chore: add template oss

.eslintrc.js

@@ -0,0 +1,17 @@
+/* This file is automatically added by @npmcli/template-oss. Do not edit. */
+
+'use strict'
+
+const { readdirSync: readdir } = require('fs')
+
+const localConfigs = readdir(__dirname)
+  .filter((file) => file.startsWith('.eslintrc.local.'))
+  .map((file) => `./${file}`)
+
+module.exports = {
+  root: true,
+  extends: [
+    '@npmcli',
+    ...localConfigs,
+  ],
+}

.github/CODEOWNERS

@@ -0,0 +1,3 @@
+# This file is automatically added by @npmcli/template-oss. Do not edit.
+
+* @npm/cli-team

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,3 @@
+# This file is automatically added by @npmcli/template-oss. Do not edit.
+
+blank_issues_enabled: true

.github/dependabot.yml

@@ -0,0 +1,17 @@
+# This file is automatically added by @npmcli/template-oss. Do not edit.
+
+version: 2
+
+updates:
+  - package-ecosystem: npm
+    directory: /
+    schedule:
+      interval: daily
+    allow:
+      - dependency-type: direct
+    versioning-strategy: increase-if-necessary
+    commit-message:
+      prefix: deps
+      prefix-development: chore
+    labels:
+      - "Dependencies"

.github/matchers/tap.json

@@ -0,0 +1,32 @@
+{
+  "//@npmcli/template-oss": "This file is automatically added by @npmcli/template-oss. Do not edit.",
+  "problemMatcher": [
+    {
+      "owner": "tap",
+      "pattern": [
+        {
+          "regexp": "^\\s*not ok \\d+ - (.*)",
+          "message": 1
+        },
+        {
+          "regexp": "^\\s*---"
+        },
+        {
+          "regexp": "^\\s*at:"
+        },
+        {
+          "regexp": "^\\s*line:\\s*(\\d+)",
+          "line": 1
+        },
+        {
+          "regexp": "^\\s*column:\\s*(\\d+)",
+          "column": 1
+        },
+        {
+          "regexp": "^\\s*file:\\s*(.*)",
+          "file": 1
+        }
+      ]
+    }
+  ]
+}

.github/workflows/audit.yml

@@ -0,0 +1,39 @@
+# This file is automatically added by @npmcli/template-oss. Do not edit.
+
+name: Audit
+
+on:
+  workflow_dispatch:
+  schedule:
+    # "At 08:00 UTC (01:00 PT) on Monday" https://crontab.guru/#0_8_*_*_1
+    - cron: "0 8 * * 1"
+
+jobs:
+  audit:
+    name: Audit Dependencies
+    if: github.repository_owner == 'npm'
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: bash
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Setup Git User
+        run: |
+          git config --global user.email "[email protected]"
+          git config --global user.name "npm CLI robot"
+      - name: Setup Node
+        uses: actions/setup-node@v3
+        with:
+          node-version: 18.x
+      - name: Install npm@latest
+        run: npm i --prefer-online --no-fund --no-audit -g npm@latest
+      - name: npm Version
+        run: npm -v
+      - name: Install Dependencies
+        run: npm i --ignore-scripts --no-audit --no-fund --package-lock
+      - name: Run Production Audit
+        run: npm audit --omit=dev
+      - name: Run Full Audit
+        run: npm audit --audit-level=none

.github/workflows/ci.yml

@@ -0,0 +1,96 @@
+# This file is automatically added by @npmcli/template-oss. Do not edit.
+
+name: CI
+
+on:
+  workflow_dispatch:
+  pull_request:
+  push:
+    branches:
+      - main
+      - latest
+  schedule:
+    # "At 09:00 UTC (02:00 PT) on Monday" https://crontab.guru/#0_9_*_*_1
+    - cron: "0 9 * * 1"
+
+jobs:
+  lint:
+    name: Lint
+    if: github.repository_owner == 'npm'
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: bash
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Setup Git User
+        run: |
+          git config --global user.email "[email protected]"
+          git config --global user.name "npm CLI robot"
+      - name: Setup Node
+        uses: actions/setup-node@v3
+        with:
+          node-version: 18.x
+      - name: Install npm@latest
+        run: npm i --prefer-online --no-fund --no-audit -g npm@latest
+      - name: npm Version
+        run: npm -v
+      - name: Install Dependencies
+        run: npm i --ignore-scripts --no-audit --no-fund
+      - name: Lint
+        run: npm run lint --ignore-scripts
+      - name: Post Lint
+        run: npm run postlint --ignore-scripts
+
+  test:
+    name: Test - ${{ matrix.platform.name }} - ${{ matrix.node-version }}
+    if: github.repository_owner == 'npm'
+    strategy:
+      fail-fast: false
+      matrix:
+        platform:
+          - name: Linux
+            os: ubuntu-latest
+            shell: bash
+        node-version:
+          - 18.x
+    runs-on: ${{ matrix.platform.os }}
+    defaults:
+      run:
+        shell: ${{ matrix.platform.shell }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Setup Git User
+        run: |
+          git config --global user.email "[email protected]"
+          git config --global user.name "npm CLI robot"
+      - name: Setup Node
+        uses: actions/setup-node@v3
+        with:
+          node-version: ${{ matrix.node-version }}
+      - name: Update Windows npm
+        # node 12 and 14 ship with npm@6, which is known to fail when updating itself in windows
+        if: matrix.platform.os == 'windows-latest' && (startsWith(matrix.node-version, '12.') || startsWith(matrix.node-version, '14.'))
+        run: |
+          curl -sO https://registry.npmjs.org/npm/-/npm-7.5.4.tgz
+          tar xf npm-7.5.4.tgz
+          cd package
+          node lib/npm.js install --no-fund --no-audit -g ..\npm-7.5.4.tgz
+          cd ..
+          rmdir /s /q package
+      - name: Install npm@7
+        if: startsWith(matrix.node-version, '10.')
+        run: npm i --prefer-online --no-fund --no-audit -g npm@7
+      - name: Install npm@latest
+        if: ${{ !startsWith(matrix.node-version, '10.') }}
+        run: npm i --prefer-online --no-fund --no-audit -g npm@latest
+      - name: npm Version
+        run: npm -v
+      - name: Install Dependencies
+        run: npm i --ignore-scripts --no-audit --no-fund
+      - name: Add Problem Matcher
+        run: echo "::add-matcher::.github/matchers/tap.json"
+      - name: Test
+        run: npm test --ignore-scripts

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,38 @@
+# This file is automatically added by @npmcli/template-oss. Do not edit.
+
+name: CodeQL
+
+on:
+  push:
+    branches:
+      - main
+      - latest
+  pull_request:
+    branches:
+      - main
+      - latest
+  schedule:
+    # "At 10:00 UTC (03:00 PT) on Monday" https://crontab.guru/#0_10_*_*_1
+    - cron: "0 10 * * 1"
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Setup Git User
+        run: |
+          git config --global user.email "[email protected]"
+          git config --global user.name "npm CLI robot"
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: javascript
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2

.github/workflows/post-dependabot.yml

@@ -0,0 +1,121 @@
+# This file is automatically added by @npmcli/template-oss. Do not edit.
+
+name: Post Dependabot
+
+on: pull_request
+
+permissions:
+  contents: write
+
+jobs:
+  template-oss:
+    name: template-oss
+    if: github.repository_owner == 'npm' && github.actor == 'dependabot[bot]'
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: bash
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ github.event.pull_request.head.ref }}
+      - name: Setup Git User
+        run: |
+          git config --global user.email "[email protected]"
+          git config --global user.name "npm CLI robot"
+      - name: Setup Node
+        uses: actions/setup-node@v3
+        with:
+          node-version: 18.x
+      - name: Install npm@latest
+        run: npm i --prefer-online --no-fund --no-audit -g npm@latest
+      - name: npm Version
+        run: npm -v
+      - name: Install Dependencies
+        run: npm i --ignore-scripts --no-audit --no-fund
+      - name: Fetch Dependabot Metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v1
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      # Dependabot can update multiple directories so we output which directory
+      # it is acting on so we can run the command for the correct root or workspace
+      - name: Get Dependabot Directory
+        if: contains(steps.metadata.outputs.dependency-names, '@npmcli/template-oss')
+        id: flags
+        run: |
+          dependabot_dir="${{ steps.metadata.outputs.directory }}"
+          if [[ "$dependabot_dir" == "/" ]]; then
+            echo "::set-output name=workspace::-iwr"
+          else
+            # strip leading slash from directory so it works as a
+            # a path to the workspace flag
+            echo "::set-output name=workspace::-w ${dependabot_dir#/}"
+          fi
+
+      - name: Apply Changes
+        if: steps.flags.outputs.workspace
+        id: apply
+        run: |
+          npm run template-oss-apply ${{ steps.flags.outputs.workspace }}
+          if [[ `git status --porcelain` ]]; then
+            echo "::set-output name=changes::true"
+          fi
+          # This only sets the conventional commit prefix. This workflow can't reliably determine
+          # what the breaking change is though. If a BREAKING CHANGE message is required then
+          # this PR check will fail and the commit will be amended with stafftools
+          if [[ "${{ steps.metadata.outputs.update-type }}" == "version-update:semver-major" ]]; then
+            prefix='feat!'
+          else
+            prefix='chore'
+          fi
+          echo "::set-output name=message::$prefix: postinstall for dependabot template-oss PR"
+
+      # This step will fail if template-oss has made any workflow updates. It is impossible
+      # for a workflow to update other workflows. In the case it does fail, we continue
+      # and then try to apply only a portion of the changes in the next step
+      - name: Push All Changes
+        if: steps.apply.outputs.changes
+        id: push
+        continue-on-error: true
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          git commit -am "${{ steps.apply.outputs.message }}"
+          git push
+
+      # If the previous step failed, then reset the commit and remove any workflow changes
+      # and attempt to commit and push again. This is helpful because we will have a commit
+      # with the correct prefix that we can then --amend with @npmcli/stafftools later.
+      - name: Push All Changes Except Workflows
+        if: steps.apply.outputs.changes && steps.push.outcome == 'failure'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          git reset HEAD~
+          git checkout HEAD -- .github/workflows/
+          git clean -fd .github/workflows/
+          git commit -am "${{ steps.apply.outputs.message }}"
+          git push
+
+      # Check if all the necessary template-oss changes were applied. Since we continued
+      # on errors in one of the previous steps, this check will fail if our follow up
+      # only applied a portion of the changes and we need to followup manually.
+      #
+      # Note that this used to run `lint` and `postlint` but that will fail this action
+      # if we've also shipped any linting changes separate from template-oss. We do
+      # linting in another action, so we want to fail this one only if there are
+      # template-oss changes that could not be applied.
+      - name: Check Changes
+        if: steps.apply.outputs.changes
+        run: |
+          npm exec --offline ${{ steps.flags.outputs.workspace }} -- template-oss-check
+
+      - name: Fail on Breaking Change
+        if: steps.apply.outputs.changes && startsWith(steps.apply.outputs.message, 'feat!')
+        run: |
+          echo "This PR has a breaking change. Run 'npx -p @npmcli/stafftools gh template-oss-fix'"
+          echo "for more information on how to fix this with a BREAKING CHANGE footer."
+          exit 1