npm-utils - npm Package Compare versions

Comparing version 1.14.1 to 2.0.0

package.json

 {
   "name": "npm-utils",
   "description": "Async NPM shell commands",
-  "version": "1.14.1",
+  "version": "2.0.0",
   "author": "Gleb Bahmutov <gleb.bahmutov@gmail.com>",
@@ -33,13 +33,14 @@ "bin": {
     "chdir-promise": "0.4.1",
-    "check-more-types": "2.23.0",
-    "cross-spawn": "5.0.1",
-    "debug": "2.3.3",
+    "check-more-types": "2.24.0",
+    "cross-spawn": "5.1.0",
+    "debug": "2.6.8",
     "del": "2.2.2",
-    "ggit": "1.13.4",
-    "lazy-ass": "1.5.0",
-    "local-or-home-npmrc": "github:bahmutov/local-or-home-npmrc",
+    "execa": "0.7.0",
+    "ggit": "1.23.0",
+    "lazy-ass": "1.6.0",
+    "local-or-home-npmrc": "1.1.0",
     "q": "2.0.3",
     "registry-url": "3.1.0",
-    "repo-url": "1.0.0",
-    "verbal-expressions": "0.2.1"
+    "repo-url": "1.0.1",
+    "verbal-expressions": "0.3.0"
   },
@@ -50,18 +51,20 @@ "devDependencies": {
     "git-issues": "1.3.1",
-    "github-post-release": "1.7.1",
+    "github-post-release": "1.12.1",
     "grunt": "0.4.5",
     "grunt-bump": "0.8.0",
     "grunt-cli": "1.2.0",
-    "grunt-complexity": "0.3.0",
+    "grunt-complexity": "0.4.0",
     "grunt-filenames": "0.4.0",
-    "grunt-nice-package": "0.10.3",
+    "grunt-nice-package": "0.10.4",
     "gt": "0.10.0",
     "matchdep": "1.0.1",
     "mocha": "3.4.2",
-    "pkgfiles": "2.3.0",
-    "pre-git": "3.12.0",
-    "proxyquire": "1.7.10",
+    "next-update-travis": "1.5.2",
+    "pkgfiles": "2.3.2",
+    "pre-git": "3.15.0",
+    "proxyquire": "1.8.0",
     "semantic-release": "6.3.6",
     "standard": "8.6.0",
-    "temp": "0.8.3"
+    "temp": "0.8.3",
+    "tmp-sync": "1.1.2"
   },
@@ -106,4 +109,4 @@ "engines": {
     "test": "gt src/test/*.js --output",
-    "unit": "mocha src/*-spec.js"
+    "unit": "mocha --timeout 30000 src/*-spec.js"
   }
 }

README.md

@@ -14,2 +14,3 @@ # npm-utils
 [![manpm](https://img.shields.io/badge/manpm-%E2%9C%93-3399ff.svg)](https://github.com/bahmutov/manpm)
+[![next-update-travis badge][badge]][readme]
 
@@ -218,3 +219,3 @@ ## Use
 [npm-utils-ci-image]: https://secure.travis-ci.org/bahmutov/npm-utils.svg?branch=master
-[npm-utils-ci-url]: http://travis-ci.org/#!/bahmutov/npm-utils
+[npm-utils-ci-url]: https://travis-ci.org/bahmutov/npm-utils
 [dependencies-image]: https://david-dm.org/bahmutov/npm-utils.svg
@@ -228,1 +229,3 @@ [dependencies-url]: https://david-dm.org/bahmutov/npm-utils
 [semantic-url]: https://github.com/semantic-release/semantic-release
+[badge]: https://img.shields.io/badge/next--update--travis-%E2%9C%94%EF%B8%8F-green.svg
+[readme]: https://github.com/bahmutov/next-update-travis#readme

src/set-auth-token-spec.js

@@ -6,2 +6,3 @@ var fs = require('fs')
 const chdir = require('chdir-promise')
+const la = require('lazy-ass')
 
@@ -57,5 +58,22 @@ temp.track()
         console.log(npmrcContents)
+        la(npmrcContents.includes('//npm.example.com/:_authToken='))
       })
   })
+
+  it('sets the authentication token based on publishConfig URL', function () {
+    var customRegistry = 'https://npm.example.com/'
+    var npmrcPath = path.join(dirPath, '.npmrc')
+    var packagePath = path.join(dirPath, 'package.json')
+
+    fs.writeFileSync(npmrcPath, '@myco:registry=' + customRegistry, { encoding: 'utf8' })
+    fs.writeFileSync(packagePath, '{ "name": "@myco/test-package", "publishConfig": { "registry": "https://private.example.com/" } }', { encoding: 'utf8' })
+
+    return setAuthToken()
+      .then(function () {
+        var npmrcContents = fs.readFileSync(npmrcPath, 'utf8')
+        console.log(npmrcContents)
+        la(npmrcContents.includes('//private.example.com/:_authToken='))
+      })
+  })
 })
 

src/set-auth-token.js

@@ -38,7 +38,20 @@ 'use strict'
   var cwd = process.cwd()
-  var packageName = getPackage(cwd).name
+  var packageContents = getPackage(cwd)
+  var packageName = packageContents.name
   debug('package %s in folder %s', packageName, cwd)
 
-  var scope = packageName.split('/')[0]
-  var registry = registryUrl(scope)
+  // If set, prefer the value of the `packageConfig.registry` property over the value of the registry as set
+  // in the user's `.npmrc` file.
+  // In one scenario, a package may fetch its dependencies from a virtual registry that is an overlay of a private
+  // registry over the public npm registry. Yet, that package is configured to publish directly to the private registry
+  // URL. To account for this scenario we need to get the value of the private registry URL and configure it within
+  // the `.npmrc` file.
+  var registry
+  if (packageContents.publishConfig && packageContents.publishConfig.registry) {
+    registry = packageContents.publishConfig.registry
+  } else {
+    var scope = packageName.split('/')[0]
+    registry = registryUrl(scope)
+  }
+
   console.log('setting auth token for registry', registry)
@@ -45,0 +58,0 @@

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

GitHub dependency

Supply chain risk

Contains a dependency which resolves to a GitHub URL. Dependencies fetched from GitHub specifiers are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

29897

increased by12.53%

Number of package files

21

increased by5%

Lines of code

676

increased by13.61%

Number of lines in readme file

229

increased by1.33%

Number of high supply chain risk alerts

0

decreased by-100%

Worsened metrics

Dependency count

13

increased by8.33%

Dev dependency count

21

increased by10.53%

Dependency changes

• + Addedexeca@0.7.0

• + Addedalways-error@1.0.0(transitive)

• + Addedansi-regex@2.1.1(transitive)

• + Addedaproba@1.2.0(transitive)

• + Addedare-we-there-yet@1.1.7(transitive)

• + Addedbluebird@3.5.0(transitive)

• + Addedbuffer-from@1.1.2(transitive)

• + Addedbuiltins@1.0.3(transitive)

• + Addedcode-point-at@1.1.0(transitive)

• + Addedcommander@2.11.0(transitive)

• + Addedconcat-stream@1.6.2(transitive)

• + Addedcore-util-is@1.0.3(transitive)

• + Addedcross-spawn@5.1.0(transitive)

• + Addeddelegates@1.0.0(transitive)

• + Addedexeca@0.7.0(transitive)

• + Addedfind-up@2.1.0(transitive)

• + Addedfunction-bind@1.1.2(transitive)

• + Addedgauge@2.7.4(transitive)

• + Addedget-stream@3.0.0(transitive)

• + Addedggit@1.23.0(transitive)

• + Addedglob@7.1.2(transitive)

• + Addedgraceful-fs@4.2.11(transitive)

• + Addedhasown@2.0.2(transitive)

• + Addedhosted-git-info@2.8.9(transitive)

• + Addedis-core-module@2.15.1(transitive)

• + Addedis-fullwidth-code-point@1.0.0(transitive)

• + Addedis-stream@1.1.0(transitive)

• + Addedisarray@1.0.0(transitive)

• + Addedlocal-or-home-npmrc@1.1.0(transitive)

• + Addedlocate-path@2.0.0(transitive)

• + Addedmoment@2.18.1(transitive)

• + Addednormalize-package-data@2.5.0(transitive)

• + Addednpm-package-arg@6.1.1(transitive)

• + Addednpm-registry-client@8.6.0(transitive)

• + Addednpm-run-path@2.0.2(transitive)

• + Addednpmlog@4.1.2(transitive)

• + Addednumber-is-nan@1.0.1(transitive)

• + Addedos-homedir@1.0.2(transitive)

• + Addedos-tmpdir@1.0.2(transitive)

• + Addedosenv@0.1.5(transitive)

• + Addedp-finally@1.0.0(transitive)

• + Addedp-limit@1.3.0(transitive)

• + Addedp-locate@2.0.0(transitive)

• + Addedp-try@1.0.0(transitive)

• + Addedpath-exists@3.0.0(transitive)

• + Addedpath-key@2.0.1(transitive)

• + Addedpath-parse@1.0.7(transitive)

• + Addedpkg-dir@2.0.0(transitive)

• + Addedpluralize@5.0.0(transitive)

• + Addedprocess-nextick-args@2.0.1(transitive)

• + Addedpsl@1.15.0(transitive)

• + Addedramda@0.24.1(transitive)

• + Addedreadable-stream@2.3.8(transitive)

• + Addedrepo-url@1.0.1(transitive)

• + Addedresolve@1.22.8(transitive)

• + Addedretry@0.10.1(transitive)

• + Addedsafe-buffer@5.1.2(transitive)

• + Addedsemver@5.3.05.7.2(transitive)

• + Addedsignal-exit@3.0.7(transitive)

• + Addedsilent-npm-registry-client@3.0.0(transitive)

• + Addedspdx-correct@3.2.0(transitive)

• + Addedspdx-exceptions@2.5.0(transitive)

• + Addedspdx-expression-parse@3.0.1(transitive)

• + Addedspdx-license-ids@3.0.20(transitive)

• + Addedssri@5.3.0(transitive)

• + Addedstring-width@1.0.2(transitive)

• + Addedstring_decoder@1.1.1(transitive)

• + Addedstrip-ansi@3.0.1(transitive)

• + Addedstrip-eof@1.0.0(transitive)

• + Addedsupports-preserve-symlinks-flag@1.0.0(transitive)

• + Addedtypedarray@0.0.6(transitive)

• + Addeduser-home@2.0.0(transitive)

• + Addedutil-deprecate@1.0.2(transitive)

• + Addedvalidate-npm-package-license@3.0.4(transitive)

• + Addedvalidate-npm-package-name@3.0.0(transitive)

• + Addedverbal-expressions@0.3.0(transitive)

• + Addedxtend@4.0.2(transitive)

• - Removedansi-regex@5.0.1(transitive)

• - Removedaproba@2.0.0(transitive)

• - Removedare-we-there-yet@4.0.2(transitive)

• - Removedbluebird@3.4.6(transitive)

• - Removedchdir-promise@0.4.0(transitive)

• - Removedcheck-more-types@2.23.0(transitive)

• - Removedchownr@0.0.2(transitive)

• - Removedcolor-support@1.1.3(transitive)

• - Removedcommander@2.9.0(transitive)

• - Removedcouch-login@0.1.20(transitive)

• - Removedcross-spawn@5.0.1(transitive)

• - Removeddebug@2.3.3(transitive)

• - Removedemoji-regex@8.0.0(transitive)

• - Removedforeach@2.0.6(transitive)

• - Removedgauge@5.0.2(transitive)

• - Removedggit@1.13.4(transitive)

• - Removedglob@7.1.1(transitive)

• - Removedgraceful-fs@2.0.3(transitive)

• - Removedgraceful-readlink@1.0.1(transitive)

• - Removedindexof@0.0.1(transitive)

• - Removedis@0.2.7(transitive)

• - Removedis-fullwidth-code-point@3.0.0(transitive)

• - Removedis-object@0.1.2(transitive)

• - Removedlazy-ass@1.5.0(transitive)

• - Removedmkdirp@0.3.5(transitive)

• - Removedmoment@2.17.0(transitive)

• - Removedms@0.7.2(transitive)

• - Removednpm-registry-client@0.2.31(transitive)

• - Removednpmlog@7.0.1(transitive)

• - Removedobject-keys@0.2.0(transitive)

• - Removedpsl@1.14.0(transitive)

• - Removedq@1.1.2(transitive)

• - Removedramda@0.9.1(transitive)

• - Removedrepo-url@1.0.0(transitive)

• - Removedretry@0.6.0(transitive)

• - Removedsemver@2.3.2(transitive)

• - Removedsignal-exit@4.1.0(transitive)

• - Removedsilent-npm-registry-client@0.0.0(transitive)

• - Removedspots@0.4.0(transitive)

• - Removedstring-width@4.2.3(transitive)

• - Removedstrip-ansi@6.0.1(transitive)

• - Removedverbal-expressions@0.2.1(transitive)

• - Removedxtend@2.0.6(transitive)

• Updatedcheck-more-types@2.24.0

• Updatedcross-spawn@5.1.0

• Updateddebug@2.6.8

• Updatedggit@1.23.0

• Updatedlazy-ass@1.6.0

• Updatedlocal-or-home-npmrc@1.1.0

• Updatedrepo-url@1.0.1

• Updatedverbal-expressions@0.3.0