@npmcli/config 10.8.1 → 10.9.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -187,6 +187,36 @@ const definitions = {
|
|
|
187
187
|
`,
|
|
188
188
|
flatten,
|
|
189
189
|
}),
|
|
190
|
+
'allow-directory': new Definition('allow-directory', {
|
|
191
|
+
default: 'all',
|
|
192
|
+
type: ['all', 'none', 'root'],
|
|
193
|
+
description: `
|
|
194
|
+
Limits the ability for npm to install dependencies from directories.
|
|
195
|
+
That is, dependencies that point to a directory instead of a version or semver range.
|
|
196
|
+
Please note that this could leave your tree incomplete and some packages may not function as intended or designed.
|
|
197
|
+
Changing this setting will not remove dependencies that are already installed.
|
|
198
|
+
|
|
199
|
+
\`all\` allows any directories to be installed.
|
|
200
|
+
\`none\` prevents any directories from being installed.
|
|
201
|
+
\`root\` only allows directories defined in your project's package.json to be installed. Also allows directory dependencies to be used for other commands like \`npm view\`
|
|
202
|
+
`,
|
|
203
|
+
flatten,
|
|
204
|
+
}),
|
|
205
|
+
'allow-file': new Definition('allow-file', {
|
|
206
|
+
default: 'all',
|
|
207
|
+
type: ['all', 'none', 'root'],
|
|
208
|
+
description: `
|
|
209
|
+
Limits the ability for npm to install dependencies from tarball files.
|
|
210
|
+
That is, dependencies that point to a local tarball file instead of a version or semver range.
|
|
211
|
+
Please note that this could leave your tree incomplete and some packages may not function as intended or designed.
|
|
212
|
+
Changing this setting will not remove dependencies that are already installed.
|
|
213
|
+
|
|
214
|
+
\`all\` allows any tarball file to be installed.
|
|
215
|
+
\`none\` prevents any tarball file from being installed.
|
|
216
|
+
\`root\` only allows tarball files defined in your project's package.json to be installed. Also allows tarball file dependencies to be used for other commands like \`npm view\`
|
|
217
|
+
`,
|
|
218
|
+
flatten,
|
|
219
|
+
}),
|
|
190
220
|
'allow-git': new Definition('allow-git', {
|
|
191
221
|
default: 'all',
|
|
192
222
|
type: ['all', 'none', 'root'],
|
|
@@ -194,10 +224,26 @@ const definitions = {
|
|
|
194
224
|
Limits the ability for npm to fetch dependencies from git references.
|
|
195
225
|
That is, dependencies that point to a git repo instead of a version or semver range.
|
|
196
226
|
Please note that this could leave your tree incomplete and some packages may not function as intended or designed.
|
|
227
|
+
Changing this setting will not remove dependencies that are already installed.
|
|
197
228
|
|
|
198
229
|
\`all\` allows any git dependencies to be fetched and installed.
|
|
199
230
|
\`none\` prevents any git dependencies from being fetched and installed.
|
|
200
|
-
\`root\` only allows git dependencies defined in your project's package.json to be fetched installed. Also allows git dependencies to be fetched for other commands like \`npm view\`
|
|
231
|
+
\`root\` only allows git dependencies defined in your project's package.json to be fetched and installed. Also allows git dependencies to be fetched for other commands like \`npm view\`
|
|
232
|
+
`,
|
|
233
|
+
flatten,
|
|
234
|
+
}),
|
|
235
|
+
'allow-remote': new Definition('allow-remote', {
|
|
236
|
+
default: 'all',
|
|
237
|
+
type: ['all', 'none', 'root'],
|
|
238
|
+
description: `
|
|
239
|
+
Limits the ability for npm to fetch dependencies from urls.
|
|
240
|
+
That is, dependencies that point to a tarball url instead of a version or semver range.
|
|
241
|
+
Please note that this could leave your tree incomplete and some packages may not function as intended or designed.
|
|
242
|
+
Changing this setting will not remove dependencies that are already installed.
|
|
243
|
+
|
|
244
|
+
\`all\` allows any url to be installed.
|
|
245
|
+
\`none\` prevents any url from being installed.
|
|
246
|
+
\`root\` only allows urls defined in your project's package.json to be installed. Also allows url dependencies to be used for other commands like \`npm view\`
|
|
201
247
|
`,
|
|
202
248
|
flatten,
|
|
203
249
|
}),
|
|
@@ -246,7 +292,6 @@ const definitions = {
|
|
|
246
292
|
default: null,
|
|
247
293
|
hint: '<date>',
|
|
248
294
|
type: [null, Date],
|
|
249
|
-
exclusive: ['min-release-age'],
|
|
250
295
|
description: `
|
|
251
296
|
If passed to \`npm install\`, will rebuild the npm tree such that only
|
|
252
297
|
versions that were available **on or before** the given date are
|
|
@@ -257,6 +302,12 @@ const definitions = {
|
|
|
257
302
|
pass the \`--before\` filter, the most recent version less than or equal
|
|
258
303
|
to that tag will be used. For example, \`foo@latest\` might install
|
|
259
304
|
\`foo@1.2\` even though \`latest\` is \`2.0\`.
|
|
305
|
+
|
|
306
|
+
If \`before\` and \`min-release-age\` are both set in the same source,
|
|
307
|
+
\`before\` wins (an explicit absolute date overrides a relative window).
|
|
308
|
+
Across sources, the standard precedence applies (cli > env > project >
|
|
309
|
+
user > global), so a higher-priority source can always relax or
|
|
310
|
+
override a lower-priority one.
|
|
260
311
|
`,
|
|
261
312
|
flatten,
|
|
262
313
|
}),
|
|
@@ -1363,7 +1414,6 @@ const definitions = {
|
|
|
1363
1414
|
default: null,
|
|
1364
1415
|
hint: '<days>',
|
|
1365
1416
|
type: [null, Number],
|
|
1366
|
-
exclusive: ['before'],
|
|
1367
1417
|
envExport: false,
|
|
1368
1418
|
description: `
|
|
1369
1419
|
If set, npm will build the npm tree such that only versions that were
|
|
@@ -1372,13 +1422,18 @@ const definitions = {
|
|
|
1372
1422
|
command will error.
|
|
1373
1423
|
|
|
1374
1424
|
This flag is a complement to \`before\`, which accepts an exact date
|
|
1375
|
-
instead of a relative number of days.
|
|
1425
|
+
instead of a relative number of days. The two may coexist (e.g.
|
|
1426
|
+
\`min-release-age\` in your \`.npmrc\` is preserved when npm internally
|
|
1427
|
+
spawns a sub-process with \`--before\` while preparing a \`git:\` or
|
|
1428
|
+
\`github:\` dependency); when both apply, \`before\` wins within a
|
|
1429
|
+
single source and across sources the standard precedence rules apply.
|
|
1376
1430
|
`,
|
|
1377
1431
|
flatten: (key, obj, flatOptions) => {
|
|
1378
|
-
|
|
1379
|
-
|
|
1380
|
-
|
|
1381
|
-
|
|
1432
|
+
const age = obj['min-release-age']
|
|
1433
|
+
// `hasOwn` so a `before` inherited via ConfigData's prototype chain (lib/index.js) from a lower-priority source doesn't silently win.
|
|
1434
|
+
// The `: null` clear depends on `Config#flat` iterating sources low → high.
|
|
1435
|
+
if (age != null && !Object.hasOwn(obj, 'before')) {
|
|
1436
|
+
flatOptions.before = age ? new Date(Date.now() - (86400000 * age)) : null
|
|
1382
1437
|
}
|
|
1383
1438
|
},
|
|
1384
1439
|
}),
|