Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: npm/npm-packlist
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 01c4799e285465a3e60f6d4f70140b5ecb9338d8
Choose a base ref
...
head repository: npm/npm-packlist
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 6a805d1934405f472eab3827da609e59f5c6d545
Choose a head ref
  • 4 commits
  • 38 files changed
  • 4 contributors

Commits on Sep 21, 2022

  1. chore: bump @npmcli/template-oss from 3.6.0 to 4.3.2 

    Bumps [@npmcli/template-oss](https://github.com/npm/template-oss) from 3.6.0 to 4.3.2.
- [Release notes](https://github.com/npm/template-oss/releases)
- [Changelog](https://github.com/npm/template-oss/blob/main/CHANGELOG.md)
- [Commits](npm/template-oss@v3.6.0...v4.3.2)

---
updated-dependencies:
- dependency-name: @npmcli/template-oss
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
    @dependabot @lukekarrys
    dependabot[bot] authored and lukekarrys committed Sep 21, 2022

    Unverified

    This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
    Learn about vigilant mode
    Copy the full SHA
    925c5b8 View commit details

  2. feat!: postinstall for dependabot template-oss PR 

    BREAKING CHANGE: `npm-packlist` is now compatible with the following semver range for node: `^14.17.0 || ^16.13.0 || >=18.0.0`
    @lukekarrys
    lukekarrys committed Sep 21, 2022
    Copy the full SHA
    a2c96ef View commit details

  3. feat: change interactions between files array and ignore files to b… 

    …e more consistent (#88)

BREAKING CHANGE: this module now follows a strict order of operations when applying ignore rules. if a `files` array is present in the package.json, then rules in `.gitignore` and `.npmignore` files from the root will be ignored.
    @nlf
    nlf authored Sep 21, 2022
    Copy the full SHA
    c37371b View commit details

  4. chore: release 6.0.0 (#124) 

    Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
    @github-actions
    github-actions[bot] authored Sep 21, 2022
    Copy the full SHA
    6a805d1 View commit details
Showing with 1,340 additions and 760 deletions.
  1. +1 −1 .github/dependabot.yml
  2. +1 −1 .github/matchers/tap.json
  3. +18 −8 .github/workflows/audit.yml
  4. +154 −0 .github/workflows/ci-release.yml
  5. +50 −31 .github/workflows/ci.yml
  6. +7 −13 .github/workflows/codeql-analysis.yml
  7. +67 −19 .github/workflows/post-dependabot.yml
  8. +26 −16 .github/workflows/pull-request.yml
  9. +0 −26 .github/workflows/release-please.yml
  10. +234 −0 .github/workflows/release.yml
  11. +13 −11 .gitignore
  12. +3 −0 .release-please-manifest.json
  13. +12 −0 CHANGELOG.md
  14. +13 −56 README.md
  15. +359 −412 lib/index.js
  16. +11 −12 package.json
  17. +36 −0 release-please-config.json
  18. +33 −0 test/bundle-missing-dep.js
  19. +53 −0 test/bundled-cycle.js
  20. +88 −0 test/bundled-file-in-workspace.js
  21. +8 −2 test/bundled-files.js
  22. +3 −0 test/bundled-scoped-symlink.js
  23. +3 −0 test/bundled-scoped.js
  24. +3 −0 test/bundled-symlink.js
  25. +54 −0 test/bundled-workspace.js
  26. +8 −2 test/bundled.js
  27. +62 −0 test/cannot-include-non-file-or-directory.js
  28. +0 −77 test/package-json-cache.js
  29. +0 −1 test/package-json-files-and-containing-dir.js
  30. +3 −3 test/package-json-files-including-npmignore.js
  31. +0 −1 test/package-json-files-nested-dir-and-nested-ignore.js
  32. +0 −1 test/package-json-files-no-dir-nested-npmignore.js
  33. +0 −28 test/package-json-glob-fails.js
  34. +6 −6 test/package-json-nested-readme-include-npmignore.js
  35. +0 −31 test/package-json-read-fail.js
  36. +4 −0 test/package-json-roots-and-nests.js
  37. +3 −0 test/scoped.js
  38. +4 −2 test/workspace.js
2 changes: 1 addition & 1 deletion .github/dependabot.yml
View file
Original file line number Diff line number Diff line change
@@ -4,7 +4,7 @@ version: 2

updates:
- package-ecosystem: npm
directory: "/"
directory: /
schedule:
interval: daily
allow:
2 changes: 1 addition & 1 deletion .github/matchers/tap.json
View file
Original file line number Diff line number Diff line change
@@ -29,4 +29,4 @@
]
}
]
}
}
26 changes: 18 additions & 8 deletions .github/workflows/audit.yml
View file
Original file line number Diff line number Diff line change
@@ -10,18 +10,28 @@ on:

jobs:
audit:
name: Audit Dependencies
if: github.repository_owner == 'npm'
runs-on: ubuntu-latest
defaults:
run:
shell: bash
steps:
- uses: actions/checkout@v3
- name: Setup git user
- name: Checkout
uses: actions/checkout@v3
- name: Setup Git User
run: |
git config --global user.email "npm-cli+bot@github.com"
git config --global user.name "npm CLI robot"
- uses: actions/setup-node@v3
- name: Setup Node
uses: actions/setup-node@v3
with:
node-version: 16.x
- name: Update npm to latest
node-version: 18.x
- name: Install npm@latest
run: npm i --prefer-online --no-fund --no-audit -g npm@latest
- run: npm -v
- run: npm i --ignore-scripts --no-audit --no-fund --package-lock
- run: npm audit
- name: npm Version
run: npm -v
- name: Install Dependencies
run: npm i --ignore-scripts --no-audit --no-fund --package-lock
- name: Run Audit
run: npm audit
154 changes: 154 additions & 0 deletions .github/workflows/ci-release.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,154 @@
# This file is automatically added by @npmcli/template-oss. Do not edit.

name: CI - Release

on:
workflow_call:
inputs:
ref:
required: true
type: string
check-sha:
required: true
type: string

jobs:
lint-all:
name: Lint All
if: github.repository_owner == 'npm'
runs-on: ubuntu-latest
defaults:
run:
shell: bash
steps:
- name: Create Check
uses: LouisBrunner/checks-action@v1.3.1
id: check

with:
token: ${{ secrets.GITHUB_TOKEN }}
status: in_progress
name: Lint All
sha: ${{ inputs.check-sha }}
# XXX: this does not work when using the default GITHUB_TOKEN.
# Instead we post the main job url to the PR as a comment which
# will link to all the other checks. To work around this we would
# need to create a GitHub that would create on-demand tokens.
# https://github.com/LouisBrunner/checks-action/issues/18
# details_url:
- name: Checkout
uses: actions/checkout@v3
with:
ref: ${{ inputs.ref }}
- name: Setup Git User
run: |
git config --global user.email "npm-cli+bot@github.com"
git config --global user.name "npm CLI robot"
- name: Setup Node
uses: actions/setup-node@v3
with:
node-version: 18.x
- name: Install npm@latest
run: npm i --prefer-online --no-fund --no-audit -g npm@latest
- name: npm Version
run: npm -v
- name: Install Dependencies
run: npm i --ignore-scripts --no-audit --no-fund
- name: Lint
run: npm run lint --ignore-scripts
- name: Post Lint
run: npm run postlint --ignore-scripts
- name: Conclude Check
uses: LouisBrunner/checks-action@v1.3.1
if: always()
with:
token: ${{ secrets.GITHUB_TOKEN }}
conclusion: ${{ job.status }}
check_id: ${{ steps.check.outputs.check_id }}

test-all:
name: Test All - ${{ matrix.platform.name }} - ${{ matrix.node-version }}
if: github.repository_owner == 'npm'
strategy:
fail-fast: false
matrix:
platform:
- name: Linux
os: ubuntu-latest
shell: bash
- name: macOS
os: macos-latest
shell: bash
- name: Windows
os: windows-latest
shell: cmd
node-version:
- 14.17.0
- 14.x
- 16.13.0
- 16.x
- 18.0.0
- 18.x
runs-on: ${{ matrix.platform.os }}
defaults:
run:
shell: ${{ matrix.platform.shell }}
steps:
- name: Create Check
uses: LouisBrunner/checks-action@v1.3.1
id: check

with:
token: ${{ secrets.GITHUB_TOKEN }}
status: in_progress
name: Test All - ${{ matrix.platform.name }} - ${{ matrix.node-version }}
sha: ${{ inputs.check-sha }}
# XXX: this does not work when using the default GITHUB_TOKEN.
# Instead we post the main job url to the PR as a comment which
# will link to all the other checks. To work around this we would
# need to create a GitHub that would create on-demand tokens.
# https://github.com/LouisBrunner/checks-action/issues/18
# details_url:
- name: Checkout
uses: actions/checkout@v3
with:
ref: ${{ inputs.ref }}
- name: Setup Git User
run: |
git config --global user.email "npm-cli+bot@github.com"
git config --global user.name "npm CLI robot"
- name: Setup Node
uses: actions/setup-node@v3
with:
node-version: ${{ matrix.node-version }}
- name: Update Windows npm
# node 12 and 14 ship with npm@6, which is known to fail when updating itself in windows
if: matrix.platform.os == 'windows-latest' && (startsWith(matrix.node-version, '12.') || startsWith(matrix.node-version, '14.'))
run: |
curl -sO https://registry.npmjs.org/npm/-/npm-7.5.4.tgz
tar xf npm-7.5.4.tgz
cd package
node lib/npm.js install --no-fund --no-audit -g ..\npm-7.5.4.tgz
cd ..
rmdir /s /q package
- name: Install npm@7
if: startsWith(matrix.node-version, '10.')
run: npm i --prefer-online --no-fund --no-audit -g npm@7
- name: Install npm@latest
if: ${{ !startsWith(matrix.node-version, '10.') }}
run: npm i --prefer-online --no-fund --no-audit -g npm@latest
- name: npm Version
run: npm -v
- name: Install Dependencies
run: npm i --ignore-scripts --no-audit --no-fund
- name: Add Problem Matcher
run: echo "::add-matcher::.github/matchers/tap.json"
- name: Test
run: npm test --ignore-scripts -ws -iwr --if-present
- name: Conclude Check
uses: LouisBrunner/checks-action@v1.3.1
if: always()
with:
token: ${{ secrets.GITHUB_TOKEN }}
conclusion: ${{ job.status }}
check_id: ${{ steps.check.outputs.check_id }}
81 changes: 50 additions & 31 deletions .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
@@ -5,8 +5,6 @@ name: CI
on:
workflow_dispatch:
pull_request:
branches:
- '*'
push:
branches:
- main
@@ -17,54 +15,73 @@ on:

jobs:
lint:
name: Lint
if: github.repository_owner == 'npm'
runs-on: ubuntu-latest
defaults:
run:
shell: bash
steps:
- uses: actions/checkout@v3
- name: Setup git user
- name: Checkout
uses: actions/checkout@v3
- name: Setup Git User
run: |
git config --global user.email "npm-cli+bot@github.com"
git config --global user.name "npm CLI robot"
- uses: actions/setup-node@v3
- name: Setup Node
uses: actions/setup-node@v3
with:
node-version: 16.x
- name: Update npm to latest
node-version: 18.x
- name: Install npm@latest
run: npm i --prefer-online --no-fund --no-audit -g npm@latest
- run: npm -v
- run: npm i --ignore-scripts --no-audit --no-fund
- run: npm run lint
- name: npm Version
run: npm -v
- name: Install Dependencies
run: npm i --ignore-scripts --no-audit --no-fund
- name: Lint
run: npm run lint --ignore-scripts
- name: Post Lint
run: npm run postlint --ignore-scripts

test:
name: Test - ${{ matrix.platform.name }} - ${{ matrix.node-version }}
if: github.repository_owner == 'npm'
strategy:
fail-fast: false
matrix:
node-version:
- 12.13.0
- 12.x
- 14.15.0
- 14.x
- 16.0.0
- 16.x
platform:
- os: ubuntu-latest
- name: Linux
os: ubuntu-latest
shell: bash
- os: macos-latest
- name: macOS
os: macos-latest
shell: bash
- os: windows-latest
- name: Windows
os: windows-latest
shell: cmd
node-version:
- 14.17.0
- 14.x
- 16.13.0
- 16.x
- 18.0.0
- 18.x
runs-on: ${{ matrix.platform.os }}
defaults:
run:
shell: ${{ matrix.platform.shell }}
steps:
- uses: actions/checkout@v3
- name: Setup git user
- name: Checkout
uses: actions/checkout@v3
- name: Setup Git User
run: |
git config --global user.email "npm-cli+bot@github.com"
git config --global user.name "npm CLI robot"
- uses: actions/setup-node@v3
- name: Setup Node
uses: actions/setup-node@v3
with:
node-version: ${{ matrix.node-version }}
- name: Update to workable npm (windows)
- name: Update Windows npm
# node 12 and 14 ship with npm@6, which is known to fail when updating itself in windows
if: matrix.platform.os == 'windows-latest' && (startsWith(matrix.node-version, '12.') || startsWith(matrix.node-version, '14.'))
run: |
@@ -74,15 +91,17 @@ jobs:
node lib/npm.js install --no-fund --no-audit -g ..\npm-7.5.4.tgz
cd ..
rmdir /s /q package
- name: Update npm to 7
# If we do test on npm 10 it needs npm7
- name: Install npm@7
if: startsWith(matrix.node-version, '10.')
run: npm i --prefer-online --no-fund --no-audit -g npm@7
- name: Update npm to latest
- name: Install npm@latest
if: ${{ !startsWith(matrix.node-version, '10.') }}
run: npm i --prefer-online --no-fund --no-audit -g npm@latest
- run: npm -v
- name: add tap problem matcher
- name: npm Version
run: npm -v
- name: Install Dependencies
run: npm i --ignore-scripts --no-audit --no-fund
- name: Add Problem Matcher
run: echo "::add-matcher::.github/matchers/tap.json"
- run: npm i --ignore-scripts --no-audit --no-fund
- run: npm test --ignore-scripts
- name: Test
run: npm test --ignore-scripts -iwr
20 changes: 7 additions & 13 deletions .github/workflows/codeql-analysis.yml
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,13 @@
# This file is automatically added by @npmcli/template-oss. Do not edit.

name: "CodeQL"
name: CodeQL

on:
push:
branches:
- main
- latest
pull_request:
# The branches below must be a subset of the branches above
branches:
- main
- latest
@@ -24,21 +23,16 @@ jobs:
actions: read
contents: read
security-events: write

strategy:
fail-fast: false
matrix:
language: [ javascript ]

steps:
- uses: actions/checkout@v3
- name: Setup git user
- name: Checkout
uses: actions/checkout@v3
- name: Setup Git User
run: |
git config --global user.email "npm-cli+bot@github.com"
git config --global user.name "npm CLI robot"
- name: Initialize CodeQL
uses: github/codeql-action/init@v1
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
languages: javascript
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1
uses: github/codeql-action/analyze@v2
Loading