Release/v7.0.0 beta.12

.github/workflows/ci.yml

@@ -37,16 +37,18 @@ jobs:
     - name: Install dependencies
       run: node . install
 
-      # Run the tests
+      # Run the tests, but not if we're just gonna do coveralls later anyway
     - name: Run Tap tests
-      run: node . test -- -t600 -Rclassic -c
+      if: matrix.platform.os != 'ubuntu-latest' || matrix.node-version != '12.x'
+      run: node . test -- -t600 -Rbase -c
       env:
         DEPLOY_VERSION: testing
 
       # Run coverage check
     - name: Run coverage report
-      if: matrix.os == 'ubuntu-latest' && matrix.node-version == '12.x'
-      run: node . test -- -t600 -Rclassic -c
+      if: matrix.platform.os == 'ubuntu-latest' && matrix.node-version == '12.x'
+      # turn off --check-coverage until 100%, so CI failure is relevant
+      run: node . run check-coverage -- -t600 --no-check-coverage -Rbase -c
       env:
         DEPLOY_VERSION: testing
         COVERALLS_REPO_TOKEN: ${{ secrets.COVERALLS_OPTIONAL_TOKEN }}
@@ -55,5 +57,7 @@ jobs:
     #   if: matrix.os == 'ubuntu-latest'
     #   run: sudo PATH=$PATH $(which node) . test -- --coverage  --timeout 600
 
+    # no need to check licenses everywhere, they don't change between versions
     - name: Validate licenses
+      if: matrix.os == 'ubuntu-latest' && matrix.node-version == '12.x'
       run: node . run licenses

AUTHORS

@@ -702,3 +702,5 @@ Masafumi Koba <ybiquitous@gmail.com>
 jamesgeorge007 <jamesgeorge998001@gmail.com>
 Mickael Jeanroy <mickael.jeanroy@gmail.com>
 Myles Borins <mylesborins@github.com>
+Nathan LaFreniere <quitlahok@gmail.com>
+Lucio Martinez <lucio.martinez@sixt.com>

CHANGELOG.md

@@ -1,3 +1,36 @@
+## v7.0.0-beta.12 (2020-09-22)
+
+* [`24f3a5448`](https://github.com/npm/cli/commit/24f3a5448f021ad603046dfb9fd97ed66bd63bba)
+  [#1811](https://github.com/npm/cli/issues/1811)
+  npm ci should never save package.json or lockfile
+  ([@isaacs](https://github.com/isaacs))
+* [`5e780a5f0`](https://github.com/npm/cli/commit/5e780a5f067476c1d207173fc9249faf9eaac0c2)
+  remove unused spec parameter, assign error code
+  ([@nlf](https://github.com/nlf))
+* [`f019a248a`](https://github.com/npm/cli/commit/f019a248a67e8c46dbe41bf31f4818c5ca2138bf)
+  Remove unused npx binary
+  ([@isaacs](https://github.com/isaacs))
+* [`db157b3ce`](https://github.com/npm/cli/commit/db157b3ceb46327ca2089604d5f4fc9de391584e)
+  `@npmcli/arborist@0.0.27`
+    * Resolve race condition with conflicting bin links in local installs
+    * [#1812](https://github.com/npm/cli/issues/1812) Log engine mismatches more usefully
+    * [#1814](https://github.com/npm/cli/issues/1814) Do not loop trying to resolve dependencies that fail to load
+    * [npm/rfcs#224](https://github.com/npm/rfcs/pull/224) Do not automatically install optional peer dependencies
+    * Add the `strictPeerDeps` option, defaulting to `false`
+    * fix forwarding configs to resolve pkg spec when adding new deps
+* [`b3a50d275`](https://github.com/npm/cli/commit/b3a50d27501e47c61b52c3cc4de99ff4e4641efe)
+  [#1846](https://github.com/npm/cli/pull/1846)
+  `@npmcli/run-script@1.6.0`
+    * This updates node-gyp to v7, allowing us to deduplicate a lot of significant dependencies.
+* [`a1d375f6b`](https://github.com/npm/cli/commit/a1d375f6b0ee358be41110a49acc1c9fdb775fbe)
+  [#1819](https://github.com/npm/cli/pull/1819)
+  Add `--strict-peer-deps` option
+  ([@isaacs](https://github.com/isaacs))
+* [`5837a4843`](https://github.com/npm/cli/commit/5837a4843ab1f19fb62f60151f522ca0fa5449ae)
+  [#1699](https://github.com/npm/cli/pull/1699)
+  Use allow/deny list in docs
+  ([@luciomartinez](https://github.com/luciomartinez))
+
 ## v7.0.0-beta.11 (2020-09-16)
 
 * [`63005f4a9`](https://github.com/npm/cli/commit/63005f4a98d55786fda46f3bbb3feab044d078df)

docs/content/configuring-npm/package-json.md

@@ -825,16 +825,16 @@ module will run on:
 "os" : [ "darwin", "linux" ]
 ```
 
-You can also blacklist instead of whitelist operating systems,
-just prepend the blacklisted os with a '!':
+You can also block instead of allowing operating systems,
+just prepend the blocked os with a '!':
 
 ```json
 "os" : [ "!win32" ]
 ```
 
 The host operating system is determined by `process.platform`
 
-It is allowed to both blacklist, and whitelist, although there isn't any
+It is allowed to both block and allow an item, although there isn't any
 good reason to do this.
 
 ### cpu
@@ -846,7 +846,7 @@ you can specify which ones.
 "cpu" : [ "x64", "ia32" ]
 ```
 
-Like the `os` option, you can also blacklist architectures:
+Like the `os` option, you can also block architectures:
 
 ```json
 "cpu" : [ "!arm", "!mips" ]

docs/content/using-npm/config.md

@@ -1161,6 +1161,24 @@ should be polled while the user is completing authentication.
 
 If `--auth-type=sso`, the type of SSO type to use.
 
+#### strict-peer-deps
+
+* Default: false
+* Type: Boolean
+
+If set to `true`, and `--legacy-peer-deps` is not set, then _any_
+conflicting `peerDependencies` will be treated as an install failure, even
+if npm could reasonably guess the appropriate resolution based on non-peer
+dependency relationships.
+
+By default, conflicting `peerDependencies` in the dependency graph will be
+resolved using the nearest non-peer dependency specification, even if doing
+so will result in some packages receiving a peer dependency outside the
+range set in their package's `peerDependencies` object.  When such and
+override is performed, a warning is printed, explaining the conflict and
+the packages involved.  If `--strict-peer-deps` is set, then the warning is
+treated as a failure.
+
 #### strict-ssl
 
 * Default: true

docs/content/using-npm/developers.md

@@ -152,8 +152,8 @@ The following paths and files are never ignored, so adding them to
 If, given the structure of your project, you find `.npmignore` to be a
 maintenance headache, you might instead try populating the `files`
 property of `package.json`, which is an array of file or directory names
-that should be included in your package. Sometimes a whitelist is easier
-to manage than a blacklist.
+that should be included in your package. Sometimes manually picking
+which items to allow is easier to manage than building a block list.
 
 #### Testing whether your `.npmignore` or `files` config works
 

lib/utils/config.js

@@ -111,6 +111,7 @@ const defaults = {
   key: null,
   'legacy-bundling': false,
   'legacy-peer-deps': false,
+  'strict-peer-deps': false,
   link: false,
   'local-address': undefined,
   loglevel: 'notice',
@@ -229,7 +230,6 @@ const types = {
   group: [Number, String],
   'https-proxy': [null, url],
   'user-agent': String,
-  'ham-it-up': Boolean,
   heading: String,
   'if-present': Boolean,
   include: [Array, 'prod', 'dev', 'optional', 'peer'],
@@ -246,6 +246,7 @@ const types = {
   key: [null, String],
   'legacy-bundling': Boolean,
   'legacy-peer-deps': Boolean,
+  'strict-peer-deps': Boolean,
   link: Boolean,
   'local-address': getLocalAddresses(),
   loglevel: [

lib/utils/flat-options.js

@@ -170,6 +170,7 @@ const flatOptions = npm => npm.flatOptions || Object.freeze({
   shell: npm.config.get('shell'),
   omit: buildOmitList(npm),
   legacyPeerDeps: npm.config.get('legacy-peer-deps'),
+  strictPeerDeps: npm.config.get('strict-peer-deps'),
 
   // npx stuff
   call: npm.config.get('call'),