actions/download-artifact/commit/9c19ed7fe5d278cd354c7dfd5d3b88589c7e2395"><code>9c19ed7</code></a> Merge branch 'main' into eggyhead/use-artifact-v2.1.6</li> <li><a href="https://github.com/actions/download-artifact/commit/3d3ea8741ef44e86f7392b41e391bde3c36219bd"><code>3d3ea87</code></a> updating license</li> <li><a href="https://github.com/actions/download-artifact/commit/89af5db8211998d3ca691103a86b0b9362a94286"><code>89af5db</code></a> updating artifact package v2.1.6</li> <li><a href="https://github.com/actions/download-artifact/commit/b4aefff88e83a2676a730654e1ce3dce61880379"><code>b4aefff</code></a> Merge pull request <a href="https://redirect.github.com/actions/download-artifact/issues/323">#323</a> from actions/eggyhead/update-artifact-v215</li> <li><a href="https://github.com/actions/download-artifact/commit/8caf195ad4b1dee92908e23f56eeb0696f1dd42d"><code>8caf195</code></a> package lock update</li> <li><a href="https://github.com/actions/download-artifact/commit/d7a2ec411d177e8ca679ac5969b70be59c322700"><code>d7a2ec4</code></a> updating package version</li> <li>Additional commits viewable in <a href="https://github.com/actions/download-artifact/compare/v3...v4.1.7">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/npm/cli/network/alerts). </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gar <gar+gh@danger.computer>
npm has not interpreted valid package names as local directories in a long time
#7783) The package.json docs make no reference to the `exports` property, which seems like a huge omission This PR copies a little text from the node.js docs and links to them - not sure if it's a good solution, but it's a start
…7789) Ping: Don't use cache so ping does not report ping sucess incorrectly if it's offline or no internet Doctor: Don't use cache for pinging the registry. Fixes: #5870 Fixes: #3576 Fixes: #4112 <details> <summary>Testing of ping and doctor </summary> ```sh # -- current npm last ping resuts in cached request replying PONG ~/workarea/npm-cli $ npm ping --registry=http://localhost:4873 -ddd npm verbose cli /Users/milaninfy/.nvm/versions/node/v22.9.0/bin/node /Users/milaninfy/.nvm/versions/node/v22.9.0/bin/npm npm info using npm@10.8.3 npm info using node@v22.9.0 npm silly config load:file:/Users/milaninfy/.nvm/versions/node/v22.9.0/lib/node_modules/npm/npmrc npm silly config load:file:/Users/milaninfy/workarea/npm-cli/.npmrc npm silly config load:file:/Users/milaninfy/.npmrc npm silly config load:file:/Users/milaninfy/.nvm/versions/node/v22.9.0/etc/npmrc npm verbose title npm ping npm verbose argv "ping" "--registry" "http://localhost:4873" "--loglevel" "silly" npm verbose logfile logs-max:10 dir:/Users/milaninfy/.npm/_logs/2024-09-26T20_37_04_583Z- npm verbose logfile /Users/milaninfy/.npm/_logs/2024-09-26T20_37_04_583Z-debug-0.log npm notice PING http://localhost:4873/ npm silly logfile start cleaning logs, removing 1 files npm silly logfile done cleaning log files npm http fetch GET http://localhost:4873/-/ping?write=true attempt 1 failed with ECONNREFUSED npm http fetch GET http://localhost:4873/-/ping?write=true attempt 2 failed with ECONNREFUSED npm http fetch GET http://localhost:4873/-/ping?write=true attempt 3 failed with ECONNREFUSED npm http fetch GET 200 http://localhost:4873/-/ping?write=true 70045ms (cache stale) npm notice PONG 70046ms npm verbose cwd /Users/milaninfy/workarea/npm-cli npm verbose os Darwin 23.6.0 npm verbose node v22.9.0 npm verbose npm v10.8.3 npm verbose exit 0 npm info ok # -- After the change npm last ping resuts in failure after retries ~/workarea/npm-cli $ lnpm ping --registry=http://localhost:4873 -ddd npm verbose cli /Users/milaninfy/.nvm/versions/node/v22.9.0/bin/node /Users/milaninfy/workarea/npm-cli/index.js npm info using npm@10.8.3 npm info using node@v22.9.0 npm silly config load:file:/Users/milaninfy/workarea/npm-cli/npmrc npm silly config load:file:/Users/milaninfy/workarea/npm-cli/.npmrc npm silly config load:file:/Users/milaninfy/.npmrc npm silly config load:file:/Users/milaninfy/.nvm/versions/node/v22.9.0/etc/npmrc npm verbose title npm ping npm verbose argv "ping" "--registry" "http://localhost:4873" "--loglevel" "silly" npm verbose logfile logs-max:10 dir:/Users/milaninfy/.npm/_logs/2024-09-26T20_38_51_059Z- npm verbose logfile /Users/milaninfy/.npm/_logs/2024-09-26T20_38_51_059Z-debug-0.log npm notice PING http://localhost:4873/ npm silly logfile start cleaning logs, removing 1 files npm http fetch GET http://localhost:4873/-/ping?write=true attempt 1 failed with ECONNREFUSED npm silly logfile done cleaning log files npm http fetch GET http://localhost:4873/-/ping?write=true attempt 2 failed with ECONNREFUSED npm http fetch GET http://localhost:4873/-/ping?write=true attempt 3 failed with ECONNREFUSED npm verbose type system npm verbose stack FetchError: request to http://localhost:4873/-/ping?write=true failed, reason: npm verbose stack at ClientRequest.<anonymous> (/Users/milaninfy/workarea/npm-cli/node_modules/minipass-fetch/lib/index.js:130:14) npm verbose stack at ClientRequest.emit (node:events:519:28) npm verbose stack at emitErrorEvent (node:_http_client:103:11) npm verbose stack at _destroy (node:_http_client:886:9) npm verbose stack at onSocketNT (node:_http_client:906:5) npm verbose stack at process.processTicksAndRejections (node:internal/process/task_queues:91:21) npm error code ECONNREFUSED npm error errno ECONNREFUSED npm error FetchError: request to http://localhost:4873/-/ping?write=true failed, reason: npm error at ClientRequest.<anonymous> (/Users/milaninfy/workarea/npm-cli/node_modules/minipass-fetch/lib/index.js:130:14) npm error at ClientRequest.emit (node:events:519:28) npm error at emitErrorEvent (node:_http_client:103:11) npm error at _destroy (node:_http_client:886:9) npm error at onSocketNT (node:_http_client:906:5) npm error at process.processTicksAndRejections (node:internal/process/task_queues:91:21) { npm error code: 'ECONNREFUSED', npm error errno: 'ECONNREFUSED', npm error type: 'system' npm error } npm error npm error If you are behind a proxy, please make sure that the npm error 'proxy' config is set properly. See: 'npm help config' npm verbose cwd /Users/milaninfy/workarea/npm-cli npm verbose os Darwin 23.6.0 npm verbose node v22.9.0 npm verbose npm v10.8.3 npm verbose exit 1 npm verbose code 1 npm error A complete log of this run can be found in: /Users/milaninfy/.npm/_logs/2024-09-26T20_38_51_059Z-debug-0.log # -- npm doctor ping resuts in success due to cache hit ~/workarea/npm-cli $ npm doctor --registry=http://localhost:4873 -ddd npm verbose cli /Users/milaninfy/.nvm/versions/node/v22.9.0/bin/node /Users/milaninfy/.nvm/versions/node/v22.9.0/bin/npm npm info using npm@10.8.3 npm info using node@v22.9.0 npm silly config load:file:/Users/milaninfy/.nvm/versions/node/v22.9.0/lib/node_modules/npm/npmrc npm silly config load:file:/Users/milaninfy/workarea/npm-cli/.npmrc npm silly config load:file:/Users/milaninfy/.npmrc npm silly config load:file:/Users/milaninfy/.nvm/versions/node/v22.9.0/etc/npmrc npm verbose title npm doctor npm verbose argv "doctor" "--registry" "http://localhost:4873" "--loglevel" "silly" npm verbose logfile logs-max:10 dir:/Users/milaninfy/.npm/_logs/2024-09-26T20_40_30_672Z- npm verbose logfile /Users/milaninfy/.npm/_logs/2024-09-26T20_40_30_672Z-debug-0.log npm info doctor Running checkup Connecting to the registry npm info doctor Pinging registry npm silly logfile start cleaning logs, removing 1 files npm silly logfile done cleaning log files npm http fetch GET http://localhost:4873/-/ping?write=true attempt 1 failed with ECONNREFUSED npm http fetch GET 200 http://localhost:4873/-/ping?write=true 48ms (cache stale) Ok # -- after the changes npm doctor ping correctly resuts in failure after retires ~/workarea/npm-cli $ lnpm doctor --registry=http://localhost:4873 -ddd npm verbose cli /Users/milaninfy/.nvm/versions/node/v22.9.0/bin/node /Users/milaninfy/workarea/npm-cli/index.js npm info using npm@10.8.3 npm info using node@v22.9.0 npm silly config load:file:/Users/milaninfy/workarea/npm-cli/npmrc npm silly config load:file:/Users/milaninfy/workarea/npm-cli/.npmrc npm silly config load:file:/Users/milaninfy/.npmrc npm silly config load:file:/Users/milaninfy/.nvm/versions/node/v22.9.0/etc/npmrc npm verbose title npm doctor npm verbose argv "doctor" "--registry" "http://localhost:4873" "--loglevel" "silly" npm verbose logfile logs-max:10 dir:/Users/milaninfy/.npm/_logs/2024-09-26T20_41_05_904Z- npm verbose logfile /Users/milaninfy/.npm/_logs/2024-09-26T20_41_05_904Z-debug-0.log npm info doctor Running checkup Connecting to the registry npm info doctor Pinging registry npm silly logfile start cleaning logs, removing 1 files npm http fetch GET http://localhost:4873/-/ping?write=true attempt 1 failed with ECONNREFUSED npm silly logfile done cleaning log files npm http fetch GET http://localhost:4873/-/ping?write=true attempt 2 failed with ECONNREFUSED npm http fetch GET http://localhost:4873/-/ping?write=true attempt 3 failed with ECONNREFUSED Not ok request to http://localhost:4873/-/ping?write=true failed, reason: ``` </detail>
BREAKING CHANGE: `libnpmversion` now supports node `^18.17.0 || >=20.5.0`
BREAKING CHANGE: `libnpmteam` now supports node `^18.17.0 || >=20.5.0`
BREAKING CHANGE: `libnpmsearch` now supports node `^18.17.0 || >=20.5.0`
BREAKING CHANGE: `libnpmpublish` now supports node `^18.17.0 || >=20.5.0`
BREAKING CHANGE: `libnpmpack` now supports node `^18.17.0 || >=20.5.0`
BREAKING CHANGE: `libnpmorg` now supports node `^18.17.0 || >=20.5.0`
BREAKING CHANGE: `libnpmhook` now supports node `^18.17.0 || >=20.5.0`
Adds bun lockfile, and points to the package.json docs as the authoritative list for ignore rules in the cli docs.
The v10 branch is where new changelog entries for npm@10 get added ref: https://github.com/npm/cli/tree/release/v10
cafile is the correct config key Closes: npm/documentation#1337
BREAKING CHANGE: `npm init` now has a `type` prompt, and sorts the entries the created packages differently
Fixed code to deal w/ new esm export
BREAKING CHANGE: Upon publishing, in order to apply a default "latest" dist tag, the command now retrieves all prior versions of the package. It will require that the version you're trying to publish is above the latest semver version in the registry, not including pre-release tags. Implements [npm RFC7](https://github.com/npm/rfcs/blob/main/accepted/0007-publish-without-tag.md). Related to prerelease dist-tag: #7910 A part of npm 11 roadmap: npm/statusboard#898 --------- Co-authored-by: Jordan Harband <ljharb@gmail.com>
Removed npm 8 design change pending section note section from the documentation for `npm ls` https://docs.npmjs.com/cli/v10/commands/npm-ls?v=true#note-design-changes-pending Closes npm/documentation#1365, #6773
unnecessary files in node_modules
When searching for multiple terms in npm, the highlighting code has a bug where it duplicates the output any time there are matching terms. This fixes the highlighting code. Before:  After: 
Certain project dependency trees may result in an SBOM with duplicate entries. This fix ensures that each unique dependency (identified by the combination of package name and version) only appears in the SBOM once. Applies to both SPDX and CycloneDX SBOM formats. Specific to the CycloneDX format, this change also removes the `cdx:npm:package:path` property from the `component` entries in the generated SBOM. Since the same package may be present at multiple paths within the project and we're now de-duplicating those packages, it no longer makes sense to include this in the SBOM. This does not impact the SPDX format as there is no equivalent property. Fixes: #6967 Signed-off-by: Brian DeHamer <bdehamer@github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )