Create a new pull request by comparing changes across two branches

.release-please-manifest.json

@@ -1,15 +1,15 @@
 {
-  ".": "10.9.0",
-  "workspaces/arborist": "8.0.0",
-  "workspaces/libnpmaccess": "9.0.0",
-  "workspaces/libnpmdiff": "7.0.0",
-  "workspaces/libnpmexec": "9.0.0",
-  "workspaces/libnpmfund": "6.0.0",
-  "workspaces/libnpmorg": "7.0.0",
-  "workspaces/libnpmpack": "8.0.0",
-  "workspaces/libnpmpublish": "10.0.0",
-  "workspaces/libnpmsearch": "8.0.0",
-  "workspaces/libnpmteam": "7.0.0",
-  "workspaces/libnpmversion": "7.0.0",
-  "workspaces/config": "9.0.0"
+  ".": "11.0.0",
+  "workspaces/arborist": "9.0.0",
+  "workspaces/libnpmaccess": "10.0.0",
+  "workspaces/libnpmdiff": "8.0.0",
+  "workspaces/libnpmexec": "10.0.0",
+  "workspaces/libnpmfund": "7.0.0",
+  "workspaces/libnpmorg": "8.0.0",
+  "workspaces/libnpmpack": "9.0.0",
+  "workspaces/libnpmpublish": "11.0.0",
+  "workspaces/libnpmsearch": "9.0.0",
+  "workspaces/libnpmteam": "8.0.0",
+  "workspaces/libnpmversion": "8.0.0",
+  "workspaces/config": "10.0.0"
 }

AUTHORS

@@ -949,3 +949,6 @@ Sonny <[email protected]>
 Alessandro Diez <[email protected]>
 Rhys Evans <[email protected]>
 reggi <[email protected]>
+btea <[email protected]>
+Sander Aalbers <[email protected]>
+Chris Sidi <[email protected]>

DEPENDENCIES.json

@@ -2,15 +2,10 @@
   [
     "npm"
   ],
-  [
-    "@npmcli/smoke-tests",
-    "libnpmaccess",
-    "libnpmexec",
-    "libnpmpublish"
-  ],
   [
     "@npmcli/mock-registry",
     "libnpmdiff",
+    "libnpmexec",
     "libnpmfund",
     "libnpmpack"
   ],
@@ -26,9 +21,11 @@
     "libnpmversion"
   ],
   [
-    "@npmcli/map-workspaces",
     "@npmcli/run-script",
+    "@npmcli/map-workspaces",
+    "libnpmaccess",
     "libnpmorg",
+    "libnpmpublish",
     "libnpmsearch",
     "libnpmteam",
     "init-package-json",
@@ -43,47 +40,48 @@
     "make-fetch-happen"
   ],
   [
-    "@npmcli/installed-package-contents",
+    "@npmcli/smoke-tests",
     "npm-pick-manifest",
+    "@npmcli/installed-package-contents",
     "cacache",
     "promzard"
   ],
   [
     "@npmcli/docs",
-    "@npmcli/fs",
-    "npm-bundled",
-    "npm-install-checks",
     "npm-package-arg",
+    "@npmcli/promise-spawn",
+    "npm-install-checks",
+    "npm-bundled",
     "normalize-package-data",
+    "@npmcli/fs",
     "unique-filename",
     "npm-packlist",
+    "@npmcli/mock-globals",
     "bin-links",
     "nopt",
     "parse-conflict-json",
     "read-package-json-fast",
-    "@npmcli/mock-globals",
     "read"
   ],
   [
     "@npmcli/eslint-config",
     "@npmcli/template-oss",
     "ignore-walk",
     "semver",
-    "npm-normalize-package-bin",
-    "@npmcli/name-from-folder",
-    "@npmcli/promise-spawn",
-    "ini",
     "hosted-git-info",
     "proc-log",
     "validate-npm-package-name",
+    "which",
+    "ini",
+    "npm-normalize-package-bin",
     "json-parse-even-better-errors",
-    "fs-minipass",
+    "@npmcli/node-gyp",
     "ssri",
     "unique-slug",
-    "@npmcli/node-gyp",
     "@npmcli/redact",
     "@npmcli/agent",
     "minipass-fetch",
+    "@npmcli/name-from-folder",
     "@npmcli/query",
     "cmd-shim",
     "read-cmd-shim",

DEPENDENCIES.md

@@ -8,7 +8,6 @@ graph LR;
   bin-links-->proc-log;
   bin-links-->read-cmd-shim;
   bin-links-->write-file-atomic;
-  cacache-->fs-minipass;
   cacache-->npmcli-fs["@npmcli/fs"];
   cacache-->ssri;
   cacache-->unique-filename;
@@ -86,7 +85,6 @@ graph LR;
   normalize-package-data-->semver;
   npm-->abbrev;
   npm-->cacache;
-  npm-->fs-minipass;
   npm-->hosted-git-info;
   npm-->ini;
   npm-->init-package-json;
@@ -134,6 +132,7 @@ graph LR;
   npm-->semver;
   npm-->ssri;
   npm-->validate-npm-package-name;
+  npm-->which;
   npm-bundled-->npm-normalize-package-bin;
   npm-install-checks-->semver;
   npm-package-arg-->hosted-git-info;
@@ -166,6 +165,7 @@ graph LR;
   npmcli-arborist-->npmcli-installed-package-contents["@npmcli/installed-package-contents"];
   npmcli-arborist-->npmcli-map-workspaces["@npmcli/map-workspaces"];
   npmcli-arborist-->npmcli-metavuln-calculator["@npmcli/metavuln-calculator"];
+  npmcli-arborist-->npmcli-mock-registry["@npmcli/mock-registry"];
   npmcli-arborist-->npmcli-name-from-folder["@npmcli/name-from-folder"];
   npmcli-arborist-->npmcli-node-gyp["@npmcli/node-gyp"];
   npmcli-arborist-->npmcli-package-json["@npmcli/package-json"];
@@ -199,6 +199,7 @@ graph LR;
   npmcli-git-->npmcli-promise-spawn["@npmcli/promise-spawn"];
   npmcli-git-->proc-log;
   npmcli-git-->semver;
+  npmcli-git-->which;
   npmcli-installed-package-contents-->npm-bundled;
   npmcli-installed-package-contents-->npm-normalize-package-bin;
   npmcli-map-workspaces-->npmcli-name-from-folder["@npmcli/name-from-folder"];
@@ -221,16 +222,18 @@ graph LR;
   npmcli-package-json-->npmcli-git["@npmcli/git"];
   npmcli-package-json-->proc-log;
   npmcli-package-json-->semver;
+  npmcli-promise-spawn-->which;
   npmcli-run-script-->npmcli-node-gyp["@npmcli/node-gyp"];
   npmcli-run-script-->npmcli-package-json["@npmcli/package-json"];
   npmcli-run-script-->npmcli-promise-spawn["@npmcli/promise-spawn"];
   npmcli-run-script-->proc-log;
+  npmcli-run-script-->which;
   npmcli-smoke-tests-->npmcli-eslint-config["@npmcli/eslint-config"];
   npmcli-smoke-tests-->npmcli-mock-registry["@npmcli/mock-registry"];
   npmcli-smoke-tests-->npmcli-promise-spawn["@npmcli/promise-spawn"];
   npmcli-smoke-tests-->npmcli-template-oss["@npmcli/template-oss"];
+  npmcli-smoke-tests-->which;
   pacote-->cacache;
-  pacote-->fs-minipass;
   pacote-->npm-package-arg;
   pacote-->npm-packlist;
   pacote-->npm-pick-manifest;
@@ -253,9 +256,6 @@ graph LR;
 ## all dependencies
 ```mermaid
 graph LR;
-  agent-base-->debug;
-  aggregate-error-->clean-stack;
-  aggregate-error-->indent-string;
   bin-links-->cmd-shim;
   bin-links-->npm-normalize-package-bin;
   bin-links-->proc-log;
@@ -407,7 +407,6 @@ graph LR;
   libnpmversion-->tap;
   make-fetch-happen-->cacache;
   make-fetch-happen-->http-cache-semantics;
-  make-fetch-happen-->is-lambda;
   make-fetch-happen-->minipass-fetch;
   make-fetch-happen-->minipass-flush;
   make-fetch-happen-->minipass-pipeline;
@@ -429,7 +428,6 @@ graph LR;
   minipass-sized-->minipass;
   minizlib-->minipass;
   minizlib-->rimraf;
-  minizlib-->yallist;
   node-gyp-->env-paths;
   node-gyp-->exponential-backoff;
   node-gyp-->glob;
@@ -578,6 +576,7 @@ graph LR;
   npmcli-arborist-->npmcli-installed-package-contents["@npmcli/installed-package-contents"];
   npmcli-arborist-->npmcli-map-workspaces["@npmcli/map-workspaces"];
   npmcli-arborist-->npmcli-metavuln-calculator["@npmcli/metavuln-calculator"];
+  npmcli-arborist-->npmcli-mock-registry["@npmcli/mock-registry"];
   npmcli-arborist-->npmcli-name-from-folder["@npmcli/name-from-folder"];
   npmcli-arborist-->npmcli-node-gyp["@npmcli/node-gyp"];
   npmcli-arborist-->npmcli-package-json["@npmcli/package-json"];
@@ -680,7 +679,6 @@ graph LR;
   npmcli-smoke-tests-->proxy;
   npmcli-smoke-tests-->tap;
   npmcli-smoke-tests-->which;
-  p-map-->aggregate-error;
   pacote-->cacache;
   pacote-->fs-minipass;
   pacote-->minipass;
@@ -777,14 +775,13 @@ Each group depends on packages lower down the chain, nothing depends on
 packages higher up the chain.
 
  - npm
- - @npmcli/smoke-tests, libnpmaccess, libnpmexec, libnpmpublish
- - @npmcli/mock-registry, libnpmdiff, libnpmfund, libnpmpack
+ - @npmcli/mock-registry, libnpmdiff, libnpmexec, libnpmfund, libnpmpack
  - @npmcli/arborist
  - @npmcli/metavuln-calculator
  - pacote, @npmcli/config, libnpmversion
- - @npmcli/map-workspaces, @npmcli/run-script, libnpmorg, libnpmsearch, libnpmteam, init-package-json, npm-profile
+ - @npmcli/run-script, @npmcli/map-workspaces, libnpmaccess, libnpmorg, libnpmpublish, libnpmsearch, libnpmteam, init-package-json, npm-profile
  - @npmcli/package-json, npm-registry-fetch
  - @npmcli/git, make-fetch-happen
- - @npmcli/installed-package-contents, npm-pick-manifest, cacache, promzard
- - @npmcli/docs, @npmcli/fs, npm-bundled, npm-install-checks, npm-package-arg, normalize-package-data, unique-filename, npm-packlist, bin-links, nopt, parse-conflict-json, read-package-json-fast, @npmcli/mock-globals, read
- - @npmcli/eslint-config, @npmcli/template-oss, ignore-walk, semver, npm-normalize-package-bin, @npmcli/name-from-folder, @npmcli/promise-spawn, ini, hosted-git-info, proc-log, validate-npm-package-name, json-parse-even-better-errors, fs-minipass, ssri, unique-slug, @npmcli/node-gyp, @npmcli/redact, @npmcli/agent, minipass-fetch, @npmcli/query, cmd-shim, read-cmd-shim, write-file-atomic, abbrev, proggy, minify-registry-metadata, mute-stream, npm-audit-report, npm-user-validate
+ - @npmcli/smoke-tests, npm-pick-manifest, @npmcli/installed-package-contents, cacache, promzard
+ - @npmcli/docs, npm-package-arg, @npmcli/promise-spawn, npm-install-checks, npm-bundled, normalize-package-data, @npmcli/fs, unique-filename, npm-packlist, @npmcli/mock-globals, bin-links, nopt, parse-conflict-json, read-package-json-fast, read
+ - @npmcli/eslint-config, @npmcli/template-oss, ignore-walk, semver, hosted-git-info, proc-log, validate-npm-package-name, which, ini, npm-normalize-package-bin, json-parse-even-better-errors, @npmcli/node-gyp, ssri, unique-slug, @npmcli/redact, @npmcli/agent, minipass-fetch, @npmcli/name-from-folder, @npmcli/query, cmd-shim, read-cmd-shim, write-file-atomic, abbrev, proggy, minify-registry-metadata, mute-stream, npm-audit-report, npm-user-validate

docs/lib/content/commands/npm-ls.md

@@ -39,34 +39,6 @@ dependencies, not the physical layout of your `node_modules` folder.
 
 When run as `ll` or `la`, it shows extended information by default.
 
-### Note: Design Changes Pending
-
-The `npm ls` command's output and behavior made a _ton_ of sense when npm
-created a `node_modules` folder that naively nested every dependency.  In
-such a case, the logical dependency graph and physical tree of packages on
-disk would be roughly identical.
-
-With the advent of automatic install-time deduplication of dependencies in
-npm v3, the `ls` output was modified to display the logical dependency
-graph as a tree structure, since this was more useful to most users.
-However, without using `npm ls -l`, it became impossible to show _where_ a
-package was actually installed much of the time!
-
-With the advent of automatic installation of `peerDependencies` in npm v7,
-this gets even more curious, as `peerDependencies` are logically
-"underneath" their dependents in the dependency graph, but are always
-physically at or above their location on disk.
-
-Also, in the years since npm got an `ls` command (in version 0.0.2!),
-dependency graphs have gotten much larger as a general rule.  Therefore, in
-order to avoid dumping an excessive amount of content to the terminal, `npm
-ls` now only shows the _top_ level dependencies, unless `--all` is
-provided.
-
-A thorough re-examination of the use cases, intention, behavior, and output
-of this command, is currently underway.  Expect significant changes to at
-least the default human-readable `npm ls` output in npm v8.
-
 ### Configuration
 
 <!-- AUTOGENERATED CONFIG DESCRIPTIONS -->

docs/lib/content/commands/npm-publish.md

@@ -83,6 +83,9 @@ See [`developers`](/using-npm/developers) for full details on what's
 included in the published package, as well as details on how the package is
 built.
 
+See [`package.json`](/configuring-npm/package-json) for more info on
+what can and can't be ignored.
+
 ### Configuration
 
 <!-- AUTOGENERATED CONFIG DESCRIPTIONS -->

docs/lib/content/configuring-npm/npmrc.md

@@ -103,7 +103,7 @@ The full list is:
  - `username`
  - `_password`
  - `email`
- - `certfile` (path to certificate file)
+ - `cafile` (path to certificate authority file)
  - `keyfile` (path to key file)
 
 In order to scope these values, they must be prefixed by a URI fragment.

docs/lib/content/configuring-npm/package-json.md

@@ -324,6 +324,7 @@ Some files are always ignored by default:
   if you wish it to be published)
 * `pnpm-lock.yaml`
 * `yarn.lock`
+* `bun.lockb`
 
 Most of these ignored files can be included specifically if included in
 the `files` globs.  Exceptions to this are:
@@ -334,6 +335,7 @@ the `files` globs.  Exceptions to this are:
 * `package-lock.json`
 * `pnpm-lock.yaml`
 * `yarn.lock`
+* `bun.lockb`
 
 These can not be included.
 

docs/lib/content/using-npm/developers.md

@@ -112,8 +112,8 @@ as `.gitignore` files:
 * You can end patterns with a forward slash `/` to specify a directory.
 * You can negate a pattern by starting it with an exclamation point `!`.
 
-By default, the following paths and files are ignored, so there's no
-need to add them to `.npmignore` explicitly:
+By default, some paths and files are ignored, so there's no
+need to add them to `.npmignore` explicitly. Some examples are:
 
 * `.*.swp`
 * `._*`
@@ -148,6 +148,9 @@ property of `package.json`, which is an array of file or directory names
 that should be included in your package. Sometimes manually picking
 which items to allow is easier to manage than building a block list.
 
+See [`package.json`](/configuring-npm/package-json) for more info on
+what can and can't be ignored.
+
 #### Testing whether your `.npmignore` or `files` config works
 
 If you want to double check that your package will include only the files

docs/package.json

@@ -23,7 +23,7 @@
   "devDependencies": {
     "@isaacs/string-locale-compare": "^1.1.0",
     "@npmcli/eslint-config": "^5.0.1",
-    "@npmcli/template-oss": "4.23.3",
+    "@npmcli/template-oss": "4.23.6",
     "front-matter": "^4.0.2",
     "ignore-walk": "^7.0.0",
     "jsdom": "^24.0.0",
@@ -56,7 +56,7 @@
   "templateOSS": {
     "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
     "ciVersions": "latest",
-    "version": "4.23.3",
+    "version": "4.23.6",
     "content": "../scripts/template-oss/index.js",
     "workspaceRepo": {
       "add": {

lib/cli.js

@@ -1,3 +1,11 @@
+try {
+  const { enableCompileCache } = require('node:module')
+  /* istanbul ignore next */
+  if (enableCompileCache) {
+    enableCompileCache()
+  }
+} catch (e) { /* istanbul ignore next */ }
+
 const validateEngines = require('./cli/validate-engines.js')
 const cliEntry = require('node:path').resolve(__dirname, 'cli/entry.js')
 

lib/commands/deprecate.js

@@ -1,4 +1,4 @@
-const fetch = require('npm-registry-fetch')
+const npmFetch = require('npm-registry-fetch')
 const { otplease } = require('../utils/auth.js')
 const npa = require('npm-package-arg')
 const { log } = require('proc-log')
@@ -47,7 +47,7 @@ class Deprecate extends BaseCommand {
     }
 
     const uri = '/' + p.escapedName
-    const packument = await fetch.json(uri, {
+    const packument = await npmFetch.json(uri, {
       ...this.npm.flatOptions,
       spec: p,
       query: { write: true },
@@ -60,7 +60,7 @@ class Deprecate extends BaseCommand {
       for (const v of versions) {
         packument.versions[v].deprecated = msg
       }
-      return otplease(this.npm, this.npm.flatOptions, opts => fetch(uri, {
+      return otplease(this.npm, this.npm.flatOptions, opts => npmFetch(uri, {
         ...opts,
         spec: p,
         method: 'PUT',