@bobfrankston/npmglobalize 1.0.167 → 1.0.169

package/lib/git.d.ts

@@ -51,10 +51,18 @@ export declare function parseVersionTag(tag: string): number[] | null;
 export declare function compareVersions(a: number[], b: number[]): number;
 /** Fix version/tag mismatches */
 export declare function fixVersionTagMismatch(cwd: string, pkg: any, verbose?: boolean): boolean;
-/** Wait for a package version to appear on the npm registry */
-export declare function waitForNpmVersion(pkgName: string, version: string, maxWaitMs?: number): boolean;
-/** Run npm install -g with retries for registry propagation delay */
-export declare function installGlobalWithRetry(pkgSpec: string, cwd: string, maxRetries?: number): {
+/** Wait for a package version to appear on the npm registry.
+ *  First-time publishes (brand-new package name) take much longer to
+ *  propagate than version bumps — npm has no cached metadata to update,
+ *  so the registry/CDN can take several minutes before the package is
+ *  resolvable. We wait longer and re-probe `npm view` for the version
+ *  string until it shows up (or we hit the cap). */
+export declare function waitForNpmVersion(pkgName: string, version: string, isNewPackage?: boolean, maxWaitMs?: number): boolean;
+/** Run npm install -g with retries for registry propagation delay.
+ *  Brand-new packages (first-time publish) take much longer to become
+ *  installable than version bumps, so we use longer waits and more
+ *  attempts when `isNewPackage` is true. */
+export declare function installGlobalWithRetry(pkgSpec: string, cwd: string, isNewPackage?: boolean, maxRetries?: number): {
     success: boolean;
     output: string;
     stderr: string;

package/lib/git.js

@@ -469,11 +469,24 @@ export function fixVersionTagMismatch(cwd, pkg, verbose = false) {
     return deletedAny;
 }
 // ── Group 5: npm install helpers (private) ──────────────────────────
-/** Wait for a package version to appear on the npm registry */
-export function waitForNpmVersion(pkgName, version, maxWaitMs = 90000) {
-    const interval = 3000;
-    const maxAttempts = Math.ceil(maxWaitMs / interval);
-    process.stdout.write(`Waiting for ${pkgName}@${version} on npm registry`);
+/** Reliable synchronous sleep — works regardless of stdio/TTY state.
+ *  (Windows `timeout /t` exits immediately when stdio is piped, which broke
+ *  the previous spawn-based sleep.) */
+function sleepSync(ms) {
+    Atomics.wait(new Int32Array(new SharedArrayBuffer(4)), 0, 0, ms);
+}
+/** Wait for a package version to appear on the npm registry.
+ *  First-time publishes (brand-new package name) take much longer to
+ *  propagate than version bumps — npm has no cached metadata to update,
+ *  so the registry/CDN can take several minutes before the package is
+ *  resolvable. We wait longer and re-probe `npm view` for the version
+ *  string until it shows up (or we hit the cap). */
+export function waitForNpmVersion(pkgName, version, isNewPackage = false, maxWaitMs) {
+    const effectiveMaxWait = maxWaitMs ?? (isNewPackage ? 600000 : 180000);
+    const interval = isNewPackage ? 5000 : 3000;
+    const maxAttempts = Math.ceil(effectiveMaxWait / interval);
+    const suffix = isNewPackage ? ' (new package, may take several minutes)' : '';
+    process.stdout.write(`Waiting for ${pkgName}@${version} on npm registry${suffix}`);
     for (let i = 0; i < maxAttempts; i++) {
         const result = spawnSafe('npm', ['view', `${pkgName}@${version}`, 'version'], {
             shell: process.platform === 'win32',
@@ -485,17 +498,22 @@ export function waitForNpmVersion(pkgName, version, maxWaitMs = 90000) {
             return true;
         }
         process.stdout.write('.');
-        spawnSafe(process.platform === 'win32' ? 'timeout' : 'sleep', process.platform === 'win32' ? ['/t', '3', '/nobreak'] : ['3'], { stdio: 'pipe', shell: process.platform === 'win32' });
+        sleepSync(interval);
     }
     process.stdout.write(' timed out\n');
     return false;
 }
-/** Run npm install -g with retries for registry propagation delay */
-export function installGlobalWithRetry(pkgSpec, cwd, maxRetries = 3) {
+/** Run npm install -g with retries for registry propagation delay.
+ *  Brand-new packages (first-time publish) take much longer to become
+ *  installable than version bumps, so we use longer waits and more
+ *  attempts when `isNewPackage` is true. */
+export function installGlobalWithRetry(pkgSpec, cwd, isNewPackage = false, maxRetries) {
+    const retries = maxRetries ?? (isNewPackage ? 6 : 3);
+    const delaySec = isNewPackage ? 30 : 10;
     let result = runCommand('npm', ['install', '-g', pkgSpec], { cwd, silent: false, showCommand: true });
-    for (let attempt = 1; attempt < maxRetries && !result.success; attempt++) {
-        console.log(colors.yellow(`  Retrying install (attempt ${attempt + 1}/${maxRetries}) in 10 seconds...`));
-        spawnSafe(process.platform === 'win32' ? 'timeout' : 'sleep', process.platform === 'win32' ? ['/t', '10', '/nobreak'] : ['10'], { stdio: 'pipe', shell: process.platform === 'win32' });
+    for (let attempt = 1; attempt < retries && !result.success; attempt++) {
+        console.log(colors.yellow(`  Retrying install (attempt ${attempt + 1}/${retries}) in ${delaySec} seconds...`));
+        sleepSync(delaySec * 1000);
         result = runCommand('npm', ['install', '-g', pkgSpec], { cwd, silent: false, showCommand: true });
     }
     return result;

package/lib.js

@@ -1365,11 +1365,24 @@ export function fixVersionTagMismatch(cwd, pkg, verbose = false) {
     }
     return deletedAny;
 }
-/** Wait for a package version to appear on the npm registry */
-function waitForNpmVersion(pkgName, version, maxWaitMs = 90000) {
-    const interval = 3000;
-    const maxAttempts = Math.ceil(maxWaitMs / interval);
-    process.stdout.write(`${timestamp()} Waiting for ${pkgName}@${version} on npm registry`);
+/** Reliable synchronous sleep — works regardless of stdio/TTY state.
+ *  (Windows `timeout /t` exits immediately when stdio is piped, which broke
+ *  the previous spawn-based sleep.) */
+function sleepSync(ms) {
+    Atomics.wait(new Int32Array(new SharedArrayBuffer(4)), 0, 0, ms);
+}
+/** Wait for a package version to appear on the npm registry.
+ *  First-time publishes (brand-new package name) take much longer to
+ *  propagate than version bumps — npm has no cached metadata to update,
+ *  so the registry/CDN can take several minutes before the package is
+ *  resolvable. We wait longer and re-probe `npm view` for the version
+ *  string until it shows up (or we hit the cap). */
+function waitForNpmVersion(pkgName, version, isNewPackage = false, maxWaitMs) {
+    const effectiveMaxWait = maxWaitMs ?? (isNewPackage ? 600000 : 180000);
+    const interval = isNewPackage ? 5000 : 3000;
+    const maxAttempts = Math.ceil(effectiveMaxWait / interval);
+    const suffix = isNewPackage ? ' (new package, may take several minutes)' : '';
+    process.stdout.write(`${timestamp()} Waiting for ${pkgName}@${version} on npm registry${suffix}`);
     for (let i = 0; i < maxAttempts; i++) {
         const result = spawnSafe('npm', ['view', `${pkgName}@${version}`, 'version'], {
             shell: process.platform === 'win32',
@@ -1381,7 +1394,7 @@ function waitForNpmVersion(pkgName, version, maxWaitMs = 90000) {
             return true;
         }
         process.stdout.write('.');
-        spawnSafe(process.platform === 'win32' ? 'timeout' : 'sleep', process.platform === 'win32' ? ['/t', '3', '/nobreak'] : ['3'], { stdio: 'pipe', shell: process.platform === 'win32' });
+        sleepSync(interval);
     }
     process.stdout.write(' timed out\n');
     return false;
@@ -1687,12 +1700,17 @@ export function ensureWorkspaceDepModules(rootDir, members, verbose = false) {
             console.error(colors.dim(r.stderr.split('\n').slice(0, 5).join('\n')));
     }
 }
-/** Run npm install -g with retries for registry propagation delay */
-function installGlobalWithRetry(pkgSpec, cwd, maxRetries = 3) {
+/** Run npm install -g with retries for registry propagation delay.
+ *  Brand-new packages (first-time publish) take much longer to become
+ *  installable than version bumps, so we use longer waits and more
+ *  attempts when `isNewPackage` is true. */
+function installGlobalWithRetry(pkgSpec, cwd, isNewPackage = false, maxRetries) {
+    const retries = maxRetries ?? (isNewPackage ? 6 : 3);
+    const delaySec = isNewPackage ? 30 : 10;
     let result = runCommand('npm', ['install', '-g', pkgSpec], { cwd, silent: false, showCommand: true });
-    for (let attempt = 1; attempt < maxRetries && !result.success; attempt++) {
-        console.log(colors.yellow(`  Retrying install (attempt ${attempt + 1}/${maxRetries}) in 10 seconds...`));
-        spawnSafe(process.platform === 'win32' ? 'timeout' : 'sleep', process.platform === 'win32' ? ['/t', '10', '/nobreak'] : ['10'], { stdio: 'pipe', shell: process.platform === 'win32' });
+    for (let attempt = 1; attempt < retries && !result.success; attempt++) {
+        console.log(colors.yellow(`  Retrying install (attempt ${attempt + 1}/${retries}) in ${delaySec} seconds...`));
+        sleepSync(delaySec * 1000);
         result = runCommand('npm', ['install', '-g', pkgSpec], { cwd, silent: false, showCommand: true });
     }
     return result;
@@ -2024,9 +2042,18 @@ export function getGitStatus(cwd) {
         remoteBranch: '',
         isBehindRemote: false
     };
-    // Check if git repo
-    const gitDir = path.join(cwd, '.git');
-    if (!fs.existsSync(gitDir)) {
+    // Check if git repo — walk up the directory tree to find the enclosing
+    // .git, like git itself does. Previously this only looked for `.git/` at
+    // cwd, which broke for any subdir inside a repo (e.g., a workspace
+    // member that lives inside a parent monorepo's git tree).
+    let gitDir;
+    try {
+        const result = execSync('git rev-parse --git-dir', { cwd, encoding: 'utf-8', stdio: ['pipe', 'pipe', 'ignore'] }).trim();
+        if (!result)
+            return status;
+        gitDir = path.isAbsolute(result) ? result : path.resolve(cwd, result);
+    }
+    catch {
         return status;
     }
     status.isRepo = true;
@@ -3039,25 +3066,6 @@ export function getToolVersion() {
         return 'unknown';
     }
 }
-/** Offer to add a bin field if missing — returns true if bin was added, false to skip/abort */
-async function offerAddBin(cwd, pkg) {
-    if (pkg.bin)
-        return true;
-    // Determine likely entry point
-    const mainFile = pkg.main || 'index.js';
-    const cmdName = (pkg.name || path.basename(cwd)).replace(/^@[^/]+\//, '');
-    console.log(colors.yellow('No bin field — this is a library, not a CLI tool.'));
-    console.log(colors.yellow('Libraries should not be installed globally. Use npm install <name> in projects instead.'));
-    const choice = await promptChoice(`Add bin field to make it a CLI tool?\n  1) Yes, use "${cmdName}" → "${mainFile}"\n  2) Skip global install (default)\nChoice:`, ['1', '2', '']);
-    if (choice === '1') {
-        pkg.bin = { [cmdName]: mainFile };
-        writePackageJson(cwd, pkg);
-        console.log(colors.green(`✓ Added bin: { "${cmdName}": "${mainFile}" }`));
-        return true;
-    }
-    // choice is '2' or '' (default) — skip
-    return false;
-}
 /** Perform local-only install (npm install -g .) — extracted for reuse from git-init prompts */
 async function doLocalInstall(cwd, options) {
     const { dryRun = false, wsl = false } = options;
@@ -3067,12 +3075,8 @@ async function doLocalInstall(cwd, options) {
     console.log(colors.blue(`Local install: ${pkgName}@${pkgVersion}`));
     console.log(colors.dim('Skipping transform/publish — installing with file: deps as-is'));
     if (!pkg.bin) {
-        const proceed = await offerAddBin(cwd, pkg);
-        if (!proceed) {
-            console.log(colors.yellow('Skipping global install — library packages should not be installed globally.'));
-            console.log(colors.yellow(`To use in projects: npm install ${pkgName}`));
-            return true;
-        }
+        console.log(colors.dim(`  (library — skipping global install)`));
+        return true;
     }
     if (dryRun) {
         console.log('  [dry-run] Would run: npm install -g .');
@@ -3175,7 +3179,10 @@ export async function globalize(cwd, options = {}, configOptions = {}) {
         }
     }
     console.log('');
-    // -local: skip all transform/publish, just install from local directory with file: deps intact
+    // -local: skip all transform/publish, just install from local directory with file: deps intact.
+    // -local is testing-only and must NOT mutate package.json — packages are meant to be installed
+    // as published public packages by end users; the bin field is whatever the published shape is.
+    // Library members (no bin) are silently skipped: nothing for global install to expose.
     if (local) {
         const pkg = readPackageJson(cwd);
         const pkgName = pkg.name || path.basename(cwd);
@@ -3183,12 +3190,8 @@ export async function globalize(cwd, options = {}, configOptions = {}) {
         console.log(colors.blue(`Local install: ${pkgName}@${pkgVersion}`));
         console.log(colors.dim('Skipping transform/publish — installing with file: deps as-is'));
         if (!pkg.bin) {
-            const proceed = await offerAddBin(cwd, pkg);
-            if (!proceed) {
-                console.log(colors.yellow('Skipping global install — library packages should not be installed globally.'));
-                console.log(colors.yellow(`To use in projects: npm install ${pkgName}`));
-                return true;
-            }
+            console.log(colors.dim(`  (library — skipping global install)`));
+            return true;
         }
         if (dryRun) {
             console.log('  [dry-run] Would run: npm install -g .');
@@ -3633,6 +3636,10 @@ export async function globalize(cwd, options = {}, configOptions = {}) {
     }
     // Check npm visibility and current publication status
     let currentAccess = checkNpmAccess(pkg.name);
+    // Track whether this name is brand-new on npm so post-publish waits use
+    // longer timeouts — first-time publishes propagate slowly through the
+    // registry/CDN even after `npm publish` reports success.
+    const wasNewPackage = !currentAccess;
     let isScoped = pkg.name.startsWith('@');
     // Check if public intent was explicitly declared anywhere:
     // CLI (--npm public), config file (.globalize.json5), or package.json publishConfig
@@ -4279,11 +4286,7 @@ export async function globalize(cwd, options = {}, configOptions = {}) {
                 const pkgName = pkg.name;
                 const pkgVersion = pkg.version;
                 if (!pkg.bin && (install || link || wsl)) {
-                    const proceed = await offerAddBin(cwd, pkg);
-                    if (!proceed) {
-                        console.log(colors.yellow('Skipping global install — library packages should not be installed globally.'));
-                        console.log(colors.yellow(`To use in projects: npm install ${pkgName}`));
-                    }
+                    console.log(colors.dim(`  ${pkgName}: library — skipping global install`));
                 }
                 if (pkg.bin && (install || link || wsl)) {
                     if (link) {
@@ -5079,11 +5082,7 @@ export async function globalize(cwd, options = {}, configOptions = {}) {
     let globalInstallOk = false;
     let wslInstallOk = false;
     if (!updatedPkg.bin && (install || link || wsl)) {
-        const proceed = await offerAddBin(cwd, updatedPkg);
-        if (!proceed) {
-            console.log(colors.yellow('Skipping global install — library packages should not be installed globally.'));
-            console.log(colors.yellow(`To use in projects: npm install ${pkgName}`));
-        }
+        console.log(colors.dim(`  ${pkgName}: library — skipping global install`));
     }
     if (updatedPkg.bin && (install || link || wsl)) {
         if (link) {
@@ -5127,8 +5126,8 @@ export async function globalize(cwd, options = {}, configOptions = {}) {
             else {
                 console.log(`${timestamp()} Installing globally from registry: ${pkgName}@${pkgVersion}...`);
                 if (!dryRun) {
-                    waitForNpmVersion(pkgName, pkgVersion);
-                    const installResult = installGlobalWithRetry(`${pkgName}@${pkgVersion}`, cwd);
+                    waitForNpmVersion(pkgName, pkgVersion, wasNewPackage);
+                    const installResult = installGlobalWithRetry(`${pkgName}@${pkgVersion}`, cwd, wasNewPackage);
                     if (installResult.success) {
                         globalInstallOk = true;
                         console.log(colors.green(`✓ Installed globally: ${pkgName}@${pkgVersion}`));
@@ -5157,7 +5156,7 @@ export async function globalize(cwd, options = {}, configOptions = {}) {
             const useLocalWsl = link || !!updatedPkg.workspaces;
             const wslArgs = useLocalWsl ? ['npm', 'install', '-g', '.'] : ['npm', 'install', '-g', `${pkgName}@${pkgVersion}`];
             if (!useLocalWsl)
-                waitForNpmVersion(pkgName, pkgVersion);
+                waitForNpmVersion(pkgName, pkgVersion, wasNewPackage);
             console.log(`Installing in WSL${useLocalWsl ? ' (local)' : ' from registry'}: ${pkgName}@${pkgVersion}...`);
             if (!dryRun) {
                 const wslResult = installInWsl(wslArgs, { cwd });
@@ -5289,6 +5288,26 @@ export async function globalizeWorkspace(rootDir, options = {}, configOptions =
     console.log(`Packages (${packages.length}): ${packages.map(p => p.name).join(', ')}`);
     console.log(`Publish order: ${publishOrder.join(' → ')}`);
     console.log('');
+    // Warn if -local / -install are present at the workspace root: those are
+    // component-level concerns. In workspace mode they only act on members
+    // that have a `bin` field; libraries are silently skipped. Telling the
+    // user up front avoids the surprise of "I asked for install but most
+    // packages didn't install."
+    const installSources = [];
+    if (options.local || configOptions.local) {
+        const src = configOptions.local && !options.local ? '.globalize.json5' : 'CLI';
+        installSources.push(`-local (${src})`);
+    }
+    if (options.install || configOptions.install) {
+        const src = configOptions.install && !options.install ? '.globalize.json5' : 'CLI';
+        installSources.push(`-install (${src})`);
+    }
+    if (installSources.length > 0) {
+        console.log(colors.yellow(`!  ${installSources.join(', ')} at workspace root — these are component-level flags.`));
+        console.log(colors.yellow(`   Only members with a \`bin\` field will install globally; libraries are skipped.`));
+        console.log(colors.yellow(`   For per-component control, run npmglobalize inside the component directory.`));
+        console.log('');
+    }
     const rootPkg = readPackageJson(rootDir);
     // Handle --cleanup: restore deps for all packages and return
     if (options.cleanup) {
@@ -5432,13 +5451,14 @@ export async function globalizeWorkspace(rootDir, options = {}, configOptions =
                     }
                 }
             }
+            const relPath = path.relative(rootDir, pkgInfo.dir).split(path.sep).join('/') || '.';
             if (reason) {
                 flaggedForWork.add(pkgName);
-                console.log(`  ${colors.yellow('⟳')} ${pkgName}  — ${reason}`);
+                console.log(`  ${colors.yellow('⟳')} ${pkgName}  — ${reason}  ${colors.dim(relPath)}`);
             }
             else {
                 skipReasons.set(pkgName, 'clean, published, build fresh');
-                console.log(`  ${colors.green('✓')} ${pkgName}  — skip (clean, published, build fresh)`);
+                console.log(`  ${colors.green('✓')} ${pkgName}  — skip (clean, published, build fresh)  ${colors.dim(relPath)}`);
             }
         }
         console.log('');

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bobfrankston/npmglobalize",
-  "version": "1.0.167",
+  "version": "1.0.169",
   "description": "Transform file: dependencies to npm versions for publishing",
   "main": "index.js",
   "type": "module",