.commitlintrc.js

@@ -0,0 +1,10 @@
+/* This file is automatically added by @npmcli/template-oss. Do not edit. */
+
+module.exports = {
+  extends: ['@commitlint/config-conventional'],
+  rules: {
+    'type-enum': [2, 'always', ['feat', 'fix', 'docs', 'deps', 'chore']],
+    'header-max-length': [2, 'always', 80],
+    'subject-case': [0, 'always', ['lower-case', 'sentence-case', 'start-case']],
+  },
+}

.eslintrc.js

@@ -1,3 +1,7 @@
+/* This file is automatically added by @npmcli/template-oss. Do not edit. */
+
+'use strict'
+
 const { readdirSync: readdir } = require('fs')
 
 const localConfigs = readdir(__dirname)
@@ -6,6 +10,13 @@ const localConfigs = readdir(__dirname)
 
 module.exports = {
   root: true,
+  ignorePatterns: [
+    'docs/**',
+    'smoke-tests/**',
+    'mock-globals/**',
+    'mock-registry/**',
+    'workspaces/**',
+  ],
   extends: [
     '@npmcli',
     ...localConfigs,

.eslintrc.local.js

@@ -0,0 +1,37 @@
+const { resolve, relative } = require('path')
+
+// Create an override to lockdown a file to es6 syntax only
+// and only allow it to require an allowlist of files
+const rel = (p) => relative(__dirname, resolve(__dirname, p))
+const braces = (a) => a.length > 1 ? `{${a.map(rel).join(',')}}` : a[0]
+
+const es6Files = (e) => Object.entries(e).map(([file, allow]) => ({
+  files: `./${rel(file)}`,
+  parserOptions: {
+    ecmaVersion: 6,
+  },
+  rules: Array.isArray(allow) ? {
+    'node/no-restricted-require': ['error', [{
+      name: ['/**', `!${__dirname}/${braces(allow)}`],
+      message: `This file can only require: ${allow.join(',')}`,
+    }]],
+  } : {},
+}))
+
+module.exports = {
+  rules: {
+    'no-console': 'error',
+  },
+  overrides: es6Files({
+    'index.js': ['lib/cli.js'],
+    'bin/npm-cli.js': ['lib/cli.js'],
+    'lib/cli.js': ['lib/es6/validate-engines.js'],
+    'lib/es6/validate-engines.js': ['package.json'],
+    // TODO: This file should also have its requires restricted as well since it
+    // is an entry point but it currently pulls in config definitions which have
+    // a large require graph, so that is not currently feasible. A future config
+    // refactor should keep that in mind and see if only config definitions can
+    // be exported in a way that is compatible with ES6.
+    'bin/npx-cli.js': null,
+  }),
+}

.gitattributes

@@ -1,2 +1,27 @@
-/node_modules/**    linguist-generated=false
-/package-lock.json  linguist-generated=false
+# normalize all line endings by default
+* text=auto
+
+# our shell/bin scripts always need to be LF
+/bin/* text eol=lf
+/workspaces/arborist/bin/index.js text eol=lf
+/configure text eol=lf
+
+# our cmd scripts always need to be CRLF
+/bin/*.cmd text eol=crlf
+
+# ignore all line endings in node_modules since we dont control that
+/node_modules/** -text
+
+# the files we write should be LF so they can be generated cross platform
+/node_modules/.gitignore text eol=lf
+/workspaces/arborist/test/fixtures/.gitignore text eol=lf
+/DEPENDENCIES.md text eol=lf
+/AUTHORS text eol=lf
+
+# fixture tarballs should be treated as binary
+/workspaces/*/test/fixtures/**/*.tgz binary
+
+# these hint to GitHub to show these files as not generated so they default to
+# showing the full diff in pull requests
+/node_modules/** linguist-generated=false
+/package-lock.json linguist-generated=false

.github/CODEOWNERS

@@ -1 +1,3 @@
-*	@npm/cli-team
+# This file is automatically added by @npmcli/template-oss. Do not edit.
+
+* @npm/cli-team

.github/ISSUE_TEMPLATE/bug_9.yml

@@ -0,0 +1,63 @@
+name: 🐞 Bug v9
+description: File a bug/issue against v9.x
+title: "[BUG] <title>"
+labels: [Bug, Needs Triage, Release 9.x]
+body:
+- type: checkboxes
+  attributes:
+    label: Is there an existing issue for this?
+    description: Please [search here](https://github.com/npm/cli/issues) to see if an issue already exists for your problem.
+    options:
+    - label: I have searched the existing issues
+      required: true
+- type: checkboxes
+  attributes:
+    label: This issue exists in the latest npm version
+    description: Please make sure you have installed the latest npm and verified it is still an issue.
+    options:
+    - label: I am using the latest npm
+      required: true
+- type: textarea
+  attributes:
+    label: Current Behavior
+    description: A clear & concise description of what you're experiencing.
+  validations:
+    required: false
+- type: textarea
+  attributes:
+    label: Expected Behavior
+    description: A clear & concise description of what you expected to happen.
+  validations:
+    required: false
+- type: textarea
+  attributes:
+    label: Steps To Reproduce
+    description: Steps to reproduce the behavior.
+    value: |
+      1. In this environment...
+      2. With this config...
+      3. Run '...'
+      4. See error...
+  validations:
+    required: false
+- type: textarea
+  attributes:
+    label: Environment
+    description: |
+      examples:
+        - **`npm -v`**: **npm**: 7.6.3
+        - **`node -v`**: **Node.js**: 13.14.0
+        - **OS Name**: Ubuntu 20.04
+        - **System Model Name**: Macbook Pro
+        - **`npm config ls`**: `; "user" config from ...`
+    value: |
+        - npm:
+        - Node.js:
+        - OS Name:
+        - System Model Name:
+        - npm config:
+        ```ini
+        ; copy and paste output from `npm config ls` here
+        ```
+  validations:
+    required: false

.github/matchers/tap.json

@@ -0,0 +1,32 @@
+{
+  "//@npmcli/template-oss": "This file is automatically added by @npmcli/template-oss. Do not edit.",
+  "problemMatcher": [
+    {
+      "owner": "tap",
+      "pattern": [
+        {
+          "regexp": "^\\s*not ok \\d+ - (.*)",
+          "message": 1
+        },
+        {
+          "regexp": "^\\s*---"
+        },
+        {
+          "regexp": "^\\s*at:"
+        },
+        {
+          "regexp": "^\\s*line:\\s*(\\d+)",
+          "line": 1
+        },
+        {
+          "regexp": "^\\s*column:\\s*(\\d+)",
+          "column": 1
+        },
+        {
+          "regexp": "^\\s*file:\\s*(.*)",
+          "file": 1
+        }
+      ]
+    }
+  ]
+}

.github/workflows/audit.yml

@@ -0,0 +1,39 @@
+# This file is automatically added by @npmcli/template-oss. Do not edit.
+
+name: Audit
+
+on:
+  workflow_dispatch:
+  schedule:
+    # "At 08:00 UTC (01:00 PT) on Monday" https://crontab.guru/#0_8_*_*_1
+    - cron: "0 8 * * 1"
+
+jobs:
+  audit:
+    name: Audit Dependencies
+    if: github.repository_owner == 'npm'
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: bash
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Setup Git User
+        run: |
+          git config --global user.email "npm-cli+bot@github.com"
+          git config --global user.name "npm CLI robot"
+      - name: Setup Node
+        uses: actions/setup-node@v3
+        with:
+          node-version: 20.x
+          cache: npm
+          check-latest: true
+      - name: Check Git Status
+        run: node scripts/git-dirty.js
+      - name: Reset Deps
+        run: node scripts/resetdeps.js --package-lock
+      - name: Run Production Audit
+        run: node . audit --omit=dev
+      - name: Run Full Audit
+        run: node . audit --audit-level=none