Skip to content

Commit

Permalink
deps: upgrade npm to 8.14.0
Browse files Browse the repository at this point in the history
PR-URL: #43826
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
  • Loading branch information
npm-cli-bot authored and targos committed Jul 31, 2022
1 parent a5e1620 commit e6baa8a
Show file tree
Hide file tree
Showing 133 changed files with 3,787 additions and 511 deletions.
9 changes: 4 additions & 5 deletions deps/npm/docs/content/commands/npm-adduser.md
Original file line number Diff line number Diff line change
Expand Up @@ -93,13 +93,12 @@ npm init --scope=@foo --yes
#### `auth-type`

* Default: "legacy"
* Type: "legacy", "webauthn", "sso", "saml", or "oauth"
* DEPRECATED: The SSO/SAML/OAuth methods are deprecated and will be removed in
a future version of npm in favor of web-based login.
* Type: "legacy", "web", "sso", "saml", "oauth", or "webauthn"

What authentication strategy to use with `adduser`/`login`.
NOTE: auth-type values "sso", "saml", "oauth", and "webauthn" will be
removed in a future version.

Pass `webauthn` to use a web-based login.
What authentication strategy to use with `login`.

<!-- automatically generated, do not edit manually -->
<!-- see lib/utils/config/definitions.js -->
Expand Down
13 changes: 12 additions & 1 deletion deps/npm/docs/content/commands/npm-audit.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ description: Run a security audit
<!-- see lib/commands/audit.js -->

```bash
npm audit [fix]
npm audit [fix|signatures]
```

<!-- automatically generated, do not edit manually -->
Expand Down Expand Up @@ -41,6 +41,17 @@ vulnerability is found. It may be useful in CI environments to include the
will cause the command to fail. This option does not filter the report
output, it simply changes the command's failure threshold.

### Audit Signatures

This command can also audit the integrity values of the packages in your
tree against any signatures present in the registry they were downloaded
from. npm will attempt to download the keys from `/-/npm/v1/keys` on
each the registry used to download any given package. It will then
check the `dist.signatures` object in the package itself, and verify the
`sig` present there using the `keyid` there, matching it with a key
returned from the registry. The command for this is `npm audit
signatures`

### Audit Endpoints

There are two audit endpoints that npm may use to fetch vulnerability
Expand Down
2 changes: 1 addition & 1 deletion deps/npm/docs/content/commands/npm.md
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,7 @@ following help topics:
done via [`npm install`](/commands/npm-install)
* adduser:
Create an account or log in. When you do this, npm will store
credentials in the user config file config file.
credentials in the user config file.
* publish:
Use the [`npm publish`](/commands/npm-publish) command to upload your
code to the registry.
Expand Down
2 changes: 1 addition & 1 deletion deps/npm/docs/content/configuring-npm/package-json.md
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,7 @@ IDs](https://spdx.org/licenses/). Ideally you should pick one that is

If your package is licensed under multiple common licenses, use an [SPDX
license expression syntax version 2.0
string](https://www.npmjs.com/package/spdx), like this:
string](https://spdx.dev/specifications/), like this:

```json
{
Expand Down
27 changes: 13 additions & 14 deletions deps/npm/docs/content/using-npm/config.md
Original file line number Diff line number Diff line change
Expand Up @@ -215,6 +215,19 @@ exit code.
<!-- automatically generated, do not edit manually -->
<!-- see lib/utils/config/definitions.js -->

#### `auth-type`

* Default: "legacy"
* Type: "legacy", "web", "sso", "saml", "oauth", or "webauthn"

NOTE: auth-type values "sso", "saml", "oauth", and "webauthn" will be
removed in a future version.

What authentication strategy to use with `login`.

<!-- automatically generated, do not edit manually -->
<!-- see lib/utils/config/definitions.js -->

#### `before`

* Default: null
Expand Down Expand Up @@ -1905,20 +1918,6 @@ When set to `dev` or `development`, this is an alias for `--include=dev`.
<!-- automatically generated, do not edit manually -->
<!-- see lib/utils/config/definitions.js -->

#### `auth-type`

* Default: "legacy"
* Type: "legacy", "webauthn", "sso", "saml", or "oauth"
* DEPRECATED: The SSO/SAML/OAuth methods are deprecated and will be removed in
a future version of npm in favor of web-based login.

What authentication strategy to use with `adduser`/`login`.

Pass `webauthn` to use a web-based login.

<!-- automatically generated, do not edit manually -->
<!-- see lib/utils/config/definitions.js -->

#### `cache-max`

* Default: Infinity
Expand Down
10 changes: 9 additions & 1 deletion deps/npm/docs/content/using-npm/scripts.md
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ There are some special life cycle scripts that happen only in certain
situations. These scripts happen in addition to the `pre<event>`, `post<event>`, and
`<event>` scripts.

* `prepare`, `prepublish`, `prepublishOnly`, `prepack`, `postpack`
* `prepare`, `prepublish`, `prepublishOnly`, `prepack`, `postpack`, `dependencies`

**prepare** (since `npm@4.0.0`)
* Runs any time before the package is packed, i.e. during `npm publish`
Expand Down Expand Up @@ -71,6 +71,10 @@ situations. These scripts happen in addition to the `pre<event>`, `post<event>`,
**postpack**
* Runs AFTER the tarball has been generated but before it is moved to its final destination (if at all, publish does not save the tarball locally)

**dependencies**
* Runs AFTER any operations that modify the `node_modules` directory IF changes occurred.
* Does NOT run in global mode

#### Prepare and Prepublish

**Deprecation Note: prepublish**
Expand All @@ -96,6 +100,10 @@ The advantage of doing these things at `prepublish` time is that they can be don
* You don't need to rely on your users having `curl` or `wget` or
other system tools on the target machines.

#### Dependencies

The `dependencies` script is run any time an `npm` command causes changes to the `node_modules` directory. It is run AFTER the changes have been applied and the `package.json` and `package-lock.json` files have been updated.

### Life Cycle Operation Order

#### [`npm cache add`](/commands/npm-cache)
Expand Down
8 changes: 4 additions & 4 deletions deps/npm/docs/content/using-npm/workspaces.md
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ structure of files and folders:
```
.
+-- node_modules
| `-- packages/a -> ../packages/a
| `-- a -> ../packages/a
+-- package-lock.json
+-- package.json
`-- packages
Expand Down Expand Up @@ -112,15 +112,15 @@ respect the provided `workspace` configuration.

Given the [specifities of how Node.js handles module resolution](https://nodejs.org/dist/latest-v14.x/docs/api/modules.html#modules_all_together) it's possible to consume any defined workspace
by its declared `package.json` `name`. Continuing from the example defined
above, let's also create a Node.js script that will require the `workspace-a`
above, let's also create a Node.js script that will require the workspace `a`
example module, e.g:

```
// ./workspace-a/index.js
// ./packages/a/index.js
module.exports = 'a'
// ./lib/index.js
const moduleA = require('workspace-a')
const moduleA = require('a')
console.log(moduleA) // -> a
```

Expand Down
9 changes: 4 additions & 5 deletions deps/npm/docs/output/commands/npm-adduser.html
Original file line number Diff line number Diff line change
Expand Up @@ -207,12 +207,11 @@ <h4 id="scope"><code>scope</code></h4>
<h4 id="auth-type"><code>auth-type</code></h4>
<ul>
<li>Default: "legacy"</li>
<li>Type: "legacy", "webauthn", "sso", "saml", or "oauth"</li>
<li>DEPRECATED: The SSO/SAML/OAuth methods are deprecated and will be removed in
a future version of npm in favor of web-based login.</li>
<li>Type: "legacy", "web", "sso", "saml", "oauth", or "webauthn"</li>
</ul>
<p>What authentication strategy to use with <code>adduser</code>/<code>login</code>.</p>
<p>Pass <code>webauthn</code> to use a web-based login.</p>
<p>NOTE: auth-type values "sso", "saml", "oauth", and "webauthn" will be
removed in a future version.</p>
<p>What authentication strategy to use with <code>login</code>.</p>
<!-- raw HTML omitted -->
<!-- raw HTML omitted -->
<!-- raw HTML omitted -->
Expand Down
12 changes: 10 additions & 2 deletions deps/npm/docs/output/commands/npm-audit.html
Original file line number Diff line number Diff line change
Expand Up @@ -142,14 +142,14 @@ <h1 id="npm-audit">npm-audit</h1>

<section id="table_of_contents">
<h2 id="table-of-contents">Table of contents</h2>
<div id="_table_of_contents"><ul><li><a href="#synopsis">Synopsis</a></li><li><a href="#description">Description</a></li><li><a href="#audit-endpoints">Audit Endpoints</a></li><ul><li><a href="#bulk-advisory-endpoint">Bulk Advisory Endpoint</a></li><li><a href="#quick-audit-endpoint">Quick Audit Endpoint</a></li><li><a href="#scrubbing">Scrubbing</a></li><li><a href="#calculating-meta-vulnerabilities-and-remediations">Calculating Meta-Vulnerabilities and Remediations</a></li></ul><li><a href="#exit-code">Exit Code</a></li><li><a href="#examples">Examples</a></li><li><a href="#configuration">Configuration</a></li><ul><li><a href="#audit-level"><code>audit-level</code></a></li><li><a href="#dry-run"><code>dry-run</code></a></li><li><a href="#force"><code>force</code></a></li><li><a href="#json"><code>json</code></a></li><li><a href="#package-lock-only"><code>package-lock-only</code></a></li><li><a href="#omit"><code>omit</code></a></li><li><a href="#foreground-scripts"><code>foreground-scripts</code></a></li><li><a href="#ignore-scripts"><code>ignore-scripts</code></a></li><li><a href="#workspace"><code>workspace</code></a></li><li><a href="#workspaces"><code>workspaces</code></a></li><li><a href="#include-workspace-root"><code>include-workspace-root</code></a></li><li><a href="#install-links"><code>install-links</code></a></li></ul><li><a href="#see-also">See Also</a></li></ul></div>
<div id="_table_of_contents"><ul><li><a href="#synopsis">Synopsis</a></li><li><a href="#description">Description</a></li><li><a href="#audit-signatures">Audit Signatures</a></li><li><a href="#audit-endpoints">Audit Endpoints</a></li><ul><li><a href="#bulk-advisory-endpoint">Bulk Advisory Endpoint</a></li><li><a href="#quick-audit-endpoint">Quick Audit Endpoint</a></li><li><a href="#scrubbing">Scrubbing</a></li><li><a href="#calculating-meta-vulnerabilities-and-remediations">Calculating Meta-Vulnerabilities and Remediations</a></li></ul><li><a href="#exit-code">Exit Code</a></li><li><a href="#examples">Examples</a></li><li><a href="#configuration">Configuration</a></li><ul><li><a href="#audit-level"><code>audit-level</code></a></li><li><a href="#dry-run"><code>dry-run</code></a></li><li><a href="#force"><code>force</code></a></li><li><a href="#json"><code>json</code></a></li><li><a href="#package-lock-only"><code>package-lock-only</code></a></li><li><a href="#omit"><code>omit</code></a></li><li><a href="#foreground-scripts"><code>foreground-scripts</code></a></li><li><a href="#ignore-scripts"><code>ignore-scripts</code></a></li><li><a href="#workspace"><code>workspace</code></a></li><li><a href="#workspaces"><code>workspaces</code></a></li><li><a href="#include-workspace-root"><code>include-workspace-root</code></a></li><li><a href="#install-links"><code>install-links</code></a></li></ul><li><a href="#see-also">See Also</a></li></ul></div>
</section>

<div id="_content"><h3 id="synopsis">Synopsis</h3>
<!-- raw HTML omitted -->
<!-- raw HTML omitted -->
<!-- raw HTML omitted -->
<pre lang="bash"><code>npm audit [fix]
<pre lang="bash"><code>npm audit [fix|signatures]
</code></pre>
<!-- raw HTML omitted -->
<!-- raw HTML omitted -->
Expand All @@ -170,6 +170,14 @@ <h3 id="description">Description</h3>
<code>--audit-level</code> parameter to specify the minimum vulnerability level that
will cause the command to fail. This option does not filter the report
output, it simply changes the command's failure threshold.</p>
<h3 id="audit-signatures">Audit Signatures</h3>
<p>This command can also audit the integrity values of the packages in your
tree against any signatures present in the registry they were downloaded
from. npm will attempt to download the keys from <code>/-/npm/v1/keys</code> on
each the registry used to download any given package. It will then
check the <code>dist.signatures</code> object in the package itself, and verify the
<code>sig</code> present there using the <code>keyid</code> there, matching it with a key
returned from the registry. The command for this is <code>npm audit signatures</code></p>
<h3 id="audit-endpoints">Audit Endpoints</h3>
<p>There are two audit endpoints that npm may use to fetch vulnerability
information: the <code>Bulk Advisory</code> endpoint and the <code>Quick Audit</code> endpoint.</p>
Expand Down
2 changes: 1 addition & 1 deletion deps/npm/docs/output/commands/npm-ls.html
Original file line number Diff line number Diff line change
Expand Up @@ -166,7 +166,7 @@ <h3 id="description">Description</h3>
the results to only the paths to the packages named. Note that nested
packages will <em>also</em> show the paths to the specified packages. For
example, running <code>npm ls promzard</code> in npm's source tree will show:</p>
<pre lang="bash"><code>npm@8.13.2 /path/to/npm
<pre lang="bash"><code>npm@8.14.0 /path/to/npm
└─┬ init-package-json@0.0.4
└── promzard@0.1.5
</code></pre>
Expand Down
4 changes: 2 additions & 2 deletions deps/npm/docs/output/commands/npm.html
Original file line number Diff line number Diff line change
Expand Up @@ -149,7 +149,7 @@ <h2 id="table-of-contents">Table of contents</h2>
<!-- raw HTML omitted -->
<!-- raw HTML omitted -->
<h3 id="version">Version</h3>
<p>8.13.2</p>
<p>8.14.0</p>
<h3 id="description">Description</h3>
<p>npm is the package manager for the Node JavaScript platform. It puts
modules in place so that node can find them, and manages dependency
Expand Down Expand Up @@ -219,7 +219,7 @@ <h3 id="developer-usage">Developer Usage</h3>
done via <a href="../commands/npm-install.html"><code>npm install</code></a></li>
<li>adduser:
Create an account or log in. When you do this, npm will store
credentials in the user config file config file.</li>
credentials in the user config file.</li>
<li>publish:
Use the <a href="../commands/npm-publish.html"><code>npm publish</code></a> command to upload your
code to the registry.</li>
Expand Down
2 changes: 1 addition & 1 deletion deps/npm/docs/output/configuring-npm/package-json.html
Original file line number Diff line number Diff line change
Expand Up @@ -231,7 +231,7 @@ <h3 id="license">license</h3>
<p>You can check <a href="https://spdx.org/licenses/">the full list of SPDX license
IDs</a>. Ideally you should pick one that is
<a href="https://opensource.org/licenses/alphabetical">OSI</a> approved.</p>
<p>If your package is licensed under multiple common licenses, use an <a href="https://www.npmjs.com/package/spdx">SPDX
<p>If your package is licensed under multiple common licenses, use an <a href="https://spdx.dev/specifications/">SPDX
license expression syntax version 2.0
string</a>, like this:</p>
<pre lang="json"><code>{
Expand Down
Loading

0 comments on commit e6baa8a

Please sign in to comment.