npm · lukekarrys · Jun 6, 2023 · Jun 1, 2023 · Jun 5, 2023 · Jun 5, 2023
@@ -218,6 +218,8 @@ graph LR;
  npmcli-package-json-->json-parse-even-better-errors;
  npmcli-package-json-->normalize-package-data;
  npmcli-package-json-->npm-normalize-package-bin;
+ npmcli-package-json-->npmcli-git["@npmcli/git"];
+ npmcli-package-json-->proc-log;
  npmcli-run-script-->npmcli-node-gyp["@npmcli/node-gyp"];
  npmcli-run-script-->npmcli-promise-spawn["@npmcli/promise-spawn"];
  npmcli-run-script-->read-package-json-fast;
@@ -690,6 +692,7 @@ graph LR;
  npmcli-mock-globals-->npmcli-eslint-config["@npmcli/eslint-config"];
  npmcli-mock-globals-->npmcli-template-oss["@npmcli/template-oss"];
  npmcli-mock-globals-->tap;
+ npmcli-mock-registry-->json-stringify-safe;
  npmcli-mock-registry-->nock;
  npmcli-mock-registry-->npm-package-arg;
  npmcli-mock-registry-->npmcli-arborist["@npmcli/arborist"];
@@ -703,6 +706,8 @@ graph LR;
  npmcli-package-json-->json-parse-even-better-errors;
  npmcli-package-json-->normalize-package-data;
  npmcli-package-json-->npm-normalize-package-bin;
+ npmcli-package-json-->npmcli-git["@npmcli/git"];
+ npmcli-package-json-->proc-log;
  npmcli-promise-spawn-->which;
  npmcli-query-->postcss-selector-parser;
  npmcli-run-script-->node-gyp;
@@ -821,8 +826,8 @@ packages higher up the chain.
  - @npmcli/arborist
  - @npmcli/metavuln-calculator
  - pacote, libnpmhook, libnpmorg, libnpmsearch, libnpmteam, npm-profile
- - npm-registry-fetch, libnpmversion
+ - npm-registry-fetch, @npmcli/package-json, libnpmversion
  - @npmcli/git, make-fetch-happen, @npmcli/config, init-package-json
- - @npmcli/installed-package-contents, @npmcli/map-workspaces, cacache, npm-pick-manifest, @npmcli/run-script, read-package-json, @npmcli/package-json, promzard
+ - @npmcli/installed-package-contents, @npmcli/map-workspaces, cacache, npm-pick-manifest, @npmcli/run-script, read-package-json, promzard
  - @npmcli/docs, @npmcli/fs, npm-bundled, read-package-json-fast, unique-filename, npm-install-checks, npm-package-arg, npm-packlist, normalize-package-data, bin-links, nopt, npmlog, parse-conflict-json, @npmcli/mock-globals, read
  - @npmcli/eslint-config, @npmcli/template-oss, ignore-walk, semver, npm-normalize-package-bin, @npmcli/name-from-folder, json-parse-even-better-errors, fs-minipass, ssri, unique-slug, @npmcli/promise-spawn, hosted-git-info, proc-log, validate-npm-package-name, @npmcli/node-gyp, minipass-fetch, @npmcli/query, cmd-shim, read-cmd-shim, write-file-atomic, abbrev, are-we-there-yet, gauge, minify-registry-metadata, ini, @npmcli/disparity-colors, mute-stream, npm-audit-report, npm-user-validate
@@ -2,6 +2,7 @@ const pacote = require('pacote')
 const Arborist = require('@npmcli/arborist')
 const npa = require('npm-package-arg')
 const Nock = require('nock')
+const stringify = require('json-stringify-safe')
 
 class MockRegistry {
  #tap
@@ -39,7 +40,7 @@ class MockRegistry {
  // mocked with a 404, 500, etc.
  // XXX: this is opt-in currently because it breaks some existing CLI
  // tests. We should work towards making this the default for all tests.
- t.fail(`Unmatched request: ${JSON.stringify(req, null, 2)}`)
+ t.fail(`Unmatched request: ${stringify(req, null, 2)}`)
  }
  }
 
@@ -337,9 +338,9 @@ class MockRegistry {
  }
  nock = nock.reply(200, manifest)
  if (tarballs) {
- for (const version in tarballs) {
+ for (const [version, tarball] of Object.entries(tarballs)) {
  const m = manifest.versions[version]
- nock = await this.tarball({ manifest: m, tarball: tarballs[version] })
+ nock = await this.tarball({ manifest: m, tarball })
  }
  }
  this.nock = nock

@@ -47,6 +47,7 @@
  "@npmcli/arborist": "^6.1.1",
  "@npmcli/eslint-config": "^4.0.1",
  "@npmcli/template-oss": "4.14.1",
+ "json-stringify-safe": "^5.0.1",
  "nock": "^13.3.0",
  "npm-package-arg": "^10.1.0",
  "pacote": "^15.0.8",

@@ -1,15 +1,15 @@
 const is = require('./is.js')
 const { dirname } = require('path')
 
-module.exports = async ({ cwd = process.cwd() } = {}) => {
- if (await is({ cwd })) {
- return cwd
- }
- while (cwd !== dirname(cwd)) {
- cwd = dirname(cwd)
+module.exports = async ({ cwd = process.cwd(), root } = {}) => {
+ while (true) {
  if (await is({ cwd })) {
  return cwd
  }
+ const next = dirname(cwd)
+ if (cwd === root || cwd === next) {
+ return null
+ }
+ cwd = next
  }
- return null
 }
@@ -1,6 +1,6 @@
 {
  "name": "@npmcli/git",
- "version": "4.0.4",
+ "version": "4.1.0",
  "main": "lib/index.js",
  "files": [
  "bin/",
@@ -23,16 +23,15 @@
  "template-oss-apply": "template-oss-apply --force"
  },
  "tap": {
- "check-coverage": true,
- "coverage-map": "map.js",
+ "timeout": 600,
  "nyc-arg": [
  "--exclude",
  "tap-snapshots/**"
  ]
  },
  "devDependencies": {
  "@npmcli/eslint-config": "^4.0.0",
- "@npmcli/template-oss": "4.12.0",
+ "@npmcli/template-oss": "4.15.1",
  "npm-package-arg": "^10.0.0",
  "slash": "^3.0.0",
  "tap": "^16.0.1"
@@ -52,7 +51,7 @@
  },
  "templateOSS": {
  "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
- "windowsCI": false,
- "version": "4.12.0"
+ "version": "4.15.1",
+ "publish": true
  }
 }
@@ -38,6 +38,7 @@ class PackageJson {
  '_attributes',
  'bundledDependencies',
  'bundleDependencies',
+ 'bundleDependenciesDeleteFalse',
  'gypfile',
  'serverjs',
  'scriptpath',

@@ -3,10 +3,13 @@ const { glob } = require('glob')
 const normalizePackageBin = require('npm-normalize-package-bin')
 const normalizePackageData = require('normalize-package-data')
 const path = require('path')
+const log = require('proc-log')
+const git = require('@npmcli/git')
 
-const normalize = async (pkg, { strict, steps }) => {
+const normalize = async (pkg, { strict, steps, root }) => {
  const data = pkg.content
  const scripts = data.scripts || {}
+ const pkgId = `${data.name ?? ''}@${data.version ?? ''}`
 
  // remove attributes that start with "_"
  if (steps.includes('_attributes')) {
@@ -20,7 +23,7 @@ const normalize = async (pkg, { strict, steps }) => {
  // build the "_id" attribute
  if (steps.includes('_id')) {
  if (data.name && data.version) {
- data._id = `${data.name}@${data.version}`
+ data._id = pkgId
  }
  }
 
@@ -34,7 +37,9 @@ const normalize = async (pkg, { strict, steps }) => {
  // expand "bundleDependencies: true or translate from object"
  if (steps.includes('bundleDependencies')) {
  const bd = data.bundleDependencies
- if (bd === true) {
+ if (bd === false && !steps.includes('bundleDependenciesDeleteFalse')) {
+ data.bundleDependencies = []
+ } else if (bd === true) {
  data.bundleDependencies = Object.keys(data.dependencies || {})
  } else if (bd && typeof bd === 'object') {
  if (!Array.isArray(bd)) {
@@ -158,7 +163,7 @@ const normalize = async (pkg, { strict, steps }) => {
  }
 
  // expand "directories.bin"
- if (steps.includes('binDir') && data.directories?.bin) {
+ if (steps.includes('binDir') && data.directories?.bin && !data.bin) {
  const binsDir = path.resolve(pkg.path, path.join('.', path.join('/', data.directories.bin)))
  const bins = await glob('**', { cwd: binsDir })
  data.bin = bins.reduce((acc, binFile) => {
@@ -174,25 +179,28 @@ const normalize = async (pkg, { strict, steps }) => {
 
  // populate "gitHead" attribute
  if (steps.includes('gitHead') && !data.gitHead) {
+ const gitRoot = await git.find({ cwd: pkg.path, root })
  let head
- try {
- head = await fs.readFile(path.resolve(pkg.path, '.git/HEAD'), 'utf8')
- } catch (err) {
+ if (gitRoot) {
+ try {
+ head = await fs.readFile(path.resolve(gitRoot, '.git/HEAD'), 'utf8')
+ } catch (err) {
  // do nothing
+ }
  }
  let headData
  if (head) {
  if (head.startsWith('ref: ')) {
  const headRef = head.replace(/^ref: /, '').trim()
- const headFile = path.resolve(pkg.path, '.git', headRef)
+ const headFile = path.resolve(gitRoot, '.git', headRef)
  try {
  headData = await fs.readFile(headFile, 'utf8')
  headData = headData.replace(/^ref: /, '').trim()
  } catch (err) {
  // do nothing
  }
  if (!headData) {
- const packFile = path.resolve(pkg.path, '.git/packed-refs')
+ const packFile = path.resolve(gitRoot, '.git/packed-refs')
  try {
  let refs = await fs.readFile(packFile, 'utf8')
  if (refs) {
@@ -271,11 +279,11 @@ const normalize = async (pkg, { strict, steps }) => {
  // in normalize-package-data if it had access to the file path.
  if (steps.includes('binRefs') && data.bin instanceof Object) {
  for (const key in data.bin) {
- const binPath = path.resolve(pkg.path, data.bin[key])
  try {
- await fs.access(binPath)
+ await fs.access(path.resolve(pkg.path, data.bin[key]))
  } catch {
- delete data.bin[key]
+ log.warn('package-json', pkgId, `No bin file found at ${data.bin[key]}`)
+ // XXX: should a future breaking change delete bin entries that cannot be accessed?
  }
  }
  }

@@ -1,6 +1,6 @@
 {
  "name": "@npmcli/package-json",
- "version": "3.1.0",
+ "version": "3.1.1",
  "description": "Programmatic API to update package.json",
  "main": "lib/index.js",
  "files": [
@@ -26,13 +26,17 @@
  "devDependencies": {
  "@npmcli/eslint-config": "^4.0.0",
  "@npmcli/template-oss": "4.15.1",
+ "read-package-json": "^6.0.4",
+ "read-package-json-fast": "^3.0.2",
  "tap": "^16.0.1"
  },
  "dependencies": {
+ "@npmcli/git": "^4.1.0",
  "glob": "^10.2.2",
  "json-parse-even-better-errors": "^3.0.0",
  "normalize-package-data": "^5.0.0",
- "npm-normalize-package-bin": "^3.0.1"
+ "npm-normalize-package-bin": "^3.0.1",
+ "proc-log": "^3.0.0"
  },
  "repository": {
  "type": "git",

@@ -87,7 +87,7 @@
  "@npmcli/arborist": "^6.2.9",
  "@npmcli/config": "^6.2.0",
  "@npmcli/map-workspaces": "^3.0.4",
- "@npmcli/package-json": "^3.1.0",
+ "@npmcli/package-json": "^3.1.1",
  "@npmcli/run-script": "^6.0.2",
  "abbrev": "^2.0.0",
  "archy": "~1.0.0",
@@ -157,7 +157,7 @@
  "@npmcli/docs": "^1.0.0",
  "@npmcli/eslint-config": "^4.0.0",
  "@npmcli/fs": "^3.1.0",
- "@npmcli/git": "^4.0.4",
+ "@npmcli/git": "^4.1.0",
  "@npmcli/mock-globals": "^1.0.0",
  "@npmcli/mock-registry": "^1.0.0",
  "@npmcli/promise-spawn": "^6.0.2",
@@ -222,6 +222,7 @@
  "@npmcli/arborist": "^6.1.1",
  "@npmcli/eslint-config": "^4.0.1",
  "@npmcli/template-oss": "4.14.1",
+ "json-stringify-safe": "^5.0.1",
  "nock": "^13.3.0",
  "npm-package-arg": "^10.1.0",
  "pacote": "^15.0.8",
@@ -2289,9 +2290,9 @@
  }
  },
  "node_modules/@npmcli/git": {
- "version": "4.0.4",
- "resolved": "https://registry.npmjs.org/@npmcli/git/-/git-4.0.4.tgz",
- "integrity": "sha512-5yZghx+u5M47LghaybLCkdSyFzV/w4OuH12d96HO389Ik9CDsLaDZJVynSGGVJOLn6gy/k7Dz5XYcplM3uxXRg==",
+ "version": "4.1.0",
+ "resolved": "https://registry.npmjs.org/@npmcli/git/-/git-4.1.0.tgz",
+ "integrity": "sha512-9hwoB3gStVfa0N31ymBmrX+GuDGdVA/QWShZVqE0HK2Af+7QGGrCTbZia/SW0ImUTjTne7SP91qxDmtXvDHRPQ==",
  "inBundle": true,
  "dependencies": {
  "@npmcli/promise-spawn": "^6.0.0",
@@ -2393,15 +2394,17 @@
  }
  },
  "node_modules/@npmcli/package-json": {
- "version": "3.1.0",
- "resolved": "https://registry.npmjs.org/@npmcli/package-json/-/package-json-3.1.0.tgz",
- "integrity": "sha512-qNPy6Yf9ruFST99xcrl5EWAvrb7qFrwgVbwdzcTJlIgxbArKOq5e/bgZ6rTL1X9hDgAdPbvL8RWx/OTLSB0ToA==",
+ "version": "3.1.1",
+ "resolved": "https://registry.npmjs.org/@npmcli/package-json/-/package-json-3.1.1.tgz",
+ "integrity": "sha512-+UW0UWOYFKCkvszLoTwrYGrjNrT8tI5Ckeb/h+Z1y1fsNJEctl7HmerA5j2FgmoqFaLI2gsA1X9KgMFqx/bRmA==",
  "inBundle": true,
  "dependencies": {
+ "@npmcli/git": "^4.1.0",
  "glob": "^10.2.2",
  "json-parse-even-better-errors": "^3.0.0",
  "normalize-package-data": "^5.0.0",
- "npm-normalize-package-bin": "^3.0.1"
+ "npm-normalize-package-bin": "^3.0.1",
+ "proc-log": "^3.0.0"
  },
  "engines": {
  "node": "^14.17.0 || ^16.13.0 || >=18.0.0"

@@ -57,7 +57,7 @@
  "@npmcli/arborist": "^6.2.9",
  "@npmcli/config": "^6.2.0",
  "@npmcli/map-workspaces": "^3.0.4",
- "@npmcli/package-json": "^3.1.0",
+ "@npmcli/package-json": "^3.1.1",
  "@npmcli/run-script": "^6.0.2",
  "abbrev": "^2.0.0",
  "archy": "~1.0.0",
@@ -190,7 +190,7 @@
  "@npmcli/docs": "^1.0.0",
  "@npmcli/eslint-config": "^4.0.0",
  "@npmcli/fs": "^3.1.0",
- "@npmcli/git": "^4.0.4",
+ "@npmcli/git": "^4.1.0",
  "@npmcli/mock-globals": "^1.0.0",
  "@npmcli/mock-registry": "^1.0.0",
  "@npmcli/promise-spawn": "^6.0.2",