diff --git a/deps/npm/.licensee.json b/deps/npm/.licensee.json index 820425a9ce8..ad7c8123673 100644 --- a/deps/npm/.licensee.json +++ b/deps/npm/.licensee.json @@ -1,5 +1,6 @@ { "license": "(MIT OR BSD-2-Clause OR BSD-3-Clause OR Apache-2.0 OR ISC OR Unlicense OR CC-BY-3.0 OR CC0-1.0 OR Artistic-2.0)", + "corrections": true, "whitelist": { "config-chain": "1.1.12", "cyclist": "0.2.2", diff --git a/deps/npm/.npmignore b/deps/npm/.npmignore index 1b32b033e23..12efef27852 100644 --- a/deps/npm/.npmignore +++ b/deps/npm/.npmignore @@ -4,7 +4,7 @@ npm-debug.log /.github /test node_modules/marked -node_modules/ronn +node_modules/marked-man node_modules/tap node_modules/.bin node_modules/npm-registry-mock diff --git a/deps/npm/AUTHORS b/deps/npm/AUTHORS index a011b51d6a0..b9aee778afd 100644 --- a/deps/npm/AUTHORS +++ b/deps/npm/AUTHORS @@ -619,3 +619,14 @@ Beni von Cheni Frédéric Harper Johannes Würbach ƇʘƁ̆ąƇ́ +Eli Doran +Tobias Koppers +Grey Baker +JT Turner +Audrey Eschright +Alexander Gudulin +Philipp Hagemeister +Amadou Sall +Chris Manson +vlasy +Emilis Dambauskas (Tokenmill) diff --git a/deps/npm/CHANGELOG.md b/deps/npm/CHANGELOG.md index 794ae106044..51141fc6545 100644 --- a/deps/npm/CHANGELOG.md +++ b/deps/npm/CHANGELOG.md @@ -1,3 +1,174 @@ +## v6.9.0 (2018-02-20): + +### FEATURES + +* [`2ba3a0f67`](https://github.com/npm/cli/commit/2ba3a0f6721f6d5a16775aebce6012965634fc7c) + [#90](https://github.com/npm/cli/pull/90) + Time traveling installs using the `--before` flag. + ([@zkat](https://github.com/zkat)) +* [`b7b54f2d1`](https://github.com/npm/cli/commit/b7b54f2d18e2d8d65ec67c850b21ae9f01c60e7e) + [#3](https://github.com/npm/cli/pull/3) + Add support for package aliases. This allows packages to be installed under a + different directory than the package name listed in `package.json`, and adds a + new dependency type to allow this to be done for registry dependencies. + ([@zkat](https://github.com/zkat)) +* [`684bccf06`](https://github.com/npm/cli/commit/684bccf061dfc97bb759121bc0ad635e01c65868) + [#146](https://github.com/npm/cli/pull/146) + Always save `package-lock.json` when using `--package-lock-only`. + ([@aeschright](https://github.com/aeschright)) +* [`b8b8afd40`](https://github.com/npm/cli/commit/b8b8afd4048b4ba1181e00ba2ac49ced43936ce0) + [#139](https://github.com/npm/cli/pull/139) + Make empty-string run-scripts run successfully as a no-op. + ([@vlasy](https://github.com/vlasy)) +* [`8047b19b1`](https://github.com/npm/cli/commit/8047b19b1b994fd4b4e7b5c91d7cc4e0384bd5e4) + [npm.community#3784](https://npm.community/t/3784) + Match git semver ranges when flattening the tree. + ([@larsgw](https://github.com/larsgw)) +* [`e135c2bb3`](https://github.com/npm/cli/commit/e135c2bb360dcf00ecee34a95985afec21ba3655) + [npm.community#1725](https://npm.community/t/1725?u=larsgw) + Re-enable updating local packages. + ([@larsgw](https://github.com/larsgw)) + +### BUGFIXES + +* [`cf09fbaed`](https://github.com/npm/cli/commit/cf09fbaed489d908e9b551382cc5f61bdabe99a9) + [#153](https://github.com/npm/cli/pull/153) + Set modified to undefined in `npm view` when `time` is not available. This + fixes a bug where `npm view` would crash on certain third-party registries. + ([@simonua](https://github.com/simonua)) +* [`774fc26ee`](https://github.com/npm/cli/commit/774fc26eeb01345c11bd8c97e2c4f328d419d9b5) + [#154](https://github.com/npm/cli/pull/154) + Print out tar version in `install.sh` only when the flag is supported not all + the tar implementations support --version flag. This allows the install script + to work in OpenBSD, for example. + ([@agudulin](https://github.com/agudulin)) +* [`863baff11`](https://github.com/npm/cli/commit/863baff11d8c870f1a0d9619bb5133c67d71e407) + [#158](https://github.com/npm/cli/pull/158) + Fix typo in error message for `npm stars`. + ([@phihag](https://github.com/phihag)) +* [`a805a95ad`](https://github.com/npm/cli/commit/a805a95ad8832ef5008671f4bd4c11b83e32e0f2) + [npm.community#4227](https://npm.community/t/4227) + Strip version info from pkg on E404. This improves the error messaging format. + ([@larsgw](https://github.com/larsgw)) + +### DOCS + +* [`5d7633833`](https://github.com/npm/cli/commit/5d76338338621fd0b3d4f7914a51726d27569ee1) + [#160](https://github.com/npm/cli/pull/160) + Add `npm add` as alias to npm install in docs. + ([@ahasall](https://github.com/ahasall)) +* [`489c2211c`](https://github.com/npm/cli/commit/489c2211c96a01d65df50fd57346c785bcc3efe6) + [#162](https://github.com/npm/cli/pull/162) + Fix link to RFC #10 in the changelog. + ([@mansona](https://github.com/mansona)) +* [`433020ead`](https://github.com/npm/cli/commit/433020ead5251b562bc3b0f5f55341a5b8cc9023) + [#135](https://github.com/npm/cli/pull/135) + Describe exit codes in npm-audit docs. + ([@emilis-tm](https://github.com/emilis-tm)) + +### DEPENDENCIES + +* [`ee6b6746b`](https://github.com/npm/cli/commit/ee6b6746b04f145dfe489af2d26667ac32ba0cef) + [zkat/make-fetch-happen#29](https://github.com/zkat/make-fetch-happen/issues/29) + `agent-base@4.2.1` + ([@TooTallNate](https://github.com/TooTallNate)) +* [`2ce23baf5`](https://github.com/npm/cli/commit/2ce23baf53b1ce7d11b8efb80c598ddaf9cef9e7) + `lock-verify@2.1.0`: + Adds support for package aliases + ([@zkat](https://github.com/zkat)) +* [`baaedbc6e`](https://github.com/npm/cli/commit/baaedbc6e2fc370d73b35e7721794719115507cc) + `pacote@9.5.0`: + Adds opts.before support + ([@zkat](https://github.com/zkat)) +* [`57e771a03`](https://github.com/npm/cli/commit/57e771a032165d1e31e71d0ff7530442139c21a6) + [#164](https://github.com/npm/cli/pull/164) + `licensee@6.1.0` + ([@kemitchell](https://github.com/kemitchell)) +* [`2b78288d4`](https://github.com/npm/cli/commit/2b78288d4accd10c1b7cc6c36bc28045f5634d91) + add core to default inclusion tests in pack + ([@Kat Marchán](https://github.com/Kat Marchán)) +* [`9b8b6513f`](https://github.com/npm/cli/commit/9b8b6513fbce92764b32a067322984985ff683fe) + [npm.community#5382](https://npm.community/t/npm-pack-leaving-out-files-6-8-0-only/5382) + `npm-packlist@1.4.1`: Fixes bug where `core/` directories were being suddenly excluded. + ([@zkat](https://github.com/zkat)) + +## v6.8.0 (2019-02-07): + +This release includes an implementation of [RFC #10](https://github.com/npm/rfcs/blob/latest/implemented/0010-monorepo-subdirectory-declaration.md), documenting an optional field that can be used to specify +the directory path for a package within a monorepo. + +### NEW FEATURES + +* [`3663cdef2`](https://github.com/npm/cli/commit/3663cdef205fa9ba2c2830e5ef7ceeb31c30298c) + [#140](https://github.com/npm/cli/pull/140) + Update package.json docs to include repository.directory details. + ([@greysteil](https://github.com/greysteil)) + +### BUGFIXES + +* [`550bf703a`](https://github.com/npm/cli/commit/550bf703ae3e31ba6a300658ae95b6937f67b68f) + Add @types to ignore list to fix git clean -fd. + ([@zkat](https://github.com/zkat)) +* [`cdb059293`](https://github.com/npm/cli/commit/cdb0592939d6256c80f7ec5a2b6251131a512a2a) + [#144](https://github.com/npm/cli/pull/144) + Fix common.npm callback arguments. + ([@larsgw](https://github.com/larsgw)) +* [`25573e9b9`](https://github.com/npm/cli/commit/25573e9b9d5d26261c68d453f06db5b3b1cd6789) + [npm.community#4770](https://npm.community/t/https://npm.community/t/4770) + Show installed but unmet peer deps. + ([@larsgw](https://github.com/larsgw)) +* [`ce2c4bd1a`](https://github.com/npm/cli/commit/ce2c4bd1a2ce7ac1727a4ca9a350b743a2e27b2a) + [#149](https://github.com/npm/cli/pull/149) + Use figgy-config to make sure extra opts are there. + ([@zkat](https://github.com/zkat)) +* [`3c22d1a35`](https://github.com/npm/cli/commit/3c22d1a35878f73c0af8ea5968b962a85a1a9b84) + [npm.community#5101](https://npm.community/t/npm-6-6-0-breaks-access-to-ls-collaborators/5101) + Fix `ls-collaborators` access error for non-scoped case. + ([@zkat](https://github.com/zkat)) +* [`d5137091d`](https://github.com/npm/cli/commit/d5137091dd695a2980f7ade85fdc56b2421ff677) + [npm.community#754](https://npm.community/t/npm-install-for-package-with-local-dependency-fails/754) + Fix issue with sub-folder local references. + ([@iarna](https://github.com/iarna)) + ([@jhecking](https://github.com/jhecking)) + +### DEPENDENCY BUMPS + +* [`d72141080`](https://github.com/npm/cli/commit/d72141080ec8fcf35bcc5650245efbe649de053e) + `npm-registry-couchapp@2.7.1` + ([@zkat](https://github.com/zkat)) +* [`671cad1b1`](https://github.com/npm/cli/commit/671cad1b18239d540da246d6f78de45d9f784396) + `npm-registry-fetch@3.9.0`: + Make sure publishing with legacy username:password `_auth` works again. + ([@zkat](https://github.com/zkat)) +* [`95ca1aef4`](https://github.com/npm/cli/commit/95ca1aef4077c8e68d9f4dce37f6ba49b591c4ca) + `pacote@9.4.1` + ([@aeschright](https://github.com/aeschright)) +* [`322fef403`](https://github.com/npm/cli/commit/322fef40376e71cd100159dc914e7ca89faae327) + `normalize-package-data@2.5.0` + ([@aeschright](https://github.com/aeschright)) +* [`32d34c0da`](https://github.com/npm/cli/commit/32d34c0da4f393a74697297667eb9226155ecc6b) + `npm-packlist@1.3.0` + ([@aeschright](https://github.com/aeschright)) +* [`338571cf0`](https://github.com/npm/cli/commit/338571cf0bd3a1e2ea800464d57581932ff0fb11) + `read-package-tree@5.2.2` + ([@zkat](https://github.com/zkat)) + +### MISC + +* [`89b23a5f7`](https://github.com/npm/cli/commit/89b23a5f7b0ccdcdda1d7d4d3eafb6903156d186) + [#120](https://github.com/npm/cli/pull/120) + Use `const` in lib/fetch-package-metadata.md. + ([@watilde](https://github.com/watilde)) +* [`4970d553c`](https://github.com/npm/cli/commit/4970d553c0ea66128931d118469fd31c87cc7986) + [#126](https://github.com/npm/cli/pull/126) + Replace ronn with marked-man in `.npmignore`. + ([@watilde](https://github.com/watilde)) +* [`d9b6090dc`](https://github.com/npm/cli/commit/d9b6090dc26cd0fded18b4f80248cff3e51bb185) + [#138](https://github.com/npm/cli/pull/138) + Reduce work to test if executable ends with a 'g'. + ([@elidoran](https://github.com/elidoran)) + ([@larsgw](https://github.com/larsgw)) + ## v6.7.0 (2019-01-23): Hey y'all! This is a quick hotfix release that includes some important fixes to diff --git a/deps/npm/bin/npm-cli.js b/deps/npm/bin/npm-cli.js index 6f76b238285..705aa472e7e 100755 --- a/deps/npm/bin/npm-cli.js +++ b/deps/npm/bin/npm-cli.js @@ -25,7 +25,6 @@ unsupported.checkForUnsupportedNode() - var path = require('path') var npm = require('../lib/npm.js') var npmconf = require('../lib/config/core.js') var errorHandler = require('../lib/utils/error-handler.js') @@ -37,7 +36,7 @@ // if npm is called as "npmg" or "npm_g", then // run in global mode. - if (path.basename(process.argv[1]).slice(-1) === 'g') { + if (process.argv[1][process.argv[1].length - 1] === 'g') { process.argv.splice(1, 1, 'npm', '-g') } diff --git a/deps/npm/doc/cli/npm-audit.md b/deps/npm/doc/cli/npm-audit.md index 4c6d717418a..f63bbd356d5 100644 --- a/deps/npm/doc/cli/npm-audit.md +++ b/deps/npm/doc/cli/npm-audit.md @@ -65,7 +65,8 @@ $ npm audit --parseable | awk -F $'\t' '{print $1,$4}' The audit command submits a description of the dependencies configured in your project to your default registry and asks for a report of known vulnerabilities. The report returned includes instructions on how to act on -this information. +this information. The command will exit with a 0 exit code if no +vulnerabilities were found. You can also have npm automatically fix the vulnerabilities by running `npm audit fix`. Note that some vulnerabilities cannot be fixed automatically and @@ -99,6 +100,13 @@ The non-reversible identifiers are a sha256 of a session-specific UUID and the value being replaced, ensuring a consistent value within the payload that is different between runs. +## EXIT CODE + +The `npm audit` command will exit with a 0 exit code if no vulnerabilities were found. + +If vulnerabilities were found the exit code will depend on the `audit-level` +configuration setting. + ## SEE ALSO * npm-install(1) diff --git a/deps/npm/doc/cli/npm-install.md b/deps/npm/doc/cli/npm-install.md index 336311dbfb2..4ff4a47cbcf 100644 --- a/deps/npm/doc/cli/npm-install.md +++ b/deps/npm/doc/cli/npm-install.md @@ -14,7 +14,7 @@ npm-install(1) -- Install a package npm install npm install - alias: npm i + aliases: npm i, npm add common options: [-P|--save-prod|-D|--save-dev|-O|--save-optional] [-E|--save-exact] [-B|--save-bundle] [--no-save] [--dry-run] ## DESCRIPTION diff --git a/deps/npm/doc/files/package.json.md b/deps/npm/doc/files/package.json.md index dd6492af084..95e77d34c5f 100644 --- a/deps/npm/doc/files/package.json.md +++ b/deps/npm/doc/files/package.json.md @@ -393,6 +393,15 @@ shortcut syntax you use for `npm install`: "repository": "gitlab:user/repo" +If the `package.json` for your package is not in the root directory (for example +if it is part of a monorepo), you can specify the directory in which it lives: + + "repository": { + "type" : "git", + "url" : "https://github.com/facebook/react.git", + "directory": "packages/react-dom" + } + ## scripts The "scripts" property is a dictionary containing script commands that are run diff --git a/deps/npm/doc/misc/npm-config.md b/deps/npm/doc/misc/npm-config.md index 8f04a76010c..88d30b62ca2 100644 --- a/deps/npm/doc/misc/npm-config.md +++ b/deps/npm/doc/misc/npm-config.md @@ -179,6 +179,22 @@ a non-zero exit code. What authentication strategy to use with `adduser`/`login`. +### before + +* Alias: enjoy-by +* Default: null +* Type: Date + +If passed to `npm install`, will rebuild the npm tree such that only versions +that were available **on or before** the `--before` time get installed. +If there's no versions available for the current set of direct dependencies, the +command will error. + +If the requested version is a `dist-tag` and the given tag does not pass the +`--before` filter, the most recent version less than or equal to that tag will +be used. For example, `foo@latest` might install `foo@1.2` even though `latest` +is `2.0`. + ### bin-links * Default: `true` diff --git a/deps/npm/html/doc/README.html b/deps/npm/html/doc/README.html index a69fa3d7e45..c575f39bab3 100644 --- a/deps/npm/html/doc/README.html +++ b/deps/npm/html/doc/README.html @@ -118,5 +118,5 @@ doubt tell you to put the output in a gist or email.

       - + diff --git a/deps/npm/html/doc/cli/npm-access.html b/deps/npm/html/doc/cli/npm-access.html index 0904466dd0a..c0e7943d6b3 100644 --- a/deps/npm/html/doc/cli/npm-access.html +++ b/deps/npm/html/doc/cli/npm-access.html @@ -93,5 +93,5 @@ with an HTTP 402 status code (logically enough), unless you use        - + diff --git a/deps/npm/html/doc/cli/npm-adduser.html b/deps/npm/html/doc/cli/npm-adduser.html index abea1da85b3..a946f67f66c 100644 --- a/deps/npm/html/doc/cli/npm-adduser.html +++ b/deps/npm/html/doc/cli/npm-adduser.html @@ -78,5 +78,5 @@ username/password entry in legacy npm.

       - + diff --git a/deps/npm/html/doc/cli/npm-audit.html b/deps/npm/html/doc/cli/npm-audit.html index 311c2a68999..7d6704ab9c8 100644 --- a/deps/npm/html/doc/cli/npm-audit.html +++ b/deps/npm/html/doc/cli/npm-audit.html @@ -33,7 +33,8 @@ some of the columns printed:

The audit command submits a description of the dependencies configured in your project to your default registry and asks for a report of known vulnerabilities. The report returned includes instructions on how to act on -this information.

+this information. The command will exit with a 0 exit code if no +vulnerabilities were found.

You can also have npm automatically fix the vulnerabilities by running npm audit fix. Note that some vulnerabilities cannot be fixed automatically and will require manual intervention or review. Also note that since npm audit fix @@ -63,6 +64,10 @@ registry has its name scrubbed. (That is, a scope you did a npm login --s

The non-reversible identifiers are a sha256 of a session-specific UUID and the value being replaced, ensuring a consistent value within the payload that is different between runs.

+

EXIT CODE

+

The npm audit command will exit with a 0 exit code if no vulnerabilities were found.

+

If vulnerabilities were found the exit code will depend on the audit-level +configuration setting.

SEE ALSO