diff --git a/deps/npm/.npmignore b/deps/npm/.npmignore index aacaa8f822..b900574578 100644 --- a/deps/npm/.npmignore +++ b/deps/npm/.npmignore @@ -12,6 +12,7 @@ node_modules/.bin node_modules/npm-registry-mock /npmrc /release/ +/coverage/ # don't need these in the npm package. html/*.png diff --git a/deps/npm/CHANGELOG.md b/deps/npm/CHANGELOG.md index 8c7be54346..df3e2ba22f 100644 --- a/deps/npm/CHANGELOG.md +++ b/deps/npm/CHANGELOG.md @@ -1,3 +1,23 @@ +## v7.4.3 (2021-01-21) + +### DOCUMENTATION + +* [`ec1f06d06`](https://github.com/npm/cli/commit/ec1f06d06447a29c74bee063cff103ede7a2111b) + [#2498](https://github.com/npm/cli/issues/2498) + docs(npm): update `npm` docs + ([@darcyclarke](https://github.com/darcyclarke)) + +### DEPENDENCIES +* [`bc23284cd`](https://github.com/npm/cli/commit/bc23284cd5c4cc4532875aff14df94213727a509) + [#2511](https://github.com/npm/cli/issues/2511) + remove coverage files + ([@ruyadorno](https://github.com/ruyadorno)) +* [`fcbc676b8`](https://github.com/npm/cli/commit/fcbc676b88e1b7c8d01a3799683cd388a82c44d6) + `pacote@11.2.3` +* [`ebd3a24ff`](https://github.com/npm/cli/commit/ebd3a24ff8381f2def306136b745d1615fd6139f) + `@npmcli/arborist@2.0.6` + * Preserve git+https auth when provided + ## v7.4.2 (2021-01-15) ### DEPENDENCIES diff --git a/deps/npm/docs/content/commands/npm.md b/deps/npm/docs/content/commands/npm.md index d0489187e1..dd7da2f18a 100644 --- a/deps/npm/docs/content/commands/npm.md +++ b/deps/npm/docs/content/commands/npm.md @@ -133,19 +133,12 @@ See [`config`](/using-npm/config) for much much more information. Patches welcome! If you would like to contribute, but don't know what to work on, read -the contributing guidelines and check the issues list. - -* [CONTRIBUTING.md](https://github.com/npm/cli/blob/latest/CONTRIBUTING.md) -* [Bug tracker](https://github.com/npm/cli/issues) +the [contributing guidelines](https://github.com/npm/cli/blob/latest/CONTRIBUTING.md) +and check the issues list. ### Bugs -When you find issues, please report them: - -* web: - -* archived web: - +When you find issues, please report them: Be sure to follow the template and bug reporting guidelines. @@ -159,13 +152,6 @@ Or suggest formal RFC proposals: * -### Author - -[Isaac Z. Schlueter](http://blog.izs.me/) :: -[isaacs](https://github.com/isaacs/) :: -[@izs](https://twitter.com/izs) :: - - ### See Also * [npm help](/commands/npm-help) * [package.json](/configuring-npm/package-json) diff --git a/deps/npm/docs/output/commands/npm-ls.html b/deps/npm/docs/output/commands/npm-ls.html index 9ba191b1fc..15d1bbc99f 100644 --- a/deps/npm/docs/output/commands/npm-ls.html +++ b/deps/npm/docs/output/commands/npm-ls.html @@ -159,7 +159,7 @@ tree at all, use npm explain the results to only the paths to the packages named. Note that nested packages will also show the paths to the specified packages. For example, running npm ls promzard in npm’s source tree will show:

-
npm@7.4.2 /path/to/npm
+
npm@7.4.3 /path/to/npm
 └─┬ init-package-json@0.0.4
   └── promzard@0.1.5
 

diff --git a/deps/npm/docs/output/commands/npm.html b/deps/npm/docs/output/commands/npm.html
index 4533f7947f..03d4c92821 100644
--- a/deps/npm/docs/output/commands/npm.html
+++ b/deps/npm/docs/output/commands/npm.html
@@ -141,14 +141,14 @@ npm command-line interface
 
 

 
Table of contents

-

+

 

 
 
Synopsis

 
npm <command> [args]
 

 
Version

-
7.4.2

+
7.4.3

 
Description

 
npm is the package manager for the Node JavaScript platform.  It puts
 modules in place so that node can find them, and manages dependency
@@ -246,19 +246,10 @@ lib/utils/config-defs.js.  These must not be changed.
 
Contributions

 
Patches welcome!

 
If you would like to contribute, but don’t know what to work on, read
-the contributing guidelines and check the issues list.

-
+the contributing guidelines
+and check the issues list.

 
Bugs

-
When you find issues, please report them:

-
+
When you find issues, please report them: https://github.com/npm/cli/issues

 
Be sure to follow the template and bug reporting guidelines.

 
Feature Requests

 
Discuss new feature ideas on our discussion forum:

@@ -269,11 +260,6 @@ the contributing guidelines and check the issues list.

 
-
Author

-
Isaac Z. Schlueter ::
-isaacs ::
-@izs ::
-i@izs.me

 
See Also

 
    
 
  • npm help
    • 
diff --git a/deps/npm/man/man1/npm-ls.1 b/deps/npm/man/man1/npm-ls.1
index 694cd576a4..0a90b74952 100644
--- a/deps/npm/man/man1/npm-ls.1
+++ b/deps/npm/man/man1/npm-ls.1
@@ -26,7 +26,7 @@ example, running \fBnpm ls promzard\fP in npm's source tree will show:
 .P
 .RS 2
 .nf
-npm@7\.4\.2 /path/to/npm
+npm@7\.4\.3 /path/to/npm
 └─┬ init\-package\-json@0\.0\.4
   └── promzard@0\.1\.5
 .fi
diff --git a/deps/npm/man/man1/npm.1 b/deps/npm/man/man1/npm.1
index c94fb2515c..a75dc70db9 100644
--- a/deps/npm/man/man1/npm.1
+++ b/deps/npm/man/man1/npm.1
@@ -10,7 +10,7 @@ npm  [args]
 .RE
 .SS Version
 .P
-7\.4\.2
+7\.4\.3
 .SS Description
 .P
 npm is the package manager for the Node JavaScript platform\.  It puts
@@ -141,26 +141,11 @@ See npm help \fBconfig\fP for much much more information\.
 Patches welcome!
 .P
 If you would like to contribute, but don't know what to work on, read
-the contributing guidelines and check the issues list\.
-.RS 0
-.IP \(bu 2
-CONTRIBUTING\.md \fIhttps://github\.com/npm/cli/blob/latest/CONTRIBUTING\.md\fR
-.IP \(bu 2
-Bug tracker \fIhttps://github\.com/npm/cli/issues\fR
-
-.RE
+the contributing guidelines \fIhttps://github\.com/npm/cli/blob/latest/CONTRIBUTING\.md\fR
+and check the issues list\.
 .SS Bugs
 .P
-When you find issues, please report them:
-.RS 0
-.IP \(bu 2
-web:
-https://github\.com/npm/npm/issues
-.IP \(bu 2
-archived web:
-https://npm\.community/c/bugs
-
-.RE
+When you find issues, please report them: https://github\.com/npm/cli/issues
 .P
 Be sure to follow the template and bug reporting guidelines\.
 .SS Feature Requests
@@ -178,12 +163,6 @@ Or suggest formal RFC proposals:
 https://github\.com/npm/rfcs
 
 .RE
-.SS Author
-.P
-Isaac Z\. Schlueter \fIhttp://blog\.izs\.me/\fR ::
-isaacs \fIhttps://github\.com/isaacs/\fR ::
-@izs \fIhttps://twitter\.com/izs\fR ::
-i@izs\.me
 .SS See Also
 .RS 0
 .IP \(bu 2
diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js
index 5375b6df4c..d916b49c22 100644
--- a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js
+++ b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js
@@ -830,9 +830,14 @@ module.exports = cls => class Reifier extends cls {
           const pname = child.package.name
           const alias = name !== pname
           updateDepSpec(pkg, name, (alias ? `npm:${pname}@` : '') + range)
-        } else if (req.hosted)
-          updateDepSpec(pkg, name, req.hosted.shortcut({ noCommittish: false }))
-        else
+        } else if (req.hosted) {
+          // save the git+https url if it has auth, otherwise shortcut
+          const h = req.hosted
+          const opt = { noCommittish: false }
+          const save = h.https && h.auth ? `git+${h.https(opt)}`
+            : h.shortcut(opt)
+          updateDepSpec(pkg, name, save)
+        } else
           updateDepSpec(pkg, name, req.saveSpec)
       }
 
diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/consistent-resolve.js b/deps/npm/node_modules/@npmcli/arborist/lib/consistent-resolve.js
index 5d648de5bd..3227648241 100644
--- a/deps/npm/node_modules/@npmcli/arborist/lib/consistent-resolve.js
+++ b/deps/npm/node_modules/@npmcli/arborist/lib/consistent-resolve.js
@@ -9,6 +9,7 @@ const consistentResolve = (resolved, fromPath, toPath, relPaths = false) => {
     return null
 
   try {
+    const hostedOpt = { noCommittish: false }
     const {
       fetchSpec,
       saveSpec,
@@ -20,7 +21,9 @@ const consistentResolve = (resolved, fromPath, toPath, relPaths = false) => {
     const isPath = type === 'file' || type === 'directory'
     return isPath && !relPaths ? `file:${fetchSpec}`
       : isPath ? 'file:' + (toPath ? relpath(toPath, fetchSpec) : fetchSpec)
-      : hosted ? 'git+' + hosted.sshurl({ noCommittish: false })
+      : hosted ? `git+${
+        hosted.auth ? hosted.https(hostedOpt) : hosted.sshurl(hostedOpt)
+      }`
       : type === 'git' ? saveSpec
       // always return something.  'foo' is interpreted as 'foo@' otherwise.
       : rawSpec === '' && raw.slice(-1) !== '@' ? raw
diff --git a/deps/npm/node_modules/@npmcli/arborist/package.json b/deps/npm/node_modules/@npmcli/arborist/package.json
index 1a46daa190..fafd1fb0f8 100644
--- a/deps/npm/node_modules/@npmcli/arborist/package.json
+++ b/deps/npm/node_modules/@npmcli/arborist/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@npmcli/arborist",
-  "version": "2.0.5",
+  "version": "2.0.6",
   "description": "Manage node_modules trees",
   "dependencies": {
     "@npmcli/installed-package-contents": "^1.0.5",
@@ -20,7 +20,7 @@
     "npm-package-arg": "^8.1.0",
     "npm-pick-manifest": "^6.1.0",
     "npm-registry-fetch": "^9.0.0",
-    "pacote": "^11.2.1",
+    "pacote": "^11.2.3",
     "parse-conflict-json": "^1.1.1",
     "promise-all-reject-late": "^1.0.0",
     "promise-call-limit": "^1.0.1",
diff --git a/deps/npm/node_modules/pacote/lib/fetcher.js b/deps/npm/node_modules/pacote/lib/fetcher.js
index a0a1447a31..c4e5852daf 100644
--- a/deps/npm/node_modules/pacote/lib/fetcher.js
+++ b/deps/npm/node_modules/pacote/lib/fetcher.js
@@ -47,6 +47,8 @@ class FetcherBase {
       throw new TypeError('options object is required')
     this.spec = npa(spec, opts.where)
 
+    this.allowGitIgnore = !!opts.allowGitIgnore
+
     // a bit redundant because presumably the caller already knows this,
     // but it makes it easier to not have to keep track of the requested
     // spec when we're dispatching thousands of these at once, and normalizing
@@ -414,7 +416,7 @@ class FetcherBase {
           const base = basename(entry.path)
           if (base === '.npmignore')
             sawIgnores.add(entry.path)
-          else if (base === '.gitignore') {
+          else if (base === '.gitignore' && !this.allowGitIgnore) {
             // rename, but only if there's not already a .npmignore
             const ni = entry.path.replace(/\.gitignore$/, '.npmignore')
             if (sawIgnores.has(ni))
diff --git a/deps/npm/node_modules/pacote/lib/git.js b/deps/npm/node_modules/pacote/lib/git.js
index 81f7ca2567..406ab5c600 100644
--- a/deps/npm/node_modules/pacote/lib/git.js
+++ b/deps/npm/node_modules/pacote/lib/git.js
@@ -24,13 +24,16 @@ const _cloneRepo = Symbol('_cloneRepo')
 const _setResolvedWithSha = Symbol('_setResolvedWithSha')
 const _prepareDir = Symbol('_prepareDir')
 
-// get the repository url.  prefer ssh, fall back to git://
+// get the repository url.
+// prefer https if there's auth, since ssh will drop that.
+// otherwise, prefer ssh if available (more secure).
 // We have to add the git+ back because npa suppresses it.
-const repoUrl = (hosted, opts) =>
-  hosted.sshurl && addGitPlus(hosted.sshurl(opts)) ||
-  hosted.https && addGitPlus(hosted.https(opts))
+const repoUrl = (h, opts) =>
+  h.sshurl && !(h.https && h.auth) && addGitPlus(h.sshurl(opts)) ||
+  h.https && addGitPlus(h.https(opts))
 
-const addGitPlus = url => url && `git+${url}`
+// add git+ to the url, but only one time.
+const addGitPlus = url => url && `git+${url}`.replace(/^(git\+)+/, 'git+')
 
 class GitFetcher extends Fetcher {
   constructor (spec, opts) {
@@ -51,6 +54,11 @@ class GitFetcher extends Fetcher {
       this.resolvedSha = ''
   }
 
+  // just exposed to make it easier to test all the combinations
+  static repoUrl (hosted, opts) {
+    return repoUrl(hosted, opts)
+  }
+
   get types () {
     return ['git']
   }
@@ -69,13 +77,16 @@ class GitFetcher extends Fetcher {
   }
 
   // first try https, since that's faster and passphrase-less for
-  // public repos.  Fall back to SSH to support private repos.
-  // NB: we always store the SSH url in the 'resolved' field.
+  // public repos, and supports private repos when auth is provided.
+  // Fall back to SSH to support private repos
+  // NB: we always store the https url in resolved field if auth
+  // is present, otherwise ssh if the hosted type provides it
   [_resolvedFromHosted] (hosted) {
     return this[_resolvedFromRepo](hosted.https && hosted.https())
       .catch(er => {
         const ssh = hosted.sshurl && hosted.sshurl()
-        if (!ssh)
+        // no fallthrough if we can't fall through or have https auth
+        if (!ssh || hosted.auth)
           throw er
         return this[_resolvedFromRepo](ssh)
       })
@@ -121,9 +132,11 @@ class GitFetcher extends Fetcher {
   // either a git url with a hash, or a tarball download URL
   [_addGitSha] (sha) {
     if (this.spec.hosted) {
-      this[_setResolvedWithSha](
-        this.spec.hosted.shortcut({ noCommittish: true }) + '#' + sha
-      )
+      const h = this.spec.hosted
+      const opt = { noCommittish: true }
+      const base = h.https && h.auth ? h.https(opt) : h.shortcut(opt)
+
+      this[_setResolvedWithSha](`${base}#${sha}`)
     } else {
       const u = url.format(new url.URL(`#${sha}`, this.spec.rawSpec))
       this[_setResolvedWithSha](url.format(u))
@@ -207,6 +220,7 @@ class GitFetcher extends Fetcher {
         const nameat = this.spec.name ? `${this.spec.name}@` : ''
         return new RemoteFetcher(h.tarball({ noCommittish: false }), {
           ...this.opts,
+          allowGitIgnore: true,
           pkgid: `git:${nameat}${this.resolved}`,
           resolved: this.resolved,
           integrity: null, // it'll always be different, if we have one
@@ -231,14 +245,19 @@ class GitFetcher extends Fetcher {
     })
   }
 
+  // first try https, since that's faster and passphrase-less for
+  // public repos, and supports private repos when auth is provided.
+  // Fall back to SSH to support private repos
+  // NB: we always store the https url in resolved field if auth
+  // is present, otherwise ssh if the hosted type provides it
   [_cloneHosted] (ref, tmp) {
     const hosted = this.spec.hosted
     const https = hosted.https()
     return this[_cloneRepo](hosted.https({ noCommittish: true }), ref, tmp)
       .catch(er => {
         const ssh = hosted.sshurl && hosted.sshurl({ noCommittish: true })
-        /* istanbul ignore if - should be covered by the resolve() call */
-        if (!ssh)
+        // no fallthrough if we can't fall through or have https auth
+        if (!ssh || hosted.auth)
           throw er
         return this[_cloneRepo](ssh, ref, tmp)
       })
diff --git a/deps/npm/node_modules/pacote/package.json b/deps/npm/node_modules/pacote/package.json
index 8de6a07a24..b55685a48b 100644
--- a/deps/npm/node_modules/pacote/package.json
+++ b/deps/npm/node_modules/pacote/package.json
@@ -1,6 +1,6 @@
 {
   "name": "pacote",
-  "version": "11.2.1",
+  "version": "11.2.3",
   "description": "JavaScript package downloader",
   "author": "Isaac Z. Schlueter  (https://izs.me)",
   "bin": {
diff --git a/deps/npm/package.json b/deps/npm/package.json
index d2bbe02cae..da6175dfe8 100644
--- a/deps/npm/package.json
+++ b/deps/npm/package.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.4.2",
+  "version": "7.4.3",
   "name": "npm",
   "description": "a package manager for JavaScript",
   "keywords": [
@@ -42,7 +42,7 @@
     "./package.json": "./package.json"
   },
   "dependencies": {
-    "@npmcli/arborist": "^2.0.5",
+    "@npmcli/arborist": "^2.0.6",
     "@npmcli/ci-detect": "^1.2.0",
     "@npmcli/config": "^1.2.8",
     "@npmcli/run-script": "^1.8.1",
@@ -90,7 +90,7 @@
     "npm-user-validate": "^1.0.1",
     "npmlog": "~4.1.2",
     "opener": "^1.5.2",
-    "pacote": "^11.2.1",
+    "pacote": "^11.2.3",
     "parse-conflict-json": "^1.1.1",
     "qrcode-terminal": "^0.12.0",
     "read": "~1.0.7",
@@ -180,7 +180,7 @@
   ],
   "devDependencies": {
     "cmark-gfm": "^0.8.5",
-    "eslint": "^7.14.0",
+    "eslint": "^7.18.0",
     "eslint-plugin-import": "^2.22.1",
     "eslint-plugin-node": "^11.1.0",
     "eslint-plugin-promise": "^4.2.1",