diff --git a/.commitlintrc.cjs b/.commitlintrc.cjs index e9c80b9..b706e52 100644 --- a/.commitlintrc.cjs +++ b/.commitlintrc.cjs @@ -7,5 +7,6 @@ module.exports = { 'header-max-length': [2, 'always', 80], 'subject-case': [0], 'body-max-line-length': [0], + 'footer-max-line-length': [0], }, } diff --git a/.github/actions/create-check/action.yml b/.github/actions/create-check/action.yml index aa24a5b..d1220c9 100644 --- a/.github/actions/create-check/action.yml +++ b/.github/actions/create-check/action.yml @@ -25,7 +25,7 @@ runs: with: result-encoding: string script: | - const { repo: { owner, repo}, runId, serverUrl } = context + const { repo: { owner, repo}, runId, serverUrl } = context const { JOB_NAME, SHA } = process.env const job = await github.rest.actions.listJobsForWorkflowRun({ diff --git a/.github/actions/install-latest-npm/action.yml b/.github/actions/install-latest-npm/action.yml index 8339dbf..580603d 100644 --- a/.github/actions/install-latest-npm/action.yml +++ b/.github/actions/install-latest-npm/action.yml @@ -44,7 +44,7 @@ runs: MATCH=$SPEC echo "Found compatible version: npm@$MATCH" break - fi + fi done if [ -z $MATCH ]; then diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml index ffe363d..c4d65de 100644 --- a/.github/workflows/audit.yml +++ b/.github/workflows/audit.yml @@ -8,6 +8,9 @@ on: # "At 08:00 UTC (01:00 PT) on Monday" https://crontab.guru/#0_8_*_*_1 - cron: "0 8 * * 1" +permissions: + contents: read + jobs: audit: name: Audit Dependencies diff --git a/.github/workflows/ci-release.yml b/.github/workflows/ci-release.yml index 279999f..226b91d 100644 --- a/.github/workflows/ci-release.yml +++ b/.github/workflows/ci-release.yml @@ -18,6 +18,10 @@ on: required: true type: string +permissions: + contents: read + checks: write + jobs: lint-all: name: Lint All @@ -61,7 +65,7 @@ jobs: run: npm run postlint --ignore-scripts - name: Conclude Check uses: LouisBrunner/checks-action@v1.6.0 - if: always() + if: steps.create-check.outputs.check-id && always() with: token: ${{ secrets.GITHUB_TOKEN }} conclusion: ${{ job.status }} @@ -119,7 +123,7 @@ jobs: run: npm test --ignore-scripts - name: Conclude Check uses: LouisBrunner/checks-action@v1.6.0 - if: always() + if: steps.create-check.outputs.check-id && always() with: token: ${{ secrets.GITHUB_TOKEN }} conclusion: ${{ job.status }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 882b3bf..fdda702 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -12,6 +12,9 @@ on: # "At 09:00 UTC (02:00 PT) on Monday" https://crontab.guru/#0_9_*_*_1 - cron: "0 9 * * 1" +permissions: + contents: read + jobs: lint: name: Lint diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 13efe1b..af848e1 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -13,6 +13,9 @@ on: # "At 10:00 UTC (03:00 PT) on Monday" https://crontab.guru/#0_10_*_*_1 - cron: "0 10 * * 1" +permissions: + contents: read + jobs: analyze: name: Analyze @@ -29,8 +32,8 @@ jobs: git config --global user.email "npm-cli+bot@github.com" git config --global user.name "npm CLI robot" - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@v3 with: languages: javascript - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@v3 diff --git a/.github/workflows/post-dependabot.yml b/.github/workflows/post-dependabot.yml index 2e13105..34cb8f9 100644 --- a/.github/workflows/post-dependabot.yml +++ b/.github/workflows/post-dependabot.yml @@ -49,7 +49,7 @@ jobs: id: flags run: | dependabot_dir="${{ steps.metadata.outputs.directory }}" - if [[ "$dependabot_dir" == "/" ]]; then + if [[ "$dependabot_dir" == "/" || "$dependabot_dir" == "/main" ]]; then echo "workspace=-iwr" >> $GITHUB_OUTPUT else # strip leading slash from directory so it works as a diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 2528406..475c1aa 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -10,6 +10,9 @@ on: - edited - synchronize +permissions: + contents: read + jobs: commitlint: name: Lint Commits diff --git a/.github/workflows/release-integration.yml b/.github/workflows/release-integration.yml index 0eeb1e0..d83f4e0 100644 --- a/.github/workflows/release-integration.yml +++ b/.github/workflows/release-integration.yml @@ -19,6 +19,10 @@ on: PUBLISH_TOKEN: required: true +permissions: + contents: read + id-token: write + jobs: publish: name: Publish diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2f1db1e..444209a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -244,6 +244,7 @@ jobs: if: needs.release.outputs.releases uses: ./.github/workflows/release-integration.yml permissions: + contents: read id-token: write secrets: PUBLISH_TOKEN: ${{ secrets.PUBLISH_TOKEN }} diff --git a/.gitignore b/.gitignore index e244d5a..51e0c53 100644 --- a/.gitignore +++ b/.gitignore @@ -2,17 +2,18 @@ # ignore everything in the root /* -# transient test directories -tap-testdir*/ -# keep these !**/.gitignore !/.commitlintrc.cjs +!/.eslint.config.js !/.eslintrc.cjs !/.eslintrc.local.* +!/.git-blame-ignore-revs !/.github/ !/.gitignore !/.npmrc +!/.prettierignore +!/.prettierrc.cjs !/.release-please-manifest.json !/bin/ !/CHANGELOG* @@ -31,3 +32,4 @@ tap-testdir*/ !/test/ !/tsconfig.json !/types/ +tap-testdir*/ diff --git a/.release-please-manifest.json b/.release-please-manifest.json index 895bf0e..969d3db 100644 --- a/.release-please-manifest.json +++ b/.release-please-manifest.json @@ -1,3 +1,3 @@ { - ".": "2.0.0" + ".": "2.1.0" } diff --git a/CHANGELOG.md b/CHANGELOG.md index 7925359..40173ec 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,17 @@ # Changelog +## [2.1.0](https://github.com/npm/types/compare/v2.0.0...v2.1.0) (2025-04-28) +### Features +* [`9780470`](https://github.com/npm/types/commit/978047035dbe14c3dafb65eaa31413a5f8a9d197) [#85](https://github.com/npm/types/pull/85) add devEngines (#85) (@reggi) +### Chores +* [`f8308cd`](https://github.com/npm/types/commit/f8308cdf83bead92de57d38bfba40755ee83ab40) [#115](https://github.com/npm/types/pull/115) postinstall workflow updates (#115) (@owlstronaut) +* [`96d8414`](https://github.com/npm/types/commit/96d84144cdd03e0ff5ed098287c9529550a8220b) [#113](https://github.com/npm/types/pull/113) bump @types/node from 22.14.0 to 22.14.1 (#113) (@dependabot[bot]) +* [`b2b779e`](https://github.com/npm/types/commit/b2b779e667998606770e65fcbbbdce106582e724) [#111](https://github.com/npm/types/pull/111) bump eslint-import-resolver-typescript from 3.10.0 to 4.3.2 (#111) (@dependabot[bot]) +* [`1787777`](https://github.com/npm/types/commit/1787777be536e7465bd32d9f2e7dc282d767780e) [#110](https://github.com/npm/types/pull/110) bump @types/node from 22.1.0 to 22.14.0 (#110) (@dependabot[bot]) +* [`6d3f319`](https://github.com/npm/types/commit/6d3f319a4e717e48da34cd636acfdc6e17e96362) [#78](https://github.com/npm/types/pull/78) bump @npmcli/eslint-config from 4.0.5 to 5.0.0 (@dependabot[bot]) +* [`f85ed36`](https://github.com/npm/types/commit/f85ed36b1f38860a440c7e7805375eed2ffe98eb) [#112](https://github.com/npm/types/pull/112) bump @npmcli/template-oss from 4.23.3 to 4.24.3 (#112) (@dependabot[bot], @npm-cli-bot) +* [`d721997`](https://github.com/npm/types/commit/d721997881c582f0f10514c513fafbfd739e8332) [#79](https://github.com/npm/types/pull/79) postinstall for dependabot template-oss PR (@hashtagchris) + ## [2.0.0](https://github.com/npm/types/compare/v1.0.2...v2.0.0) (2024-08-07) ### ⚠️ BREAKING CHANGES diff --git a/SECURITY.md b/SECURITY.md index 9cd2dea..4fe06a2 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -2,7 +2,7 @@ GitHub takes the security of our software products and services seriously, including the open source code repositories managed through our GitHub organizations, such as [GitHub](https://github.com/GitHub). -If you believe you have found a security vulnerability in this GitHub-owned open source repository, you can report it to us in one of two ways. +If you believe you have found a security vulnerability in this GitHub-owned open source repository, you can report it to us in one of two ways. If the vulnerability you have found is *not* [in scope for the GitHub Bug Bounty Program](https://bounty.github.com/#scope) or if you do not wish to be considered for a bounty reward, please report the issue to us directly through [opensource-security@github.com](mailto:opensource-security@github.com). diff --git a/package.json b/package.json index a332d85..c38c1c2 100644 --- a/package.json +++ b/package.json @@ -1,16 +1,17 @@ { "name": "@npm/types", - "version": "2.0.0", + "version": "2.1.0", "description": "Typescript definitions for npm registry content", "types": "./types/index.d.ts", "scripts": { - "lint": "eslint \"**/*.{js,cjs,ts,mjs,jsx,tsx}\"", + "lint": "npm run eslint", "postlint": "template-oss-check", "template-oss-apply": "template-oss-apply --force", - "lintfix": "npm run lint -- --fix", + "lintfix": "npm run eslint -- --fix", "snap": "tap", "test": "tap", - "posttest": "npm run lint" + "posttest": "npm run lint", + "eslint": "eslint \"**/*.{js,cjs,ts,mjs,jsx,tsx}\"" }, "keywords": [ "npm registry", @@ -25,11 +26,11 @@ "node": ">=18.6.0" }, "devDependencies": { - "@npmcli/eslint-config": "^4.0.4", - "@npmcli/template-oss": "4.22.0", - "@types/node": "22.1.0", + "@npmcli/eslint-config": "^5.0.0", + "@npmcli/template-oss": "4.24.3", + "@types/node": "22.14.1", "@typescript-eslint/parser": "^8.0.1", - "eslint-import-resolver-typescript": "^3.6.1", + "eslint-import-resolver-typescript": "^4.3.2", "tap": "^18.7.3", "typescript": "^5.4.5" }, @@ -44,7 +45,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.22.0", + "version": "4.24.3", "allowPaths": [ "/types/" ], @@ -59,6 +60,10 @@ "type": "module", "tap": { "typecheck": true, - "disable-coverage": true + "disable-coverage": true, + "show-full-coverage": true + }, + "nyc": { + "exclude": [] } } diff --git a/release-please-config.json b/release-please-config.json index 0a19d33..cc7337c 100644 --- a/release-please-config.json +++ b/release-please-config.json @@ -29,7 +29,7 @@ "hidden": true } ], - "prerelease-type": "pre", + "prerelease-type": "pre.0", "packages": { ".": { "package-name": "" diff --git a/types/index.d.ts b/types/index.d.ts index 293b1e0..ac4432d 100644 --- a/types/index.d.ts +++ b/types/index.d.ts @@ -86,6 +86,20 @@ interface Dist { unpackedSize?: number } +interface DevEngineDependency { + name: string + version?: string + onFail?: 'ignore' | 'warn' | 'error' | 'download' +} + +interface DevEngines { + os?: DevEngineDependency | DevEngineDependency[] + cpu?: DevEngineDependency | DevEngineDependency[] + libc?: DevEngineDependency | DevEngineDependency[] + runtime?: DevEngineDependency | DevEngineDependency[] + packageManager?: DevEngineDependency | DevEngineDependency[] +} + // this is in the tarball for the project. it really could have anything in it. export interface PackageJSON { author?: Contact | string @@ -100,6 +114,7 @@ export interface PackageJSON { dependencies?: Record description?: string devDependencies?: Record + devEngines?: DevEngines directories?: Record engines?: Record files?: string[]