npm - npm Package Compare versions

Comparing version 10.2.5 to 10.3.0

docs/content/commands/npm-install-test.md

@@ -293,2 +293,12 @@ ---
 
+#### `libc`
+
+* Default: null
+* Type: null or String
+
+Override libc of native modules to install. Acceptable values are same as
+`libc` field of package.json
+
+
+
 #### `workspace`
@@ -295,0 +305,0 @@

docs/content/commands/npm-install.md

@@ -683,2 +683,12 @@ ---
 
+#### `libc`
+
+* Default: null
+* Type: null or String
+
+Override libc of native modules to install. Acceptable values are same as
+`libc` field of package.json
+
+
+
 #### `workspace`
@@ -685,0 +695,0 @@

docs/content/commands/npm-ls.md

@@ -30,3 +30,3 @@ ---
 ```bash
-npm@10.2.5 /path/to/npm
+npm@10.3.0 /path/to/npm
 └─┬ init-package-json@0.0.4
@@ -33,0 +33,0 @@ └── promzard@0.1.5

docs/content/commands/npm-publish.md

@@ -25,3 +25,3 @@ ---
 A `package` is interpreted the same way as other commands (like
-`npm install` and can be:
+`npm install`) and can be:
 
@@ -28,0 +28,0 @@ * a) a folder containing a program described by a

docs/content/commands/npm.md

@@ -17,3 +17,3 @@ ---
 
-10.2.5
+10.3.0
 
@@ -20,0 +20,0 @@ ### Description

docs/content/commands/npx.md

@@ -153,3 +153,4 @@ ---
   with.
-- The `--node-arg` and `-n` options are removed.
+- The `--node-arg` and `-n` options have been removed. Use [`NODE_OPTIONS`](https://nodejs.org/api/cli.html#node_optionsoptions) instead: e.g., 
+ `NODE_OPTIONS="--trace-warnings --trace-exit" npx foo --random=true`
 - The `--always-spawn` option is redundant, and thus removed.
@@ -156,0 +157,0 @@ - The `--shell` option is replaced with `--script-shell`, but maintained

docs/content/configuring-npm/npmrc.md

@@ -22,6 +22,6 @@ ---
 
-* per-project config file (/path/to/my/project/.npmrc)
-* per-user config file (~/.npmrc)
-* global config file ($PREFIX/etc/npmrc)
-* npm builtin config file (/path/to/npm/npmrc)
+* per-project config file (`/path/to/my/project/.npmrc`)
+* per-user config file (`~/.npmrc`)
+* global config file (`$PREFIX/etc/npmrc`)
+* npm builtin config file (`/path/to/npm/npmrc`)
 
@@ -28,0 +28,0 @@ All npm config files are an ini-formatted list of `key = value` parameters.

docs/content/configuring-npm/package-json.md

@@ -301,3 +301,2 @@ ---
 * `.git`
-* `.npmrc`
 * `.hg`
@@ -304,0 +303,0 @@ * `.lock-wscript`

docs/content/using-npm/config.md

@@ -858,2 +858,12 @@ ---
 
+#### `libc`
+
+* Default: null
+* Type: null or String
+
+Override libc of native modules to install. Acceptable values are same as
+`libc` field of package.json
+
+
+
 #### `link`
@@ -860,0 +870,0 @@

lib/commands/install.js

@@ -40,2 +40,3 @@ /* eslint-disable camelcase */
     'os',
+    'libc',
     ...super.params,
@@ -42,0 +43,0 @@ ]

lib/commands/view.js

@@ -395,3 +395,3 @@ const columns = require('cli-columns')
       this.npm.output('')
-      this.npm.output('keywords:', chalk.yellow(info.keywords.join(', ')))
+      this.npm.output(`keywords: ${chalk.yellow(info.keywords.join(', '))}`)
     }
@@ -401,3 +401,3 @@
       this.npm.output('')
-      this.npm.output('bin:', chalk.yellow(info.bins.join(', ')))
+      this.npm.output(`bin: ${chalk.yellow(info.bins.join(', '))}`)
     }
@@ -407,6 +407,6 @@
     this.npm.output('dist')
-    this.npm.output('.tarball:', info.tarball)
-    this.npm.output('.shasum:', info.shasum)
-    info.integrity && this.npm.output('.integrity:', info.integrity)
-    info.unpackedSize && this.npm.output('.unpackedSize:', info.unpackedSize)
+    this.npm.output(`.tarball: ${info.tarball}`)
+    this.npm.output(`.shasum: ${info.shasum}`)
+    info.integrity && this.npm.output(`.integrity: ${info.integrity}`)
+    info.unpackedSize && this.npm.output(`.unpackedSize: ${info.unpackedSize}`)
 
@@ -426,3 +426,3 @@ const maxDeps = 24
       this.npm.output('maintainers:')
-      info.maintainers.forEach((u) => this.npm.output('-', u))
+      info.maintainers.forEach((u) => this.npm.output(`- ${u}`))
     }
@@ -429,0 +429,0 @@

lib/npm.js

@@ -443,3 +443,3 @@ const { resolve, dirname, join } = require('path')
     // eslint-disable-next-line no-console
-    console.log(...msg)
+    console.log(...msg.map(Display.clean))
     log.showProgress()
@@ -482,3 +482,3 @@ }
     // eslint-disable-next-line no-console
-    console.error(...msg)
+    console.error(...msg.map(Display.clean))
     log.showProgress()
@@ -485,0 +485,0 @@ }

lib/utils/display.js

@@ -6,2 +6,40 @@ const { inspect } = require('util')
 
+const originalCustomInspect = Symbol('npm.display.original.util.inspect.custom')
+
+// These are most assuredly not a mistake
+// https://eslint.org/docs/latest/rules/no-control-regex
+/* eslint-disable no-control-regex */
+// \x00 through \x1f, \x7f through \x9f, not including \x09 \x0a \x0b \x0d
+const hasC01 = /[\x00-\x08\x0c\x0e-\x1f\x7f-\x9f]/
+// Allows everything up to '[38;5;255m' in 8 bit notation
+const allowedSGR = /^\[[0-9;]{0,8}m/
+// '[38;5;255m'.length
+const sgrMaxLen = 10
+
+// Strips all ANSI C0 and C1 control characters (except for SGR up to 8 bit)
+function stripC01 (str) {
+  if (!hasC01.test(str)) {
+    return str
+  }
+  let result = ''
+  for (let i = 0; i < str.length; i++) {
+    const char = str[i]
+    const code = char.charCodeAt(0)
+    if (!hasC01.test(char)) {
+      // Most characters are in this set so continue early if we can
+      result = `${result}${char}`
+    } else if (code === 27 && allowedSGR.test(str.slice(i + 1, i + sgrMaxLen + 1))) {
+      // \x1b with allowed SGR
+      result = `${result}\x1b`
+    } else if (code <= 31) {
+      // escape all other C0 control characters besides \x7f
+      result = `${result}^${String.fromCharCode(code + 64)}`
+    } else {
+      // hasC01 ensures this is now a C1 control character or \x7f
+      result = `${result}^${String.fromCharCode(code - 64)}`
+    }
+  }
+  return result
+}
+
 class Display {
@@ -16,2 +54,53 @@ #chalk = null
 
+  static clean (output) {
+    if (typeof output === 'string') {
+      // Strings are cleaned inline
+      return stripC01(output)
+    }
+    if (!output || typeof output !== 'object') {
+      // Numbers, booleans, null all end up here and don't need cleaning
+      return output
+    }
+    // output && typeof output === 'object'
+    // We can't use hasOwn et al for detecting the original but we can use it
+    // for detecting the properties we set via defineProperty
+    if (
+      output[inspect.custom] &&
+      (!Object.hasOwn(output, originalCustomInspect))
+    ) {
+      // Save the old one if we didn't already do it.
+      Object.defineProperty(output, originalCustomInspect, {
+        value: output[inspect.custom],
+        writable: true,
+      })
+    }
+    if (!Object.hasOwn(output, originalCustomInspect)) {
+      // Put a dummy one in for when we run multiple times on the same object
+      Object.defineProperty(output, originalCustomInspect, {
+        value: function () {
+          return this
+        },
+        writable: true,
+      })
+    }
+    // Set the custom inspect to our own function
+    Object.defineProperty(output, inspect.custom, {
+      value: function () {
+        const toClean = this[originalCustomInspect]()
+        // Custom inspect can return things other than objects, check type again
+        if (typeof toClean === 'string') {
+          // Strings are cleaned inline
+          return stripC01(toClean)
+        }
+        if (!toClean || typeof toClean !== 'object') {
+          // Numbers, booleans, null all end up here and don't need cleaning
+          return toClean
+        }
+        return stripC01(inspect(toClean, { customInspect: false }))
+      },
+      writable: true,
+    })
+    return output
+  }
+
   on () {
@@ -108,3 +197,3 @@ process.on('log', this.#logHandler)
   #npmlog (level, ...args) {
-    npmlog[level](...args)
+    npmlog[level](...args.map(Display.clean))
   }
@@ -118,4 +207,4 @@
     if (level === 'warn' &&
-        heading === 'ERESOLVE' &&
-        expl && typeof expl === 'object'
+      heading === 'ERESOLVE' &&
+      expl && typeof expl === 'object'
     ) {
@@ -122,0 +211,0 @@ this.#npmlog(level, heading, message)

lib/utils/log-file.js

@@ -9,2 +9,3 @@ const os = require('os')
 const log = require('./log-shim')
+const Display = require('./display')
 
@@ -53,2 +54,3 @@ const padZero = (n, length) => n.toString().padStart(length.toString().length, '0')
       .split(/\r?\n/)
+      .map(Display.clean)
       .reduce((lines, line) =>
@@ -55,0 +57,0 @@ lines += prefix + (line ? ' ' : '') + line + os.EOL,

lib/utils/reify-output.js

@@ -79,3 +79,3 @@ // pass in an arborist object, and it'll output the data about what
     }
-    npm.output(JSON.stringify(summary, 0, 2))
+    npm.output(JSON.stringify(summary, null, 2))
   } else {
@@ -82,0 +82,0 @@ packagesChangedMessage(npm, summary)

node_modules/@npmcli/arborist/lib/arborist/reify.js

@@ -631,3 +631,3 @@ // mixin implementing the reify method
 
-    const { npmVersion, nodeVersion, cpu, os } = this.options
+    const { npmVersion, nodeVersion, cpu, os, libc } = this.options
     const p = Promise.resolve().then(async () => {
@@ -642,3 +642,3 @@ // when we reify an optional node, check the engine and platform
         checkEngine(node.package, npmVersion, nodeVersion, false)
-        checkPlatform(node.package, false, { cpu, os })
+        checkPlatform(node.package, false, { cpu, os, libc })
       }
@@ -645,0 +645,0 @@ await this[_checkBins](node)

node_modules/@npmcli/arborist/package.json

 {
   "name": "@npmcli/arborist",
-  "version": "7.2.2",
+  "version": "7.3.0",
   "description": "Manage node_modules trees",
@@ -5,0 +5,0 @@ "dependencies": {

node_modules/@npmcli/config/package.json

 {
   "name": "@npmcli/config",
-  "version": "8.0.3",
+  "version": "8.1.0",
   "files": [
@@ -5,0 +5,0 @@ "bin/",

node_modules/@npmcli/git/lib/spawn.js

@@ -5,6 +5,6 @@ const spawn = require('@npmcli/promise-spawn')
 const makeError = require('./make-error.js')
-const whichGit = require('./which.js')
 const makeOpts = require('./opts.js')
 
 module.exports = (gitArgs, opts = {}) => {
+  const whichGit = require('./which.js')
   const gitPath = whichGit(opts)
@@ -11,0 +11,0 @@

node_modules/@npmcli/git/package.json

 {
   "name": "@npmcli/git",
-  "version": "5.0.3",
+  "version": "5.0.4",
   "main": "lib/index.js",
@@ -17,3 +17,3 @@ "files": [
   "scripts": {
-    "lint": "eslint \"**/*.js\"",
+    "lint": "eslint \"**/*.{js,cjs,ts,mjs,jsx,tsx}\"",
     "snap": "tap",
@@ -35,3 +35,3 @@ "test": "tap",
     "@npmcli/eslint-config": "^4.0.0",
-    "@npmcli/template-oss": "4.18.0",
+    "@npmcli/template-oss": "4.21.3",
     "npm-package-arg": "^11.0.0",
@@ -56,11 +56,5 @@ "slash": "^3.0.0",
     "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
-    "version": "4.18.0",
-    "publish": true,
-    "ciVersions": [
-      "16.14.0",
-      "16.x",
-      "18.0.0",
-      "18.x"
-    ]
+    "version": "4.21.3",
+    "publish": true
   }
 }

node_modules/@npmcli/promise-spawn/lib/index.js

@@ -103,4 +103,4 @@ 'use strict'
       pathToInitial = which.sync(initialCmd, {
-        path: (options.env && options.env.PATH) || process.env.PATH,
-        pathext: (options.env && options.env.PATHEXT) || process.env.PATHEXT,
+        path: (options.env && findInObject(options.env, 'PATH')) || process.env.PATH,
+        pathext: (options.env && findInObject(options.env, 'PATHEXT')) || process.env.PATHEXT,
       }).toLowerCase()
@@ -196,2 +196,12 @@ } catch (err) {
 
+// case insensitive lookup in an object
+const findInObject = (obj, key) => {
+  key = key.toLowerCase()
+  for (const objKey of Object.keys(obj).sort()) {
+    if (objKey.toLowerCase() === key) {
+      return obj[objKey]
+    }
+  }
+}
+
 module.exports = promiseSpawn

node_modules/@npmcli/promise-spawn/package.json

 {
   "name": "@npmcli/promise-spawn",
-  "version": "7.0.0",
+  "version": "7.0.1",
   "files": [
@@ -19,3 +19,3 @@ "bin/",
     "snap": "tap",
-    "lint": "eslint \"**/*.js\"",
+    "lint": "eslint \"**/*.{js,cjs,ts,mjs,jsx,tsx}\"",
     "lintfix": "npm run lint -- --fix",
@@ -36,3 +36,3 @@ "posttest": "npm run lint",
     "@npmcli/eslint-config": "^4.0.0",
-    "@npmcli/template-oss": "4.18.0",
+    "@npmcli/template-oss": "4.21.3",
     "spawk": "^1.7.1",
@@ -46,9 +46,3 @@ "tap": "^16.0.1"
     "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
-    "ciVersions": [
-      "16.14.0",
-      "16.x",
-      "18.0.0",
-      "18.x"
-    ],
-    "version": "4.18.0",
+    "version": "4.21.3",
     "publish": true
@@ -55,0 +49,0 @@ },

node_modules/@npmcli/run-script/lib/signal-manager.js

 const runningProcs = new Set()
 let handlersInstalled = false
 
-// NOTE: these signals aren't actually forwarded anywhere. they're trapped and
-// ignored until all child processes have exited. in our next breaking change
-// we should rename this
 const forwardedSignals = [
@@ -15,4 +12,8 @@ 'SIGINT',
 // to ourselves. see the catch handler at the bottom of run-script-pkg.js
-// istanbul ignore next - this function does nothing
-const handleSignal = () => {}
+const handleSignal = signal => {
+  for (const proc of runningProcs) {
+    proc.kill(signal)
+  }
+}
+
 const setupListeners = () => {
@@ -19,0 +20,0 @@ for (const signal of forwardedSignals) {

node_modules/@npmcli/run-script/package.json

 {
   "name": "@npmcli/run-script",
-  "version": "7.0.2",
+  "version": "7.0.3",
   "description": "Run a lifecycle script for a package (descendant of npm-lifecycle)",
@@ -10,3 +10,3 @@ "author": "GitHub Inc.",
     "eslint": "eslint",
-    "lint": "eslint \"**/*.js\"",
+    "lint": "eslint \"**/*.{js,cjs,ts,mjs,jsx,tsx}\"",
     "lintfix": "npm run lint -- --fix",
@@ -20,3 +20,3 @@ "postlint": "template-oss-check",
     "@npmcli/eslint-config": "^4.0.0",
-    "@npmcli/template-oss": "4.19.0",
+    "@npmcli/template-oss": "4.21.3",
     "require-inject": "^1.4.4",
@@ -46,3 +46,3 @@ "tap": "^16.0.1"
     "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
-    "version": "4.19.0",
+    "version": "4.21.3",
     "publish": "true"
@@ -49,0 +49,0 @@ },

node_modules/are-we-there-yet/lib/tracker-stream.js

 'use strict'
-const stream = require('readable-stream')
-const delegate = require('delegates')
+const stream = require('stream')
 const Tracker = require('./tracker.js')
@@ -12,5 +11,9 @@
     this.id = this.tracker.id
-    this.tracker.on('change', delegateChange(this))
+    this.tracker.on('change', this.trackerChange.bind(this))
   }
 
+  trackerChange (name, completion) {
+    this.emit('change', name, completion, this)
+  }
+
   _transform (data, encoding, cb) {
@@ -26,15 +29,16 @@ this.tracker.completeWork(data.length ? data.length : 1)
   }
-}
 
-function delegateChange (trackerStream) {
-  return function (name, completion, tracker) {
-    trackerStream.emit('change', name, completion, trackerStream)
+  completed () {
+    return this.tracker.completed()
   }
+
+  addWork (work) {
+    return this.tracker.addWork(work)
+  }
+
+  finish () {
+    return this.tracker.finish()
+  }
 }
 
-delegate(TrackerStream.prototype, 'tracker')
-  .method('completed')
-  .method('addWork')
-  .method('finish')
-
 module.exports = TrackerStream

node_modules/are-we-there-yet/package.json

 {
   "name": "are-we-there-yet",
-  "version": "4.0.1",
+  "version": "4.0.2",
   "description": "Keep track of the overall completion of many disparate processes",
@@ -8,3 +8,3 @@ "main": "lib/index.js",
     "test": "tap",
-    "lint": "eslint \"**/*.js\"",
+    "lint": "eslint \"**/*.{js,cjs,ts,mjs,jsx,tsx}\"",
     "lintfix": "npm run lint -- --fix",
@@ -29,9 +29,5 @@ "posttest": "npm run lint",
     "@npmcli/eslint-config": "^4.0.0",
-    "@npmcli/template-oss": "4.17.0",
+    "@npmcli/template-oss": "4.21.3",
     "tap": "^16.0.1"
   },
-  "dependencies": {
-    "delegates": "^1.0.0",
-    "readable-stream": "^4.1.0"
-  },
   "files": [
@@ -56,5 +52,5 @@ "bin/",
     "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
-    "version": "4.17.0",
+    "version": "4.21.3",
     "publish": true
   }
 }

node_modules/cacache/lib/content/read.js

@@ -16,8 +16,5 @@ 'use strict'
     // get size
-    const stat = await fs.stat(cpath)
+    const stat = size ? { size } : await fs.stat(cpath)
     return { stat, cpath, sri }
   })
-  if (typeof size === 'number' && stat.size !== size) {
-    throw sizeError(size, stat.size)
-  }
 
@@ -29,2 +26,7 @@ if (stat.size > MAX_SINGLE_READ_SIZE) {
   const data = await fs.readFile(cpath, { encoding: null })
+
+  if (stat.size !== data.length) {
+    throw sizeError(stat.size, data.length)
+  }
+
   if (!ssri.checkData(data, sri)) {
@@ -60,9 +62,6 @@ throw integrityError(sri, cpath)
     const { stat, cpath, sri } = await withContentSri(cache, integrity, async (cpath, sri) => {
-      // just stat to ensure it exists
-      const stat = await fs.stat(cpath)
+      // get size
+      const stat = size ? { size } : await fs.stat(cpath)
       return { stat, cpath, sri }
     })
-    if (typeof size === 'number' && size !== stat.size) {
-      return stream.emit('error', sizeError(size, stat.size))
-    }
 
@@ -69,0 +68,0 @@ return readPipeline(cpath, stat.size, sri, stream)

node_modules/cacache/package.json

 {
   "name": "cacache",
-  "version": "18.0.1",
+  "version": "18.0.2",
   "cache-version": {
@@ -19,3 +19,3 @@ "content": "2",
     "test-docker": "docker run -it --rm --name pacotest -v \"$PWD\":/tmp -w /tmp node:latest npm test",
-    "lint": "eslint \"**/*.js\"",
+    "lint": "eslint \"**/*.{js,cjs,ts,mjs,jsx,tsx}\"",
     "npmclilint": "npmcli-lint",
@@ -64,3 +64,3 @@ "lintfix": "npm run lint -- --fix",
     "@npmcli/eslint-config": "^4.0.0",
-    "@npmcli/template-oss": "4.19.0",
+    "@npmcli/template-oss": "4.21.3",
     "tap": "^16.0.0"
@@ -74,3 +74,3 @@ },
     "windowsCI": false,
-    "version": "4.19.0",
+    "version": "4.21.3",
     "publish": "true"
@@ -77,0 +77,0 @@ },

node_modules/libnpmdiff/package.json

 {
   "name": "libnpmdiff",
-  "version": "6.0.4",
+  "version": "6.0.5",
   "description": "The registry diff",
@@ -5,0 +5,0 @@ "repository": {

node_modules/libnpmexec/package.json

 {
   "name": "libnpmexec",
-  "version": "7.0.5",
+  "version": "7.0.6",
   "files": [
@@ -5,0 +5,0 @@ "bin/",

node_modules/libnpmfund/package.json

 {
   "name": "libnpmfund",
-  "version": "5.0.2",
+  "version": "5.0.3",
   "main": "lib/index.js",
@@ -5,0 +5,0 @@ "files": [

node_modules/libnpmpack/package.json

 {
   "name": "libnpmpack",
-  "version": "6.0.4",
+  "version": "6.0.5",
   "description": "Programmatic API for the bits behind npm pack",
@@ -5,0 +5,0 @@ "author": "GitHub Inc.",

node_modules/npm-packlist/lib/index.js

@@ -45,16 +45,2 @@ 'use strict'
 
-const allLevels = [
-  // these are included by default but can be excluded by package.json files array
-  '!/readme{,.*[^~$]}',
-  '!/copying{,.*[^~$]}',
-  '!/license{,.*[^~$]}',
-  '!/licence{,.*[^~$]}',
-]
-
-const rootOnly = [
-  /^!.*readme/i,
-  /^!.*copying/i,
-  /^!.*licen[sc]e/i,
-]
-
 const normalizePath = (path) => path.split('\\').join('/')
@@ -145,3 +131,2 @@
         ...strictDefaults,
-        ...allLevels,
         ...this.requiredFiles.map((file) => `!${file}`),
@@ -299,4 +284,7 @@ ])
       ...strictDefaults,
-      ...allLevels,
       '!/package.json',
+      '!/readme{,.*[^~$]}',
+      '!/copying{,.*[^~$]}',
+      '!/license{,.*[^~$]}',
+      '!/licence{,.*[^~$]}',
       '/.git',
@@ -316,9 +304,7 @@ '/node_modules',
           file = file.slice(1)
-        } else if (file.endsWith('/*')) {
-          file = file.slice(0, -1)
         }
+        if (file.endsWith('/*')) {
+          file += '*'
+        }
         const inverse = `!${file}`
-
-        this.excludeNonRoot(file)
-
         try {
@@ -372,16 +358,2 @@ // if an entry in the files array is a specific file, then we need to include it as a
 
-  // excludes non root files by checking if elements from the files array in
-  // package.json contain an ! and readme/license/licence/copying, and then
-  // removing readme/license/licence/copying accordingly from strict defaults
-  excludeNonRoot (file) {
-    // Find the pattern
-    const matchingPattern = rootOnly.find(regex => regex.test(file))
-
-    if (matchingPattern) {
-      // Find which index matches the pattern and remove it from allLevels
-      const indexToRemove = allLevels.findIndex(element => matchingPattern.test(element))
-      allLevels.splice(indexToRemove, 1)
-    }
-  }
-
   // custom method: after we've finished gathering the files for the root package, we call this
@@ -388,0 +360,0 @@ // before emitting the 'done' event in order to gather all of the files for bundled deps

node_modules/npm-packlist/package.json

 {
   "name": "npm-packlist",
-  "version": "8.0.1",
+  "version": "8.0.2",
   "description": "Get a list of the files to add from a folder into an npm package",
@@ -5,0 +5,0 @@ "directories": {

node_modules/postcss-selector-parser/package.json

 {
   "name": "postcss-selector-parser",
-  "version": "6.0.13",
+  "version": "6.0.15",
   "devDependencies": {
@@ -21,3 +21,3 @@ "@babel/cli": "^7.11.6",
     "nyc": "^15.1.0",
-    "postcss": "^8.0.0",
+    "postcss": "^8.4.31",
     "semver": "^7.3.2",
@@ -24,0 +24,0 @@ "typescript": "^4.0.3"

package.json

 {
-  "version": "10.2.5",
+  "version": "10.3.0",
   "name": "npm",
@@ -60,8 +60,8 @@ "description": "a package manager for JavaScript",
     "@npmcli/package-json": "^5.0.0",
-    "@npmcli/promise-spawn": "^7.0.0",
-    "@npmcli/run-script": "^7.0.2",
+    "@npmcli/promise-spawn": "^7.0.1",
+    "@npmcli/run-script": "^7.0.3",
     "@sigstore/tuf": "^2.2.0",
     "abbrev": "^2.0.0",
     "archy": "~1.0.0",
-    "cacache": "^18.0.1",
+    "cacache": "^18.0.2",
     "chalk": "^5.3.0",
@@ -203,3 +203,3 @@ "ci-info": "^4.0.0",
     "@npmcli/eslint-config": "^4.0.2",
-    "@npmcli/git": "^5.0.3",
+    "@npmcli/git": "^5.0.4",
     "@npmcli/mock-globals": "^1.0.0",
@@ -215,3 +215,3 @@ "@npmcli/mock-registry": "^1.0.0",
     "nock": "^13.4.0",
-    "npm-packlist": "^8.0.1",
+    "npm-packlist": "^8.0.2",
     "remark": "^14.0.2",
@@ -218,0 +218,0 @@ "remark-gfm": "^3.0.1",

Fixed alerts

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Minified code

Quality

This package contains minified code. This may be harmless in some cases where minified code is included in packaged libraries, however packages on npm should not minify code.

Found 1 instance in 1 package

Unidentified License

License

(Experimental) Something that seems like a license was found, but its contents could not be matched with a known license

Found 2 instances in 1 package

Improved metrics

Number of low license alerts

8

decreased by-20%

Number of low quality alerts

0

decreased by-100%

Number of low supply chain risk alerts

291

decreased by-2.02%

Worsened metrics

Total package byte prevSize

9958957

decreased by-4.53%

Number of package files

1992

decreased by-4.96%

Lines of code

135684

decreased by-8.77%

Dependency changes

• Updated@npmcli/promise-spawn@^7.0.1

• Updated@npmcli/run-script@^7.0.3

• Updatedcacache@^18.0.2