Skip to content

Commit

Permalink
deps: update npm to 5.5.1
Browse files Browse the repository at this point in the history 
Closes: #16280

PR-URL: #16509
Fixes: #14161
Reviewed-By: Daijiro Wachi <daijiro.wachi@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
  • Loading branch information
@MylesBorins
MylesBorins committed Oct 30, 2017
1 parent 4359a93 commit 0d7e4d2
Show file tree
Hide file tree
Showing 1,388 changed files with 92,493 additions and 19,935 deletions.
115 changes: 115 additions & 0 deletions deps/npm/CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,118 @@
## v5.5.1 (2017-10-04):

A very quick, record time, patch release, of a bug fix to a (sigh) last minute bug fix.

* [`e628e058b`](https://github.com/npm/npm/commit/e628e058b)
Fix login to properly recognize OTP request and store bearer tokens.
([@Rebecca Turner](https://github.com/Rebecca Turner))

## v5.5.0 (2017-10-04):

Hey y'all, this is a big new feature release! We've got some security
related goodies plus a some quality-of-life improvements for anyone who uses
the public registry (so, virtually everyone).

The changes largely came together in one piece, so I'm just gonna leave the commit line here:

* [`f6ebf5e8b`](https://github.com/npm/npm/commit/f6ebf5e8bd6a212c7661e248c62c423f2b54d978)
[`f97ad6a38`](https://github.com/npm/npm/commit/f97ad6a38412581d059108ea29be470acb4fa510)
[`f644018e6`](https://github.com/npm/npm/commit/f644018e6ef1ff7523c6ec60ae55a24e87a9d9ae)
[`8af91528c`](https://github.com/npm/npm/commit/8af91528ce6277cd3a8c7ca8c8102671baf10d2f)
[`346a34260`](https://github.com/npm/npm/commit/346a34260b5fba7de62717135f3e083cc4820853)
Two factor authentication, profile editing and token management.
([@iarna](https://github.com/iarna))

### TWO FACTOR AUTHENTICATION

You can now enable two-factor authentication for your npm account. You can
even do it from the CLI. In fact, you have to, for the time being:

```
npm profile enable-tfa
```

With the default two-factor authentication mode you'll be prompted to enter
a one-time password when logging in, when publishing and when modifying access rights to
your modules.

### TOKEN MANAGEMENT

You can now create, list and delete authentication tokens from the comfort
of the command line. Authentication tokens created this way can have NEW
restrictions placed on them. For instance, you can create a `read-only`
token to give to your CI. It will be able to download your private modules
but it won't be able to publish or modify modules. You can also create
tokens that can only be used from certain network addresses. This way you
can lock down access to your corporate VPN or other trusted machines.

Deleting tokens isn't new, you could [do it via the
website](https://www.npmjs.com/settings/tokens) but now you can do it via
the CLI as well.

### CHANGE YOUR PASSWORD, SET YOUR EMAIL

You can finally change your password from the CLI with `npm profile set
password`! You can also update your email address with `npm profile set
email <address>`. If you change your email address we'll send you a new
verification email so you verify that its yours.

### AND EVERYTHING ELSE ON YOUR PROFILE

You can also update all of the other attributes of your profile that
previously you could only update via the website: `fullname`, `homepage`,
`freenode`, `twitter` and `github`.

### AVAILABLE STAND ALONE

All of these features were implemented in a stand alone library, so if you
have use for them in your own project you can find them in
[npm-profile](https://www.npmjs.com/package/npm-profile) on the registry.
There's also a little mini-cli written just for it at
[npm-profile-cli](https://www.npmjs.com/package/npm-profile-cli). You might
also be interested in the [API
documentation](https://github.com/npm/registry/tree/master/docs) for these
new features: [user profile editing](https://github.com/npm/registry/blob/master/docs/user/profile.md) and
[authentication](https://github.com/npm/registry/blob/master/docs/user/authentication.md).

### BUG FIXES

* [`5ee55dc71`](https://github.com/npm/npm/commit/5ee55dc71b8b74b8418c3d5ec17483a07b3b6777)
install.sh: Drop support for upgrading from npm@1 as npm@5 can't run on
any Node.js version that ships npm@1. This fixes an issue some folks were seeing when trying
to upgrade using `curl | http://npmjs.com/install.sh`.
([@iarna](https://github.com/iarna))
* [`5cad1699a`](https://github.com/npm/npm/commit/5cad1699a7a0fc85ac7f77a95087a9647f75e344)
`npm-lifecycle@1.0.3` Fix a bug where when more than one lifecycle script
got queued to run, npm would crash.
([@zkat](https://github.com/zkat))
* [`cd256cbb2`](https://github.com/npm/npm/commit/cd256cbb2f97fcbcb82237e94b66eac80e493626)
`npm-packlist@1.1.9` Fix a bug where test directories would always be
excluded from published modules.
([@isaacs](https://github.com/isaacs))
* [`2a11f0215`](https://github.com/npm/npm/commit/2a11f021561acb1eb1ad4ad45ad955793b1eb4af)
Fix formatting of unsupported version warning
([@iarna](https://github.com/iarna))

### DEPENDENCY UPDATES

* [`6d2a285a5`](https://github.com/npm/npm/commit/6d2a285a58655f10834f64d38449eb1f3c8b6c47)
`npm-registry-client@8.5.0`
* [`69e64e27b`](https://github.com/npm/npm/commit/69e64e27bf58efd0b76b3cf6e8182c77f8cc452f)
`request@2.83.0`
* [`34e0f4209`](https://github.com/npm/npm/commit/34e0f42090f6153eb5462f742e402813e4da56c8)
`abbrev@1.1.1`
* [`10d31739d`](https://github.com/npm/npm/commit/10d31739d39765f1f0249f688bd934ffad92f872)
`aproba@1.2.0`
* [`2b02e86c0`](https://github.com/npm/npm/commit/2b02e86c06cf2a5fe7146404f5bfd27f190ee4f4)
`meant@1.0.1`
* [`b81fff808`](https://github.com/npm/npm/commit/b81fff808ee269361d3dcf38c1b6019f1708ae02)
`rimraf@2.6.2`:
Fixes a long standing bug in rimraf's attempts to work around Windows limitations
where it owns a file and can change its perms but can't remove it without
first changing its perms. This _may_ be an improvement for Windows users of npm under
some circumstances.
([@isaacs](https://github.com/isaacs))

## v5.4.2 (2017-09-14):

This is a small bug fix release wrapping up most of the issues introduced with 5.4.0.
Expand Down
3 changes: 3 additions & 0 deletions deps/npm/doc/cli/npm-access.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,9 @@ You must have privileges to set the access of a package:
* You have been given read-write privileges for a package, either as a member
of a team or directly as an owner.

If you have two-factor authentication enabled then you'll have to pass in an
otp with `--otp` when making access changes.

If your account is not paid, then attempts to publish scoped packages will fail
with an HTTP 402 status code (logically enough), unless you use
`--access=public`.
Expand Down
4 changes: 3 additions & 1 deletion deps/npm/doc/cli/npm-dist-tag.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,9 @@ Add, remove, and enumerate distribution tags on a package:

* add:
Tags the specified version of the package with the specified tag, or the
`--tag` config if not specified.
`--tag` config if not specified. The tag you're adding is `latest` and you
have two-factor authentication on auth-and-writes then you'll need to include
an otp on the command line with `--otp`.

* rm:
Clear a tag that is no longer in use from the package.
Expand Down
4 changes: 4 additions & 0 deletions deps/npm/doc/cli/npm-owner.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,10 @@ Note that there is only one level of access. Either you can modify a package,
or you can't. Future versions may contain more fine-grained access levels, but
that is not implemented at this time.

If you have two-factor authentication enabled with `auth-and-writes` then
you'll need to include an otp on the command line when changing ownership
with `--otp`.

## SEE ALSO

* npm-publish(1)
Expand Down
74 changes: 74 additions & 0 deletions deps/npm/doc/cli/npm-profile.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
npm-profile(1) -- Change settings on your registry profile
==========================================================

## SYNOPSIS

npm profile get [--json|--parseable] [<property>]
npm profile set [--json|--parseable] <property> <value>
npm profile set password
npm profile enable-2fa [auth-and-writes|auth-only]
npm profile disable-2fa

## DESCRIPTION

Change your profile information on the registry. This not be available if
you're using a non-npmjs registry.

* `npm profile get [<property>]`:
Display all of the properties of your profile, or one or more specific
properties. It looks like:

```
+-----------------+---------------------------+
| name | example |
+-----------------+---------------------------+
| email | me@example.com (verified) |
+-----------------+---------------------------+
| two factor auth | auth-and-writes |
+-----------------+---------------------------+
| fullname | Example User |
+-----------------+---------------------------+
| homepage | |
+-----------------+---------------------------+
| freenode | |
+-----------------+---------------------------+
| twitter | |
+-----------------+---------------------------+
| github | |
+-----------------+---------------------------+
| created | 2015-02-26T01:38:35.892Z |
+-----------------+---------------------------+
| updated | 2017-10-02T21:29:45.922Z |
+-----------------+---------------------------+
```

* `npm profile set <property> <value>`:
Set the value of a profile property. You can set the following properties this way:
email, fullname, homepage, freenode, twitter, github

* `npm profile set password`:
Change your password. This is interactive, you'll be prompted for your
current password and a new password. You'll also be prompted for an OTP
if you have two-factor authentication enabled.

* `npm profile enable-2fa [auth-and-writes|auth-only]`:
Enables two-factor authentication. Defaults to `auth-and-writes` mode. Modes are:
* `auth-only`: Require an OTP when logging in or making changes to your
account's authentication. The OTP will be required on both the website
and the command line.
* `auth-and-writes`: Requires an OTP at all the times `auth-only` does, and also requires one when
publishing a module, setting the `latest` dist-tag, or changing access
via `npm access` and `npm owner`.

* `npm profile disable-2fa`:
Disables two-factor authentication.

## DETAILS

All of the `npm profile` subcommands accept `--json` and `--parseable` and
will tailor their output based on those. Some of these commands may not be
available on non npmjs.com registries.

## SEE ALSO

* npm-config(7)
8 changes: 7 additions & 1 deletion deps/npm/doc/cli/npm-publish.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ npm-publish(1) -- Publish a package

## SYNOPSIS

npm publish [<tarball>|<folder>] [--tag <tag>] [--access <public|restricted>]
npm publish [<tarball>|<folder>] [--tag <tag>] [--access <public|restricted>] [--otp otpcode]

Publishes '.' if no argument supplied
Sets tag 'latest' if no --tag specified
Expand Down Expand Up @@ -41,6 +41,11 @@ specifying a different default registry or using a `npm-scope(7)` in the name
If you don't have a paid account, you must publish with `--access public`
to publish scoped packages.

* `[--otp <otpcode>]`
If you have two-factor authentication enabled in `auth-and-writes` mode
then you can provide a code from your authenticator with this. If you
don't include this and you're running from a TTY then you'll be prompted.

Fails if the package name and version combination already exists in
the specified registry.

Expand All @@ -65,3 +70,4 @@ packs them into a tarball to be uploaded to the registry.
* npm-deprecate(1)
* npm-dist-tag(1)
* npm-pack(1)
* npm-profile(1)
59 changes: 59 additions & 0 deletions deps/npm/doc/cli/npm-token.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
npm-token(1) -- Manage your authentication tokens
=================================================

## SYNOPSIS

npm token list [--json|--parseable]
npm token create [--read-only] [--cidr=1.1.1.1/24,2.2.2.2/16]
npm token delete <id|token>

## DESCRIPTION

This list you list, create and delete authentication tokens.

* `npm token list`:
Shows a table of all active authentication tokens. You can request this as
JSON with `--json` or tab-separated values with `--parseable`.
```
+--------+---------+------------+----------+----------------+
| id | token | created | read-only | CIDR whitelist |
+--------+---------+------------+----------+----------------+
| 7f3134 | 1fa9ba… | 2017-10-02 | yes | |
+--------+---------+------------+----------+----------------+
| c03241 | af7aef… | 2017-10-02 | no | 192.168.0.1/24 |
+--------+---------+------------+----------+----------------+
| e0cf92 | 3a436a… | 2017-10-02 | no | |
+--------+---------+------------+----------+----------------+
| 63eb9d | 74ef35… | 2017-09-28 | no | |
+--------+---------+------------+----------+----------------+
| 2daaa8 | cbad5f… | 2017-09-26 | no | |
+--------+---------+------------+----------+----------------+
| 68c2fe | 127e51… | 2017-09-23 | no | |
+--------+---------+------------+----------+----------------+
| 6334e1 | 1dadd1… | 2017-09-23 | no | |
+--------+---------+------------+----------+----------------+
```

* `npm token create [--read-only] [--cidr=<cidr-ranges>]`:
Create a new authentication token. It can be `--read-only` or accept a list of
[CIDR](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) ranges to
limit use of this token to. This will prompt you for your password, and, if you have
two-factor authentication enabled, an otp.

```
+----------------+--------------------------------------+
| token | a73c9572-f1b9-8983-983d-ba3ac3cc913d |
+----------------+--------------------------------------+
| cidr_whitelist | |
+----------------+--------------------------------------+
| readonly | false |
+----------------+--------------------------------------+
| created | 2017-10-02T07:52:24.838Z |
+----------------+--------------------------------------+
```

* `npm token delete <token|id>`:
This removes an authentication token, making it immediately unusable. This can accept
both complete tokens (as you get back from `npm token create` and will
find in your `.npmrc`) and ids as seen in the `npm token list` output.
This will NOT accept the truncated token found in `npm token list` output.
22 changes: 22 additions & 0 deletions deps/npm/doc/misc/npm-config.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -269,6 +269,13 @@ PEM format (Windows calls it "Base-64 encoded X.509 (.CER)") with newlines repla

It is _not_ the path to a certificate file (and there is no "certfile" option).

### cidr

* Default: `null`
* Type: String, Array, null

This is a list of CIDR address to be used when configuring limited access tokens with the `npm token create` command.

### color

* Default: true
Expand Down Expand Up @@ -699,6 +706,14 @@ Attempt to install packages in the `optionalDependencies` object. Note
that if these packages fail to install, the overall installation
process is not aborted.

### otp

* Default: null
* Type: Number

This is a one-time password from a two-factor authenticator. It's needed
when publishing or changing package permissions with `npm access`.

### package-lock

* Default: true
Expand Down Expand Up @@ -773,6 +788,13 @@ A proxy to use for outgoing http requests. If the `HTTP_PROXY` or
`http_proxy` environment variables are set, proxy settings will be
honored by the underlying `request` library.

### read-only

* Default: false
* Type: Boolean

This is used to mark a token as unable to publish when configuring limited access tokens with the `npm token create` command.

### rebuild-bundle

* Default: true
Expand Down
8 changes: 8 additions & 0 deletions deps/npm/doc/misc/npm-index.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,10 @@ Ping npm registry

Display prefix

### npm-profile(1)

Change settings on your registry profile

### npm-prune(1)

Remove extraneous packages
Expand Down Expand Up @@ -189,6 +193,10 @@ Manage organization teams and team memberships

Test a package

### npm-token(1)

Manage your authentication tokens

### npm-uninstall(1)

Remove a package
Expand Down
2 changes: 1 addition & 1 deletion deps/npm/html/doc/README.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -127,5 +127,5 @@ <h2 id="see-also">SEE ALSO</h2>
<tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
<tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
</table>
<p id="footer"><a href="../doc/README.html">README</a> &mdash; npm@5.4.2</p>
<p id="footer"><a href="../doc/README.html">README</a> &mdash; npm@5.5.1</p>

4 changes: 3 additions & 1 deletion deps/npm/html/doc/cli/npm-access.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,8 @@ <h2 id="details">DETAILS</h2>
<li>You have been given read-write privileges for a package, either as a member
of a team or directly as an owner.</li>
</ul>
<p>If you have two-factor authentication enabled then you&#39;ll have to pass in an
otp with <code>--otp</code> when making access changes.</p>
<p>If your account is not paid, then attempts to publish scoped packages will fail
with an HTTP 402 status code (logically enough), unless you use
<code>--access=public</code>.</p>
Expand All @@ -84,5 +86,5 @@ <h2 id="see-also">SEE ALSO</h2>
<tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
<tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
</table>
<p id="footer">npm-access &mdash; npm@5.4.2</p>
<p id="footer">npm-access &mdash; npm@5.5.1</p>

Loading

0 comments on commit 0d7e4d2

Please sign in to comment.