Skip to content

Commit

Permalink
deps: upgrade npm to 8.3.0
Browse files Browse the repository at this point in the history
PR-URL: #41127
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
  • Loading branch information
npm-robot authored and danielleadams committed Dec 13, 2021
1 parent 34c6c59 commit fae4945
Show file tree
Hide file tree
Showing 39 changed files with 1,077 additions and 109 deletions.
103 changes: 103 additions & 0 deletions deps/npm/docs/content/configuring-npm/package-json.md
Original file line number Diff line number Diff line change
Expand Up @@ -871,6 +871,109 @@ if (foo) {
Entries in `optionalDependencies` will override entries of the same name in
`dependencies`, so it's usually best to only put in one place.

### overrides

If you need to make specific changes to dependencies of your dependencies, for
example replacing the version of a dependency with a known security issue,
replacing an existing dependency with a fork, or making sure that the same
version of a package is used everywhere, then you may add an override.

Overrides provide a way to replace a package in your dependency tree with
another version, or another package entirely. These changes can be scoped as
specific or as vague as desired.

To make sure the package `foo` is always installed as version `1.0.0` no matter
what version your dependencies rely on:

```json
{
"overrides": {
"foo": "1.0.0"
}
}
```

The above is a short hand notation, the full object form can be used to allow
overriding a package itself as well as a child of the package. This will cause
`foo` to always be `1.0.0` while also making `bar` at any depth beyond `foo`
also `1.0.0`:

```json
{
"overrides": {
"foo": {
".": "1.0.0",
"bar": "1.0.0"
}
}
}
```

To only override `foo` to be `1.0.0` when it's a child (or grandchild, or great
grandchild, etc) of the package `bar`:
```json
{
"overrides": {
"bar": {
"foo": "1.0.0"
}
}
}
```
Keys can be nested to any arbitrary length. To override `foo` only when it's a
child of `bar` and only when `bar` is a child of `baz`:

```json
{
"overrides": {
"baz": {
"bar": {
"foo": "1.0.0"
}
}
}
}
```

The key of an override can also include a version, or range of versions.
To override `foo` to `1.0.0`, but only when it's a child of `bar@2.0.0`:
```json
{
"overrides": {
"bar@2.0.0": {
"foo": "1.0.0"
}
}
}
```
You may not set an override for a package that you directly depend on unless
both the dependency and the override itself share the exact same spec. To make
this limitation easier to deal with, overrides may also be defined as a
reference to a spec for a direct dependency by prefixing the name of the
package you wish the version to match with a `$`.
```json
{
"dependencies": {
"foo": "^1.0.0"
},
"overrides": {
// BAD, will throw an EOVERRIDE error
// "foo": "^2.0.0"
// GOOD, specs match so override is allowed
// "foo": "^1.0.0"
// BEST, the override is defined as a reference to the dependency
"foo": "$foo",
// the referenced package does not need to match the overridden one
"bar": "$foo"
}
}
```
### engines
You can specify the version of node that your stuff works on:
Expand Down
2 changes: 1 addition & 1 deletion deps/npm/docs/output/commands/npm-ls.html
Original file line number Diff line number Diff line change
Expand Up @@ -160,7 +160,7 @@ <h3 id="description">Description</h3>
the results to only the paths to the packages named. Note that nested
packages will <em>also</em> show the paths to the specified packages. For
example, running <code>npm ls promzard</code> in npm's source tree will show:</p>
<pre lang="bash"><code>npm@8.2.0 /path/to/npm
<pre lang="bash"><code>npm@8.3.0 /path/to/npm
└─┬ init-package-json@0.0.4
└── promzard@0.1.5
</code></pre>
Expand Down
2 changes: 1 addition & 1 deletion deps/npm/docs/output/commands/npm.html
Original file line number Diff line number Diff line change
Expand Up @@ -149,7 +149,7 @@ <h2 id="table-of-contents">Table of contents</h2>
<pre lang="bash"><code>npm &lt;command&gt; [args]
</code></pre>
<h3 id="version">Version</h3>
<p>8.2.0</p>
<p>8.3.0</p>
<h3 id="description">Description</h3>
<p>npm is the package manager for the Node JavaScript platform. It puts
modules in place so that node can find them, and manages dependency
Expand Down
84 changes: 83 additions & 1 deletion deps/npm/docs/output/configuring-npm/package-json.html
Original file line number Diff line number Diff line change
Expand Up @@ -142,7 +142,7 @@ <h1 id="packagejson">package.json</h1>

<section id="table_of_contents">
<h2 id="table-of-contents">Table of contents</h2>
<div id="_table_of_contents"><ul><li><a href="#description">Description</a></li><li><a href="#name">name</a></li><li><a href="#version">version</a></li><li><a href="#description2">description</a></li><li><a href="#keywords">keywords</a></li><li><a href="#homepage">homepage</a></li><li><a href="#bugs">bugs</a></li><li><a href="#license">license</a></li><li><a href="#people-fields-author-contributors">people fields: author, contributors</a></li><li><a href="#funding">funding</a></li><li><a href="#files">files</a></li><li><a href="#main">main</a></li><li><a href="#browser">browser</a></li><li><a href="#bin">bin</a></li><li><a href="#man">man</a></li><li><a href="#directories">directories</a></li><ul><li><a href="#directoriesbin">directories.bin</a></li><li><a href="#directoriesman">directories.man</a></li></ul><li><a href="#repository">repository</a></li><li><a href="#scripts">scripts</a></li><li><a href="#config">config</a></li><li><a href="#dependencies">dependencies</a></li><ul><li><a href="#urls-as-dependencies">URLs as Dependencies</a></li><li><a href="#git-urls-as-dependencies">Git URLs as Dependencies</a></li><li><a href="#github-urls">GitHub URLs</a></li><li><a href="#local-paths">Local Paths</a></li></ul><li><a href="#devdependencies">devDependencies</a></li><li><a href="#peerdependencies">peerDependencies</a></li><li><a href="#peerdependenciesmeta">peerDependenciesMeta</a></li><li><a href="#bundleddependencies">bundledDependencies</a></li><li><a href="#optionaldependencies">optionalDependencies</a></li><li><a href="#engines">engines</a></li><li><a href="#os">os</a></li><li><a href="#cpu">cpu</a></li><li><a href="#private">private</a></li><li><a href="#publishconfig">publishConfig</a></li><li><a href="#workspaces">workspaces</a></li><li><a href="#default-values">DEFAULT VALUES</a></li><li><a href="#see-also">SEE ALSO</a></li></ul></div>
<div id="_table_of_contents"><ul><li><a href="#description">Description</a></li><li><a href="#name">name</a></li><li><a href="#version">version</a></li><li><a href="#description2">description</a></li><li><a href="#keywords">keywords</a></li><li><a href="#homepage">homepage</a></li><li><a href="#bugs">bugs</a></li><li><a href="#license">license</a></li><li><a href="#people-fields-author-contributors">people fields: author, contributors</a></li><li><a href="#funding">funding</a></li><li><a href="#files">files</a></li><li><a href="#main">main</a></li><li><a href="#browser">browser</a></li><li><a href="#bin">bin</a></li><li><a href="#man">man</a></li><li><a href="#directories">directories</a></li><ul><li><a href="#directoriesbin">directories.bin</a></li><li><a href="#directoriesman">directories.man</a></li></ul><li><a href="#repository">repository</a></li><li><a href="#scripts">scripts</a></li><li><a href="#config">config</a></li><li><a href="#dependencies">dependencies</a></li><ul><li><a href="#urls-as-dependencies">URLs as Dependencies</a></li><li><a href="#git-urls-as-dependencies">Git URLs as Dependencies</a></li><li><a href="#github-urls">GitHub URLs</a></li><li><a href="#local-paths">Local Paths</a></li></ul><li><a href="#devdependencies">devDependencies</a></li><li><a href="#peerdependencies">peerDependencies</a></li><li><a href="#peerdependenciesmeta">peerDependenciesMeta</a></li><li><a href="#bundleddependencies">bundledDependencies</a></li><li><a href="#optionaldependencies">optionalDependencies</a></li><li><a href="#overrides">overrides</a></li><li><a href="#engines">engines</a></li><li><a href="#os">os</a></li><li><a href="#cpu">cpu</a></li><li><a href="#private">private</a></li><li><a href="#publishconfig">publishConfig</a></li><li><a href="#workspaces">workspaces</a></li><li><a href="#default-values">DEFAULT VALUES</a></li><li><a href="#see-also">SEE ALSO</a></li></ul></div>
</section>

<div id="_content"><h3 id="description">Description</h3>
Expand Down Expand Up @@ -800,6 +800,88 @@ <h3 id="optionaldependencies">optionalDependencies</h3>
</code></pre>
<p>Entries in <code>optionalDependencies</code> will override entries of the same name in
<code>dependencies</code>, so it's usually best to only put in one place.</p>
<h3 id="overrides">overrides</h3>
<p>If you need to make specific changes to dependencies of your dependencies, for
example replacing the version of a dependency with a known security issue,
replacing an existing dependency with a fork, or making sure that the same
version of a package is used everywhere, then you may add an override.</p>
<p>Overrides provide a way to replace a package in your dependency tree with
another version, or another package entirely. These changes can be scoped as
specific or as vague as desired.</p>
<p>To make sure the package <code>foo</code> is always installed as version <code>1.0.0</code> no matter
what version your dependencies rely on:</p>
<pre lang="json"><code>{
"overrides": {
"foo": "1.0.0"
}
}
</code></pre>
<p>The above is a short hand notation, the full object form can be used to allow
overriding a package itself as well as a child of the package. This will cause
<code>foo</code> to always be <code>1.0.0</code> while also making <code>bar</code> at any depth beyond <code>foo</code>
also <code>1.0.0</code>:</p>
<pre lang="json"><code>{
"overrides": {
"foo": {
".": "1.0.0",
"bar": "1.0.0"
}
}
}
</code></pre>
<p>To only override <code>foo</code> to be <code>1.0.0</code> when it's a child (or grandchild, or great
grandchild, etc) of the package <code>bar</code>:</p>
<pre lang="json"><code>{
"overrides": {
"bar": {
"foo": "1.0.0"
}
}
}
</code></pre>
<p>Keys can be nested to any arbitrary length. To override <code>foo</code> only when it's a
child of <code>bar</code> and only when <code>bar</code> is a child of <code>baz</code>:</p>
<pre lang="json"><code>{
"overrides": {
"baz": {
"bar": {
"foo": "1.0.0"
}
}
}
}
</code></pre>
<p>The key of an override can also include a version, or range of versions.
To override <code>foo</code> to <code>1.0.0</code>, but only when it's a child of <code>bar@2.0.0</code>:</p>
<pre lang="json"><code>{
"overrides": {
"bar@2.0.0": {
"foo": "1.0.0"
}
}
}
</code></pre>
<p>You may not set an override for a package that you directly depend on unless
both the dependency and the override itself share the exact same spec. To make
this limitation easier to deal with, overrides may also be defined as a
reference to a spec for a direct dependency by prefixing the name of the
package you wish the version to match with a <code>$</code>.</p>
<pre lang="json"><code>{
"dependencies": {
"foo": "^1.0.0"
},
"overrides": {
// BAD, will throw an EOVERRIDE error
// "foo": "^2.0.0"
// GOOD, specs match so override is allowed
// "foo": "^1.0.0"
// BEST, the override is defined as a reference to the dependency
"foo": "$foo",
// the referenced package does not need to match the overridden one
"bar": "$foo"
}
}
</code></pre>
<h3 id="engines">engines</h3>
<p>You can specify the version of node that your stuff works on:</p>
<pre lang="json"><code>{
Expand Down
34 changes: 31 additions & 3 deletions deps/npm/lib/commands/config.js
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
const configDefs = require('../utils/config/index.js')

const mkdirp = require('mkdirp-infer-owner')
const { dirname } = require('path')
const { dirname, resolve } = require('path')
const { promisify } = require('util')
const fs = require('fs')
const readFile = promisify(fs.readFile)
Expand All @@ -11,6 +11,7 @@ const { spawn } = require('child_process')
const { EOL } = require('os')
const ini = require('ini')
const localeCompare = require('@isaacs/string-locale-compare')('en')
const rpj = require('read-package-json-fast')
const log = require('../utils/log-shim.js')

// take an array of `[key, value, k2=v2, k3, v3, ...]` and turn into
Expand All @@ -28,7 +29,17 @@ const keyValues = args => {
return kv
}

const publicVar = k => !/^(\/\/[^:]+:)?_/.test(k)
const publicVar = k => {
// _password
if (k.startsWith('_')) {
return false
}
// //localhost:8080/:_password
if (k.startsWith('//') && k.includes(':_')) {
return false
}
return true
}

const BaseCommand = require('../base-command.js')
class Config extends BaseCommand {
Expand Down Expand Up @@ -147,7 +158,7 @@ class Config extends BaseCommand {
const out = []
for (const key of keys) {
if (!publicVar(key)) {
throw `The ${key} option is protected, and cannot be retrieved in this way`
throw new Error(`The ${key} option is protected, and cannot be retrieved in this way`)
}

const pref = keys.length > 1 ? `${key}=` : ''
Expand Down Expand Up @@ -257,6 +268,23 @@ ${defData}
`; HOME = ${process.env.HOME}`,
'; Run `npm config ls -l` to show all defaults.'
)
msg.push('')
}

if (!this.npm.config.get('global')) {
const pkgPath = resolve(this.npm.prefix, 'package.json')
const pkg = await rpj(pkgPath).catch(() => ({}))

if (pkg.publishConfig) {
msg.push(`; "publishConfig" from ${pkgPath}`)
msg.push('; This set of config values will be used at publish-time.', '')
const pkgKeys = Object.keys(pkg.publishConfig).sort(localeCompare)
for (const k of pkgKeys) {
const v = publicVar(k) ? JSON.stringify(pkg.publishConfig[k]) : '(protected)'
msg.push(`${k} = ${v}`)
}
msg.push('')
}
}

this.npm.output(msg.join('\n').trim())
Expand Down
10 changes: 7 additions & 3 deletions deps/npm/lib/commands/publish.js
Original file line number Diff line number Diff line change
Expand Up @@ -104,11 +104,15 @@ class Publish extends BaseCommand {
const resolved = npa.resolve(manifest.name, manifest.version)
const registry = npmFetch.pickRegistry(resolved, opts)
const creds = this.npm.config.getCredentialsByURI(registry)
const outputRegistry = replaceInfo(registry)
if (!creds.token && !creds.username) {
throw Object.assign(new Error('This command requires you to be logged in.'), {
code: 'ENEEDAUTH',
})
throw Object.assign(
new Error(`This command requires you to be logged in to ${outputRegistry}`), {
code: 'ENEEDAUTH',
}
)
}
log.notice('', `Publishing to ${outputRegistry}`)
await otplease(opts, opts => libpub(manifest, tarballData, opts))
}

Expand Down
1 change: 1 addition & 0 deletions deps/npm/lib/utils/exit-handler.js
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,7 @@ const exitHandler = err => {
exitCode = err.code
noLogMessage = true
} else if (typeof err === 'string') {
// XXX: we should stop throwing strings
log.error('', err)
noLogMessage = true
} else if (!(err instanceof Error)) {
Expand Down
Loading

0 comments on commit fae4945

Please sign in to comment.