docs(logging): replace proceeding with preceding in loglevels details…#2
Open
Aigle9 wants to merge 518 commits intoAigle9:latestfrom
Open
docs(logging): replace proceeding with preceding in loglevels details…#2Aigle9 wants to merge 518 commits intoAigle9:latestfrom
Aigle9 wants to merge 518 commits intoAigle9:latestfrom
Conversation
owlstronaut
force-pushed
the
latest
branch
2 times, most recently
from
85ec0c9 to
26b6454
Compare
peer deps flags, again
This pull request introduces extensive enhancements to the npm token management command, adding support for creating Granular Access Tokens (GATs) with fine-grained permissions. It updates the CLI interface, configuration, and documentation to allow users to specify token details such as name, description, expiration, package/scope/org restrictions, permission levels, and bypassing two-factor authentication. The changes also improve error messaging and ensure all new options are reflected in the config and docs. --------- Co-authored-by: Gar <gar+gh@danger.computer>
Fix a race condition in `withLock` where a slow `fs.stat` call could result in an ECOMPROMISED false positive. Due to the usage of `setInterval`, one callback could mutate `mtime` just before an overlapping callback's `fs.stat` promise has resolved, causing a mismatch. By switching to `setTimeout`, we ensure that we don't have overlapping callbacks and incorrect values. Additionally bump the stale threshold higher, to reduce the likelihood of another caller taking over a seemingly-stale-but-actually-active lock. Under Windows in particular, `fs.stat` [has been observed](#8710 (comment)) to sometimes take over 20 seconds, so we should err on the side of a higher threshold before we judge a lock as stale. The minor potential downside is that we might wait longer before taking over a stale lock, but lock takeover is already a very exceptional case (i.e. it would typically only happen if another process was SIGKILLed while holding the same lock) ## Testing Notes - Added a new test to cover this scenario - Verified [the failure](https://github.com/jenseng/cli/actions/runs/19373681768/job/55435674539) and [the fix](https://github.com/jenseng/cli/actions/runs/19373765497/job/55435952370) via one-off GHA workflow that does `npx --yes jest --version` ## References Fixes #8710
Clarify requirements for relative paths in npm publish. This adds clarification on relative path support directly to the npm publish documentation. Currently, this documentation only alludes to package spec in the "see also" section, leaving it unclear that the unprefixed relative paths that are supported by most other tools will fail here. Enhancing this documentation is important since unprefixed relative paths result in surprising error messages that do not hint at the appropriate solution. ## References Related to #2796
BREAKING CHANGE: The `npm adduser` command has been removed. Create and manage user accounts on the npm website, and use `npm login` to authenticate on the command line.
…encies (#9221) A shared dependency of two or more umet optional dependencies, where no other package in the tree also depends on that shared package, does not need to be installed. This removes packages currently marked as extraneous from trees where one or more failed-optional (platform-specific) packages share a transitive dependency, with `@emnapi/runtime` being a good example of this. Before: ``` $ node /path/to/cli/bin/npm-cli.js install sharp@0.35.0-rc.2 added 9 packages in 325ms $ npm ls --all ├─┬ @emnapi/runtime@1.9.2 extraneous │ └── tslib@2.8.1 deduped ├─┬ @img/sharp-wasm32@0.35.0-rc.2 extraneous │ └── @emnapi/runtime@1.9.2 deduped ├─┬ sharp@0.35.0-rc.2 │ ├── @img/colour@1.1.0 │ ├── UNMET OPTIONAL DEPENDENCY @img/sharp-darwin-arm64@0.35.0-rc.2 │ ├── UNMET OPTIONAL DEPENDENCY @img/sharp-darwin-x64@0.35.0-rc.2 │ ├── UNMET OPTIONAL DEPENDENCY @img/sharp-freebsd-wasm32@0.35.0-rc.2 │ ├── UNMET OPTIONAL DEPENDENCY @img/sharp-libvips-darwin-arm64@1.3.0-rc.4 │ ├── UNMET OPTIONAL DEPENDENCY @img/sharp-libvips-darwin-x64@1.3.0-rc.4 │ ├── UNMET OPTIONAL DEPENDENCY @img/sharp-libvips-linux-arm@1.3.0-rc.4 │ ├── UNMET OPTIONAL DEPENDENCY @img/sharp-libvips-linux-arm64@1.3.0-rc.4 │ ├── UNMET OPTIONAL DEPENDENCY @img/sharp-libvips-linux-ppc64@1.3.0-rc.4 │ ├── UNMET OPTIONAL DEPENDENCY @img/sharp-libvips-linux-riscv64@1.3.0-rc.4 │ ├── UNMET OPTIONAL DEPENDENCY @img/sharp-libvips-linux-s390x@1.3.0-rc.4 │ ├── @img/sharp-libvips-linux-x64@1.3.0-rc.4 │ ├── UNMET OPTIONAL DEPENDENCY @img/sharp-libvips-linuxmusl-arm64@1.3.0-rc.4 │ ├── UNMET OPTIONAL DEPENDENCY @img/sharp-libvips-linuxmusl-x64@1.3.0-rc.4 │ ├── UNMET OPTIONAL DEPENDENCY @img/sharp-linux-arm@0.35.0-rc.2 │ ├── UNMET OPTIONAL DEPENDENCY @img/sharp-linux-arm64@0.35.0-rc.2 │ ├── UNMET OPTIONAL DEPENDENCY @img/sharp-linux-ppc64@0.35.0-rc.2 │ ├── UNMET OPTIONAL DEPENDENCY @img/sharp-linux-riscv64@0.35.0-rc.2 │ ├── UNMET OPTIONAL DEPENDENCY @img/sharp-linux-s390x@0.35.0-rc.2 │ ├─┬ @img/sharp-linux-x64@0.35.0-rc.2 │ │ └── @img/sharp-libvips-linux-x64@1.3.0-rc.4 deduped │ ├── UNMET OPTIONAL DEPENDENCY @img/sharp-linuxmusl-arm64@0.35.0-rc.2 │ ├── UNMET OPTIONAL DEPENDENCY @img/sharp-linuxmusl-x64@0.35.0-rc.2 │ ├── UNMET OPTIONAL DEPENDENCY @img/sharp-webcontainers-wasm32@0.35.0-rc.2 │ ├── UNMET OPTIONAL DEPENDENCY @img/sharp-win32-arm64@0.35.0-rc.2 │ ├── UNMET OPTIONAL DEPENDENCY @img/sharp-win32-ia32@0.35.0-rc.2 │ ├── UNMET OPTIONAL DEPENDENCY @img/sharp-win32-x64@0.35.0-rc.2 │ ├── detect-libc@2.1.2 │ └── semver@7.7.4 └── tslib@2.8.1 extraneous $ du -s node_modules/ 28824 node_modules/ ``` After: ``` $ node /path/to/cli/bin/npm-cli.js install sharp@0.35.0-rc.2 added 6 packages in 1s $ npm ls --all └─┬ sharp@0.35.0-rc.2 ├── @img/colour@1.1.0 ├── UNMET OPTIONAL DEPENDENCY @img/sharp-darwin-arm64@0.35.0-rc.2 ├── UNMET OPTIONAL DEPENDENCY @img/sharp-darwin-x64@0.35.0-rc.2 ├── UNMET OPTIONAL DEPENDENCY @img/sharp-freebsd-wasm32@0.35.0-rc.2 ├── UNMET OPTIONAL DEPENDENCY @img/sharp-libvips-darwin-arm64@1.3.0-rc.4 ├── UNMET OPTIONAL DEPENDENCY @img/sharp-libvips-darwin-x64@1.3.0-rc.4 ├── UNMET OPTIONAL DEPENDENCY @img/sharp-libvips-linux-arm@1.3.0-rc.4 ├── UNMET OPTIONAL DEPENDENCY @img/sharp-libvips-linux-arm64@1.3.0-rc.4 ├── UNMET OPTIONAL DEPENDENCY @img/sharp-libvips-linux-ppc64@1.3.0-rc.4 ├── UNMET OPTIONAL DEPENDENCY @img/sharp-libvips-linux-riscv64@1.3.0-rc.4 ├── UNMET OPTIONAL DEPENDENCY @img/sharp-libvips-linux-s390x@1.3.0-rc.4 ├── @img/sharp-libvips-linux-x64@1.3.0-rc.4 ├── UNMET OPTIONAL DEPENDENCY @img/sharp-libvips-linuxmusl-arm64@1.3.0-rc.4 ├── UNMET OPTIONAL DEPENDENCY @img/sharp-libvips-linuxmusl-x64@1.3.0-rc.4 ├── UNMET OPTIONAL DEPENDENCY @img/sharp-linux-arm@0.35.0-rc.2 ├── UNMET OPTIONAL DEPENDENCY @img/sharp-linux-arm64@0.35.0-rc.2 ├── UNMET OPTIONAL DEPENDENCY @img/sharp-linux-ppc64@0.35.0-rc.2 ├── UNMET OPTIONAL DEPENDENCY @img/sharp-linux-riscv64@0.35.0-rc.2 ├── UNMET OPTIONAL DEPENDENCY @img/sharp-linux-s390x@0.35.0-rc.2 ├─┬ @img/sharp-linux-x64@0.35.0-rc.2 │ └── @img/sharp-libvips-linux-x64@1.3.0-rc.4 deduped ├── UNMET OPTIONAL DEPENDENCY @img/sharp-linuxmusl-arm64@0.35.0-rc.2 ├── UNMET OPTIONAL DEPENDENCY @img/sharp-linuxmusl-x64@0.35.0-rc.2 ├── UNMET OPTIONAL DEPENDENCY @img/sharp-webcontainers-wasm32@0.35.0-rc.2 ├── UNMET OPTIONAL DEPENDENCY @img/sharp-win32-arm64@0.35.0-rc.2 ├── UNMET OPTIONAL DEPENDENCY @img/sharp-win32-ia32@0.35.0-rc.2 ├── UNMET OPTIONAL DEPENDENCY @img/sharp-win32-x64@0.35.0-rc.2 ├── detect-libc@2.1.2 └── semver@7.7.4 $ du -s node_modules/ 18336 node_modules/ ``` ## References Fixes #8832
## Summary Adds `u` as a short alias for the `update` command, making it consistent with `i` for `install`. ## Motivation `npm i` is the canonical short form for `npm install` — the most commonly used npm command. However, `npm update` lacks an equivalent single-character alias. The existing `npm up` alias works, but feels inconsistent compared to `i`. Adding `u` makes the CLI more ergonomic and intuitive: ```sh npm i # install ✅ already exists npm u # update ✅ this PR ``` ## Changes - Added `u: 'update'` alias in `lib/utils/cmd-list.js`, grouped alongside the existing `up: 'update'` alias ## Notes - `u` is not currently used by any other alias or command, so there is no conflict - Follows the same pattern as other single-character aliases (`i`, `r`, `t`, `c`, `s`, `v`, `x`)
BREAKING CHANGE: the `star`, `stars` and `unstar` commands have been removed fixes npm/statusboard#1087
BREAKING CHANGE: the --json output of `npm pack` and `npm publish` have changed. They are now always consistent, and in the same format. Previously, `npm pack` would output an array of entries and `npm publish` an object. The `npm publish` object also changed forms depending on if workspaces were being published. Now, the output is always an object with the package name as the top level index. fixes npm/statusboard#1073
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
… (npm#8162)
Grammar fix for the docs regarding the loglevel hierarchy in the CLI logging docs.
References
Closes npm#8161