[pull] latest from npm:latest#14
Open
pull[bot] wants to merge 737 commits intoGraybar-codespace:latestfrom
Open
[pull] latest from npm:latest#14pull[bot] wants to merge 737 commits intoGraybar-codespace:latestfrom
pull[bot] wants to merge 737 commits intoGraybar-codespace:latestfrom
Conversation
![sourcery-ai[bot]](https://avatars.githubusercontent.com/in/48477?s=60&v=4){kind=small}
There was a problem hiding this comment.
The pull request #14 has too many files changed.
We can only review pull requests with up to 300 changed files, and this pull request has 587.
owlstronaut
force-pushed
the
latest
branch
2 times, most recently
from
85ec0c9 to
26b6454
Compare
Lint left over from #8645
In context this isn't a big deal, the extra slash is usually an artifact of path and url parsing. Linting will not warn about this now though.
The `C` parameter only informs tar where to read from, not where to write to, evidently.
- constructor logic was consolidated. It takes place in the main Arborist constructor when possible, allowing us to see all of the constructor at once and find any duplications or problems. It's evident that our approach to options/this.options needs some attention. - Some small single-use methods were inlined into the code that called them. In many cases this prevented re-pulling variables from `this`. - remove unused param from call to `#linkFromSpec`. The function is not expecting a fourth parameter. - remove unused private attributes, `#dryRun` and `#savePrefix` are not used anymore
Fixes [#8684](#8684) ### What / Why When running `npm token create`, the created authentication token was being redacted in the output, making it difficult for users to copy and use the token. This happened because npm's output system automatically applies redaction to sensitive information like tokens. ### How - Import `META` from `proc-log` to access output metadata options - Use `{ [META]: true, redact: false }` option in `output.standard()` to disable redaction for the token display line - This follows the established pattern used in other parts of the codebase (e.g., `lib/utils/open-url.js`) for displaying sensitive information that users need to see ### Testing - All existing tests pass - The fix preserves the existing output format and test expectations - Token is now displayed in full while maintaining proper formatting and colors ### Before Created publish token npm_*** ### After Created publish token npm_1a2b3c4d5e6f7g8h9i0j The token can now be copied and used directly without being obscured by npm's redaction system. Co-authored-by: Max Black <husivm@google.com>
Reordered one of the lines ("Actual:") of output of `EBADENGINE` error
in order to align it with the previous like ("Required"). The output is
now easier to comprehend.
Before the change (note 2 last lines):
```sh
$ npm i
npm error code EBADENGINE
npm error engine Unsupported engine
npm error engine Not compatible with your version of node/npm: undefined
npm error notsup Not compatible with your version of node/npm: undefined
npm error notsup Required: {"node":">=22.21.0 <23.0.0","npm":">=10.0.0"}
npm error notsup Actual: {"npm":"10.8.2","node":"v20.19.5"}
```
After the change:
```sh
[…]
npm error notsup Required: {"node":">=22.21.0 <23.0.0","npm":">=10.0.0"}
npm error notsup Actual: {"node":"v20.19.5","npm":"10.8.2"}
```
Co-authored-by: Piotr D <piotr.delinowski@baxenergy.com>
We build a virtual tree from the lockfile before we build the ideal tree so that we can compare the two and error if package.json differs from what was used to build the lockfile. The virtual tree includes optional deps in it that would otherwise be ignored when building the ideal tree. In order not to have `npm ci` fail in this situation we need to build the virtual tree separately, and start clean when building the ideal tree. This also brings in a few linting fixups.
# fix: clear exclusive sibling configs from env when one is set via CLI ## What's the problem? If you set an exclusive param via CLI (e.g. `--save-prod`) but a sibling (`npm_config_save_dev=true`) is already in the environment, child processes inherit both and crash with a conflict. This was also the root cause of the `--min-release-age` + `--before` issue in #9005. ## What changed When `setEnvs` exports a non-default exclusive config, it now resets that param's siblings to their defaults in the env — so child processes never see a conflict. Works generically for all exclusive pairs, not just this one. ## Tests Added a test for the case where `save-prod` is set via CLI while `save-dev` is already in env — verifies `save-dev` gets reset to its default. ## References Fixes #9005
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )