@pnpm/releasing.commands 1000.0.0 → 1100.0.1

package/lib/deploy/deploy.d.ts

@@ -6,6 +6,7 @@ export declare const shorthands: {
 export declare function rcOptionsTypes(): Record<string, unknown>;
 export declare function cliOptionsTypes(): Record<string, unknown>;
 export declare const commandNames: string[];
+export declare const overridableByScript = true;
 export declare function help(): string;
 export type DeployOptions = Omit<install.InstallCommandOptions, 'useLockfile'> & Pick<Config, 'allowBuilds' | 'forceLegacyDeploy'>;
 export declare function handler(opts: DeployOptions, params: string[]): Promise<void>;

package/lib/deploy/deploy.js

@@ -36,6 +36,7 @@ export function cliOptionsTypes() {
     };
 }
 export const commandNames = ['deploy'];
+export const overridableByScript = true;
 export function help() {
     return renderHelp({
         description: 'Experimental! Deploy a package from a workspace',
@@ -172,11 +173,6 @@ export async function handler(opts, params) {
         saveLockfile: false,
         virtualStoreDir: path.join(deployDir, 'node_modules/.pnpm'),
         modulesDir: path.relative(opts.workspaceDir, path.join(deployDir, 'node_modules')),
-        rawLocalConfig: {
-            ...opts.rawLocalConfig,
-            // This is a workaround to prevent frozen install in CI envs.
-            'frozen-lockfile': false,
-        },
         includeOnlyPackageFiles,
     });
 }
@@ -252,10 +248,6 @@ async function deployFromSharedLockfile(opts, selectedProject, deployDir) {
                 ],
                 calculatePnpmfileChecksum: undefined, // the effects of the pnpmfile should already be part of the package snapshots
             },
-            rawLocalConfig: {
-                ...opts.rawLocalConfig,
-                'frozen-lockfile': true,
-            },
         });
     }
     catch (error) {

package/lib/index.d.ts

@@ -1,2 +1,3 @@
 export { deploy } from './deploy/index.js';
 export { pack, publish } from './publish/index.js';
+export { version } from './version/index.js';

package/lib/index.js

@@ -1,3 +1,4 @@
 export { deploy } from './deploy/index.js';
 export { pack, publish } from './publish/index.js';
+export { version } from './version/index.js';
 //# sourceMappingURL=index.js.map

package/lib/publish/executeTokenHelper.js

@@ -9,6 +9,9 @@ export function executeTokenHelper([cmd, ...args], opts) {
             opts.globalWarn(`(tokenHelper stderr) ${line}`);
         }
     }
-    return (execResult.stdout?.toString() ?? '').trim();
+    const token = (execResult.stdout?.toString() ?? '').trim();
+    // If the token helper output includes an auth scheme prefix (e.g. "Bearer ..."),
+    // strip it since libnpmpublish adds the scheme itself.
+    return token.replace(/^Bearer\s+/i, '');
 }
 //# sourceMappingURL=executeTokenHelper.js.map

package/lib/publish/oidc/authToken.js

@@ -1,4 +1,5 @@
 import { PnpmError } from '@pnpm/error';
+import npa from '@pnpm/npm-package-arg';
 import { displayError } from '../displayError.js';
 import { SHARED_CONTEXT } from '../utils/shared-context.js';
 /**
@@ -12,10 +13,9 @@ import { SHARED_CONTEXT } from '../utils/shared-context.js';
  * @see https://github.com/yarnpkg/berry/blob/bafbef55/packages/plugin-npm/sources/npmHttpUtils.ts#L626-L641 for yarn's implementation.
  */
 export async function fetchAuthToken({ context: { fetch, } = SHARED_CONTEXT, options, idToken, packageName, registry, }) {
-    const escapedPackageName = encodeURIComponent(packageName);
     let response;
     try {
-        response = await fetch(new URL(`/-/npm/v1/oidc/token/exchange/package/${escapedPackageName}`, registry).href, {
+        response = await fetch(new URL(`/-/npm/v1/oidc/token/exchange/package/${npa(packageName).escapedName}`, registry).href, {
             body: '',
             headers: {
                 Accept: 'application/json',

package/lib/publish/oidc/provenance.js

@@ -1,4 +1,5 @@
 import { PnpmError } from '@pnpm/error';
+import npa from '@pnpm/npm-package-arg';
 import { SHARED_CONTEXT } from '../utils/shared-context.js';
 /**
  * Determine `provenance` for a package from the CI context and the visibility of the package.
@@ -18,8 +19,7 @@ export async function determineProvenance({ authToken, idToken, options, package
         (!GITLAB || payload.project_visibility !== 'public' || !env?.SIGSTORE_ID_TOKEN)) {
         throw new ProvenanceInsufficientInformationError();
     }
-    const escapedPackageName = encodeURIComponent(packageName);
-    const visibilityUrl = new URL(`/-/package/${escapedPackageName}/visibility`, registry);
+    const visibilityUrl = new URL(`/-/package/${npa(packageName).escapedName}/visibility`, registry);
     const response = await fetch(visibilityUrl, {
         headers: {
             Accept: 'application/json',

package/lib/publish/otp.d.ts

@@ -1,57 +1,14 @@
-import { PnpmError } from '@pnpm/error';
+import { type OtpContext as BaseOtpContext } from '@pnpm/network.web-auth';
 import type { ExportedManifest } from '@pnpm/releasing.exportable-manifest';
 import type { PublishOptions } from 'libnpmpublish';
-import { SHARED_CONTEXT } from './utils/shared-context.js';
-export interface OtpWebAuthFetchOptions {
-    method: 'GET';
-    retry?: {
-        factor?: number;
-        maxTimeout?: number;
-        minTimeout?: number;
-        randomize?: boolean;
-        retries?: number;
-    };
-    timeout?: number;
-}
-export interface OtpWebAuthFetchResponseHeaders {
-    get: (this: this, name: 'retry-after') => string | null;
-}
-export interface OtpWebAuthFetchResponse {
-    readonly headers: OtpWebAuthFetchResponseHeaders;
-    readonly json: (this: this) => Promise<unknown>;
-    readonly ok: boolean;
-    readonly status: number;
-}
 export interface OtpPublishResponse {
     readonly ok: boolean;
     readonly status: number;
     readonly statusText: string;
     readonly text: () => Promise<string>;
 }
-export interface OtpEnquirer {
-    prompt: (this: this, options: OtpEnquirerOptions) => Promise<OtpEnquirerResponse | undefined>;
-}
-export interface OtpEnquirerOptions {
-    message: string;
-    name: 'otp';
-    type: 'input';
-}
-export interface OtpEnquirerResponse {
-    otp?: string;
-}
 export type OtpPublishFn = (manifest: ExportedManifest, tarballData: Buffer, options: PublishOptions) => Promise<OtpPublishResponse>;
-export interface OtpDate {
-    now: () => number;
-}
-export interface OtpContext {
-    Date: OtpDate;
-    setTimeout: (cb: () => void, ms: number) => void;
-    enquirer: OtpEnquirer;
-    fetch: (url: string, options: OtpWebAuthFetchOptions) => Promise<OtpWebAuthFetchResponse>;
-    globalInfo: (message: string) => void;
-    process: Record<'stdin' | 'stdout', {
-        isTTY?: boolean;
-    }>;
+export interface OtpContext extends BaseOtpContext {
     publish: OtpPublishFn;
 }
 export interface OtpParams {
@@ -60,30 +17,12 @@ export interface OtpParams {
     publishOptions: PublishOptions;
     tarballData: Buffer;
 }
-export { SHARED_CONTEXT };
 /**
  * Publish a package, handling OTP challenges:
  * - Web based authentication flow (authUrl/doneUrl in error body with doneUrl polling)
  * - Classic OTP prompt (manual code entry)
  *
- * @throws {@link OtpWebAuthTimeoutError} if the webauth browser flow times out.
- * @throws {@link OtpNonInteractiveError} if OTP is required but the terminal is not interactive.
- * @throws {@link OtpSecondChallengeError} if the registry requests OTP a second time after one was submitted.
- * @throws the original error if OTP handling is not applicable.
- *
  * @see https://github.com/npm/cli/blob/7d900c46/lib/utils/otplease.js for npm's implementation.
  * @see https://github.com/npm/npm-profile/blob/main/lib/index.js for the webauth polling flow.
  */
-export declare function publishWithOtpHandling({ context: { Date, setTimeout, enquirer, fetch, globalInfo, process, publish }, manifest, publishOptions, tarballData }: OtpParams): Promise<OtpPublishResponse>;
-export declare class OtpWebAuthTimeoutError extends PnpmError {
-    readonly endTime: number;
-    readonly startTime: number;
-    readonly timeout: number;
-    constructor(endTime: number, startTime: number, timeout: number);
-}
-export declare class OtpNonInteractiveError extends PnpmError {
-    constructor();
-}
-export declare class OtpSecondChallengeError extends PnpmError {
-    constructor();
-}
+export declare function publishWithOtpHandling({ context, manifest, publishOptions, tarballData }: OtpParams): Promise<OtpPublishResponse>;

package/lib/publish/otp.js

@@ -1,165 +1,33 @@
-import { PnpmError } from '@pnpm/error';
-import qrcodeTerminal from 'qrcode-terminal';
+import { withOtpHandling, } from '@pnpm/network.web-auth';
 import { SHARED_CONTEXT } from './utils/shared-context.js';
-export { SHARED_CONTEXT };
-const isOtpError = (error) => error != null &&
-    typeof error === 'object' &&
-    'code' in error &&
-    error.code === 'EOTP';
 /**
  * Publish a package, handling OTP challenges:
  * - Web based authentication flow (authUrl/doneUrl in error body with doneUrl polling)
  * - Classic OTP prompt (manual code entry)
  *
- * @throws {@link OtpWebAuthTimeoutError} if the webauth browser flow times out.
- * @throws {@link OtpNonInteractiveError} if OTP is required but the terminal is not interactive.
- * @throws {@link OtpSecondChallengeError} if the registry requests OTP a second time after one was submitted.
- * @throws the original error if OTP handling is not applicable.
- *
  * @see https://github.com/npm/cli/blob/7d900c46/lib/utils/otplease.js for npm's implementation.
  * @see https://github.com/npm/npm-profile/blob/main/lib/index.js for the webauth polling flow.
  */
-export async function publishWithOtpHandling({ context: { Date, setTimeout, enquirer, fetch, globalInfo, process, publish, } = SHARED_CONTEXT, manifest, publishOptions, tarballData, }) {
-    let response;
-    try {
-        response = await publish(manifest, tarballData, publishOptions);
-    }
-    catch (error) {
-        if (!isOtpError(error))
-            throw error;
-        if (!process.stdin.isTTY || !process.stdout.isTTY) {
-            throw new OtpNonInteractiveError();
-        }
-        const fetchOptions = {
-            method: 'GET',
-            retry: {
-                factor: publishOptions.fetchRetryFactor,
-                maxTimeout: publishOptions.fetchRetryMaxtimeout,
-                minTimeout: publishOptions.fetchRetryMintimeout,
-                retries: publishOptions.fetchRetries,
-            },
-            timeout: publishOptions.timeout,
-        };
-        let otp;
-        if (error.body?.authUrl && error.body?.doneUrl) {
-            otp = await webAuthOtp(error.body.authUrl, error.body.doneUrl, { Date, setTimeout, fetch, globalInfo }, fetchOptions);
-        }
-        else {
-            const enquirerResponse = await enquirer.prompt({
-                message: 'This operation requires a one-time password.\nEnter OTP:',
-                name: 'otp',
-                type: 'input',
-            });
-            // Use || (not ??) so that empty-string input is treated as "no OTP provided"
-            otp = enquirerResponse?.otp || undefined;
-        }
-        if (otp != null) {
-            try {
-                return await publish(manifest, tarballData, { ...publishOptions, otp });
-            }
-            catch (retryError) {
-                if (isOtpError(retryError)) {
-                    throw new OtpSecondChallengeError();
-                }
-                throw retryError;
-            }
-        }
-        throw error;
-    }
-    return response;
-}
-async function webAuthOtp(authUrl, doneUrl, { Date, setTimeout, fetch, globalInfo }, fetchOptions) {
-    const qrCode = generateQrCode(authUrl);
-    globalInfo(`Authenticate your account at:\n${authUrl}\n\n${qrCode}`);
-    const startTime = Date.now();
-    const timeout = 5 * 60 * 1000; // 5 minutes
-    const pollIntervalMs = 1000;
-    while (true) {
-        const now = Date.now();
-        if (now - startTime > timeout) {
-            throw new OtpWebAuthTimeoutError(now, startTime, timeout);
-        }
-        // eslint-disable-next-line no-await-in-loop
-        await new Promise(resolve => setTimeout(resolve, pollIntervalMs));
-        let response;
-        try {
-            // eslint-disable-next-line no-await-in-loop
-            response = await fetch(doneUrl, fetchOptions);
-        }
-        catch {
-            continue;
-        }
-        if (!response.ok)
-            continue;
-        if (response.status === 202) {
-            // Registry is still waiting for authentication.
-            // Respect Retry-After header if present by waiting the additional time
-            // beyond the default poll interval already elapsed above, but do not
-            // exceed the overall timeout.
-            const retryAfterSeconds = Number(response.headers.get('retry-after'));
-            if (Number.isFinite(retryAfterSeconds)) {
-                const additionalMs = retryAfterSeconds * 1000 - pollIntervalMs;
-                if (additionalMs > 0) {
-                    const nowAfterPoll = Date.now();
-                    const remainingMs = timeout - (nowAfterPoll - startTime);
-                    if (remainingMs <= 0) {
-                        throw new OtpWebAuthTimeoutError(nowAfterPoll, startTime, timeout);
-                    }
-                    const sleepMs = Math.min(additionalMs, remainingMs);
-                    // eslint-disable-next-line no-await-in-loop
-                    await new Promise(resolve => setTimeout(resolve, sleepMs));
-                }
-            }
-            continue;
-        }
-        let body;
-        try {
-            // eslint-disable-next-line no-await-in-loop
-            body = await response.json();
-        }
-        catch {
-            continue;
-        }
-        if (body.token) {
-            return body.token;
-        }
-    }
-}
-function generateQrCode(text) {
-    let qrCode;
-    qrcodeTerminal.generate(text, { small: true }, (code) => {
-        qrCode = code;
+export async function publishWithOtpHandling({ context = SHARED_CONTEXT, manifest, publishOptions, tarballData, }) {
+    const { publish } = context;
+    const fetchOptions = {
+        method: 'GET',
+        retry: {
+            factor: publishOptions.fetchRetryFactor,
+            maxTimeout: publishOptions.fetchRetryMaxtimeout,
+            minTimeout: publishOptions.fetchRetryMintimeout,
+            retries: publishOptions.fetchRetries,
+        },
+        timeout: publishOptions.timeout,
+    };
+    return withOtpHandling({
+        context,
+        fetchOptions,
+        // When otp is undefined (first attempt), { ...publishOptions, otp } adds
+        // otp: undefined to the options. This is safe because libnpmpublish treats
+        // undefined the same as absent (unlike HTTP headers, where undefined gets
+        // coerced to the string "undefined").
+        operation: otp => publish(manifest, tarballData, { ...publishOptions, otp }),
     });
-    if (qrCode != null)
-        return qrCode;
-    /* istanbul ignore next */
-    throw new Error('we were expecting qrcode-terminal to be fully synchronous, but it fails to execute the callback');
-}
-export class OtpWebAuthTimeoutError extends PnpmError {
-    endTime;
-    startTime;
-    timeout;
-    constructor(endTime, startTime, timeout) {
-        super('WEBAUTH_TIMEOUT', 'Web-based authentication timed out before it could be completed', {
-            hint: 'Re-run this command and complete the authentication step in your browser before the time limit is reached',
-        });
-        this.endTime = endTime;
-        this.startTime = startTime;
-        this.timeout = timeout;
-    }
-}
-export class OtpNonInteractiveError extends PnpmError {
-    constructor() {
-        super('OTP_NON_INTERACTIVE', 'The registry requires additional authentication, but pnpm is not running in an interactive terminal', {
-            hint: 'Re-run this command in an interactive terminal to complete authentication, or provide the --otp option if you are using a classic one-time password (OTP)',
-        });
-    }
-}
-export class OtpSecondChallengeError extends PnpmError {
-    constructor() {
-        super('OTP_SECOND_CHALLENGE', 'The registry requested a one-time password (OTP) a second time after one was already provided', {
-            hint: 'This is unexpected behavior from the registry. Try the command again later and, if the issue persists, verify that your registry supports OTP-based authentication or contact the registry administrator.',
-        });
-    }
 }
 //# sourceMappingURL=otp.js.map

package/lib/publish/pack.d.ts

@@ -1,10 +1,10 @@
-import { type Config, type UniversalOptions } from '@pnpm/config.reader';
+import { type Config, type ConfigContext, type UniversalOptions } from '@pnpm/config.reader';
 import { type ExportedManifest } from '@pnpm/releasing.exportable-manifest';
 export declare function rcOptionsTypes(): Record<string, unknown>;
 export declare function cliOptionsTypes(): Record<string, unknown>;
 export declare const commandNames: string[];
 export declare function help(): string;
-export type PackOptions = Pick<UniversalOptions, 'dir'> & Pick<Config, 'catalogs' | 'ignoreScripts' | 'rawConfig' | 'embedReadme' | 'packGzipLevel' | 'nodeLinker'> & Partial<Pick<Config, 'extraBinPaths' | 'extraEnv' | 'hooks' | 'recursive' | 'selectedProjectsGraph' | 'workspaceConcurrency' | 'workspaceDir'>> & {
+export type PackOptions = Pick<UniversalOptions, 'dir'> & Pick<Config, 'catalogs' | 'ignoreScripts' | 'embedReadme' | 'packGzipLevel' | 'nodeLinker' | 'userAgent'> & Partial<Pick<Config, 'extraBinPaths' | 'extraEnv' | 'recursive' | 'workspaceConcurrency' | 'workspaceDir'>> & Partial<Pick<ConfigContext, 'hooks' | 'selectedProjectsGraph'>> & {
     argv: {
         original: string[];
     };

package/lib/publish/pack.js

@@ -145,10 +145,10 @@ export async function api(opts) {
         extraBinPaths: opts.extraBinPaths,
         extraEnv: opts.extraEnv,
         pkgRoot: opts.dir,
-        rawConfig: opts.rawConfig,
         rootModulesDir: await realpathMissing(path.join(opts.dir, 'node_modules')),
         stdio: 'inherit',
         unsafePerm: true, // when running scripts explicitly, assume that they're trusted.
+        userAgent: opts.userAgent,
     });
     if (!opts.ignoreScripts) {
         await _runScriptsIfPresent([

package/lib/publish/publish.d.ts

@@ -1,4 +1,4 @@
-import { type Config } from '@pnpm/config.reader';
+import { type Config, type ConfigContext } from '@pnpm/config.reader';
 import { type RunLifecycleHookOptions } from '@pnpm/exec.lifecycle';
 import type { ProjectManifest } from '@pnpm/types';
 import { type PublishRecursiveOpts } from './recursivePublish.js';
@@ -13,7 +13,7 @@ export declare function handler(opts: Omit<PublishRecursiveOpts, 'workspaceDir'>
     engineStrict?: boolean;
     recursive?: boolean;
     workspaceDir?: string;
-} & Pick<Config, 'allProjects' | 'bin' | 'gitChecks' | 'ignoreScripts' | 'pnpmHomeDir' | 'publishBranch' | 'embedReadme'>, params: string[]): Promise<{
+} & Pick<Config, 'bin' | 'gitChecks' | 'ignoreScripts' | 'pnpmHomeDir' | 'publishBranch' | 'embedReadme'> & Pick<ConfigContext, 'allProjects'>, params: string[]): Promise<{
     exitCode?: number;
 } | undefined>;
 export interface PublishResult {
@@ -27,5 +27,5 @@ export declare function publish(opts: Omit<PublishRecursiveOpts, 'workspaceDir'>
     engineStrict?: boolean;
     recursive?: boolean;
     workspaceDir?: string;
-} & Pick<Config, 'allProjects' | 'bin' | 'gitChecks' | 'ignoreScripts' | 'pnpmHomeDir' | 'publishBranch' | 'embedReadme' | 'packGzipLevel'>, params: string[]): Promise<PublishResult>;
+} & Pick<Config, 'bin' | 'gitChecks' | 'ignoreScripts' | 'pnpmHomeDir' | 'publishBranch' | 'embedReadme' | 'packGzipLevel'> & Pick<ConfigContext, 'allProjects'>, params: string[]): Promise<PublishResult>;
 export declare function runScriptsIfPresent(opts: RunLifecycleHookOptions, scriptNames: string[], manifest: ProjectManifest): Promise<void>;

package/lib/publish/publish.js

@@ -168,10 +168,10 @@ Do you want to continue?`,
         extraBinPaths: opts.extraBinPaths,
         extraEnv: opts.extraEnv,
         pkgRoot: dir,
-        rawConfig: opts.rawConfig,
         rootModulesDir: await realpathMissing(path.join(dir, 'node_modules')),
         stdio: 'inherit',
         unsafePerm: true, // when running scripts explicitly, assume that they're trusted.
+        userAgent: opts.userAgent,
     });
     const { manifest } = await readProjectManifest(dir, opts);
     // Unfortunately, we cannot support postpack at the moment

package/lib/publish/publishPackedPkg.d.ts

@@ -1,10 +1,7 @@
 import type { Config } from '@pnpm/config.reader';
 import { PnpmError } from '@pnpm/error';
 import type { PackResult } from './pack.js';
-type AuthConfigKey = 'authToken' | 'authUserPass' | 'tokenHelper';
-type SslConfigKey = 'ca' | 'cert' | 'key';
-type AuthSslConfigKey = AuthConfigKey | SslConfigKey | 'authInfos' | 'sslConfigs';
-export type PublishPackedPkgOptions = Pick<Config, AuthSslConfigKey | 'dryRun' | 'fetchRetries' | 'fetchRetryFactor' | 'fetchRetryMaxtimeout' | 'fetchRetryMintimeout' | 'fetchTimeout' | 'registries' | 'tag' | 'userAgent'> & {
+export type PublishPackedPkgOptions = Pick<Config, 'configByUri' | 'dryRun' | 'fetchRetries' | 'fetchRetryFactor' | 'fetchRetryMaxtimeout' | 'fetchRetryMintimeout' | 'fetchTimeout' | 'registries' | 'tag' | 'userAgent'> & {
     access?: 'public' | 'restricted';
     ci?: boolean;
     otp?: string;
@@ -16,4 +13,3 @@ export declare class PublishUnsupportedRegistryProtocolError extends PnpmError {
     readonly registryUrl: string;
     constructor(registryUrl: string);
 }
-export {};

package/lib/publish/publishPackedPkg.js

@@ -28,7 +28,8 @@ export async function publishPackedPkg(packResult, opts) {
     throw await createFailedToPublishError(packResult, response);
 }
 async function createPublishOptions(manifest, options) {
-    const { registry, auth, ssl } = findAuthSslInfo(manifest, options);
+    const { registry, config } = findRegistryInfo(manifest, options);
+    const { creds, tls } = config ?? {};
     const { access, ci: isFromCI, fetchRetries, fetchRetryFactor, fetchRetryMaxtimeout, fetchRetryMintimeout, fetchTimeout: timeout, otp, provenance, provenanceFile, tag: defaultTag, userAgent, } = options;
     const headers = {
         'npm-auth-type': 'web',
@@ -54,20 +55,14 @@ async function createPublishOptions(manifest, options) {
         // always fall back to prompting the user for an OTP code, even when the user
         // has no OTP set up.
         authType: 'web',
-        ca: ssl?.ca,
-        cert: Array.isArray(ssl?.cert) ? ssl.cert.join('\n') : ssl?.cert,
-        key: ssl?.key,
+        ca: tls?.ca,
+        cert: tls?.cert,
+        key: tls?.key,
         npmCommand: 'publish',
-        token: auth && extractToken(auth),
-        username: auth?.authUserPass?.username,
-        password: auth?.authUserPass?.password,
+        token: creds && extractToken(creds),
+        username: creds?.basicAuth?.username,
+        password: creds?.basicAuth?.password,
     };
-    // This is necessary because getNetworkConfigs initialized them as { cert: '', key: '' }
-    // which may be a problem.
-    // The real fix is to change the type `SslConfig` into that of partial properties, but that
-    // is out of scope for now.
-    removeEmptyStringProperty(publishOptions, 'cert');
-    removeEmptyStringProperty(publishOptions, 'key');
     if (registry) {
         const oidcTokenProvenance = await fetchTokenAndProvenanceByOidcIfApplicable(publishOptions, manifest.name, registry, options);
         publishOptions.token ??= oidcTokenProvenance?.authToken;
@@ -78,11 +73,10 @@ async function createPublishOptions(manifest, options) {
     return publishOptions;
 }
 /**
- * Find auth and ssl information according to {@link https://docs.npmjs.com/cli/v10/configuring-npm/npmrc#auth-related-configuration}.
- *
- * The example `.npmrc` demonstrated inheritance.
+ * Find credentials and SSL info for a package's registry.
+ * Follows {@link https://docs.npmjs.com/cli/v10/configuring-npm/npmrc#auth-related-configuration}.
  */
-function findAuthSslInfo({ name }, { authInfos, sslConfigs, registries, ...defaultInfos }) {
+function findRegistryInfo({ name }, { configByUri, registries }) {
     // eslint-disable-next-line regexp/no-unused-capturing-group
     const scopedMatches = /@(?<scope>[^/]+)\/(?<slug>[^/]+)/.exec(name);
     const registryName = scopedMatches?.groups ? `@${scopedMatches.groups.scope}` : 'default';
@@ -92,28 +86,26 @@ function findAuthSslInfo({ name }, { authInfos, sslConfigs, registries, ...defau
         throw new PublishUnsupportedRegistryProtocolError(nonNormalizedRegistry);
     }
     const { normalizedUrl: registry, longestConfigKey: initialRegistryConfigKey, } = supportedRegistryInfo;
-    const result = { registry };
+    let creds;
+    let tls = {};
     for (const registryConfigKey of allRegistryConfigKeys(initialRegistryConfigKey)) {
-        const auth = authInfos[registryConfigKey];
-        const ssl = sslConfigs[registryConfigKey];
-        result.auth ??= auth; // old auth from longer path collectively overrides new auth from shorter path
-        result.ssl = {
-            ...ssl,
-            ...result.ssl, // old ssl from longer path individually overrides new ssl from shorter path
-        };
-    }
-    if (nonNormalizedRegistry !== registries.default &&
-        registry !== registries.default &&
-        registry !== parseSupportedRegistryUrl(registries.default)?.normalizedUrl) {
-        return result;
+        const entry = configByUri[registryConfigKey];
+        if (!entry)
+            continue;
+        // Auth from longer path collectively overrides shorter path
+        creds ??= entry.creds;
+        // TLS from longer path individually overrides shorter path
+        tls = { ...entry.tls, ...tls };
+    }
+    const isDefaultRegistry = nonNormalizedRegistry === registries.default ||
+        registry === registries.default ||
+        registry === parseSupportedRegistryUrl(registries.default)?.normalizedUrl;
+    if (isDefaultRegistry) {
+        creds ??= configByUri['']?.creds;
     }
     return {
         registry,
-        auth: result.auth ?? defaultInfos, // old auth from longer path collectively overrides default auth
-        ssl: {
-            ...defaultInfos,
-            ...result.ssl, // old ssl from longer path individually overrides default ssl
-        },
+        config: { creds, tls },
     };
 }
 function extractToken({ authToken, tokenHelper, }) {
@@ -218,11 +210,6 @@ function appendAuthOptionsForRegistry(targetPublishOptions, registry) {
     targetPublishOptions[`${registryConfigKey}:username`] ??= targetPublishOptions.username;
     targetPublishOptions[`${registryConfigKey}:_password`] ??= targetPublishOptions.password && btoa(targetPublishOptions.password);
 }
-function removeEmptyStringProperty(object, key) {
-    if (!object[key]) {
-        delete object[key];
-    }
-}
 function pruneUndefined(object) {
     for (const key in object) {
         if (object[key] === undefined) {

package/lib/publish/recursivePublish.d.ts

@@ -1,12 +1,12 @@
-import type { Config } from '@pnpm/config.reader';
+import type { Config, ConfigContext } from '@pnpm/config.reader';
 import type { PublishPackedPkgOptions } from './publishPackedPkg.js';
-export type PublishRecursiveOpts = Required<Pick<Config, 'bin' | 'cacheDir' | 'cliOptions' | 'dir' | 'pnpmHomeDir' | 'rawConfig' | 'registries' | 'workspaceDir'>> & Partial<Pick<Config, 'tag' | 'ca' | 'catalogs' | 'cert' | 'fetchTimeout' | 'force' | 'dryRun' | 'extraBinPaths' | 'extraEnv' | 'fetchRetries' | 'fetchRetryFactor' | 'fetchRetryMaxtimeout' | 'fetchRetryMintimeout' | 'key' | 'httpProxy' | 'httpsProxy' | 'localAddress' | 'lockfileDir' | 'noProxy' | 'npmPath' | 'offline' | 'selectedProjectsGraph' | 'strictSsl' | 'unsafePerm' | 'userAgent' | 'userConfig' | 'verifyStoreIntegrity'>> & {
+export type PublishRecursiveOpts = Required<Pick<Config, 'bin' | 'cacheDir' | 'dir' | 'pnpmHomeDir' | 'configByUri' | 'registries' | 'workspaceDir'>> & Required<Pick<ConfigContext, 'cliOptions'>> & Partial<Pick<Config, 'tag' | 'ca' | 'catalogs' | 'cert' | 'fetchTimeout' | 'force' | 'dryRun' | 'extraBinPaths' | 'extraEnv' | 'fetchRetries' | 'fetchRetryFactor' | 'fetchRetryMaxtimeout' | 'fetchRetryMintimeout' | 'key' | 'httpProxy' | 'httpsProxy' | 'localAddress' | 'lockfileDir' | 'noProxy' | 'npmPath' | 'offline' | 'strictSsl' | 'unsafePerm' | 'userAgent' | 'verifyStoreIntegrity'>> & Partial<Pick<ConfigContext, 'selectedProjectsGraph'>> & {
     access?: 'public' | 'restricted';
     argv: {
         original: string[];
     };
     reportSummary?: boolean;
 } & PublishPackedPkgOptions;
-export declare function recursivePublish(opts: PublishRecursiveOpts & Required<Pick<Config, 'selectedProjectsGraph'>>): Promise<{
+export declare function recursivePublish(opts: PublishRecursiveOpts & Required<Pick<ConfigContext, 'selectedProjectsGraph'>>): Promise<{
     exitCode: number;
 }>;

package/lib/publish/recursivePublish.js

@@ -11,8 +11,7 @@ export async function recursivePublish(opts) {
     const pkgs = Object.values(opts.selectedProjectsGraph).map((wsPkg) => wsPkg.package);
     const { resolve } = createResolver({
         ...opts,
-        authConfig: opts.rawConfig,
-        userConfig: opts.userConfig,
+        configByUri: opts.configByUri,
         retry: {
             factor: opts.fetchRetryFactor,
             maxTimeout: opts.fetchRetryMaxtimeout,

package/lib/publish/utils/shared-context.js

@@ -1,4 +1,5 @@
-import { globalInfo } from '@pnpm/logger';
+import readline from 'node:readline';
+import { globalInfo, globalWarn } from '@pnpm/logger';
 import { fetch } from '@pnpm/network.fetch';
 import ciInfo from 'ci-info';
 import enquirer from 'enquirer';
@@ -6,10 +7,12 @@ import { publish as _publish } from 'libnpmpublish';
 const publish = _publish;
 export const SHARED_CONTEXT = {
     Date,
+    createReadlineInterface: readline.createInterface.bind(null, { input: process.stdin }),
     ciInfo,
     enquirer,
     fetch,
     globalInfo,
+    globalWarn,
     process,
     publish,
     setTimeout,

package/lib/version/index.d.ts

@@ -0,0 +1,28 @@
+import { type Config } from '@pnpm/config.reader';
+export declare function rcOptionsTypes(): Record<string, unknown>;
+export declare function cliOptionsTypes(): Record<string, unknown>;
+export declare const commandNames: string[];
+export declare function help(): string;
+interface VersionHandlerOptions extends Config {
+    allowSameVersion?: boolean;
+    noGitChecks?: boolean;
+    noCommitHooks?: boolean;
+    noStrict?: boolean;
+    preid?: string;
+    tagVersionPrefix?: string;
+    recursive?: boolean;
+    json?: boolean;
+    ignoredPackages?: string[];
+}
+export declare function handler(opts: VersionHandlerOptions, params: string[]): Promise<string | {
+    output?: string;
+    exitCode: number;
+}>;
+export declare const version: {
+    handler: typeof handler;
+    help: typeof help;
+    commandNames: string[];
+    cliOptionsTypes: typeof cliOptionsTypes;
+    rcOptionsTypes: typeof rcOptionsTypes;
+};
+export {};

package/lib/version/index.js

@@ -0,0 +1,163 @@
+import { readProjectManifest } from '@pnpm/cli.utils';
+import { types as allTypes } from '@pnpm/config.reader';
+import { PnpmError } from '@pnpm/error';
+import { isGitRepo, isWorkingTreeClean } from '@pnpm/network.git-utils';
+import { filterProjectsFromDir } from '@pnpm/workspace.projects-filter';
+import { pick } from 'ramda';
+import { renderHelp } from 'render-help';
+import { inc, valid } from 'semver';
+export function rcOptionsTypes() {
+    return pick([
+        'git-checks',
+    ], allTypes);
+}
+export function cliOptionsTypes() {
+    return {
+        ...rcOptionsTypes(),
+        'allow-same-version': Boolean,
+        'no-git-checks': Boolean,
+        'no-commit-hooks': Boolean,
+        'no-strict': Boolean,
+        'preid': String,
+        'tag-version-prefix': String,
+        recursive: Boolean,
+        json: Boolean,
+    };
+}
+export const commandNames = ['version'];
+export function help() {
+    return renderHelp({
+        description: 'Bumps the version of a package.',
+        usages: [
+            'pnpm version <major|minor|patch|premajor|preminor|prepatch|prerelease>',
+        ],
+        descriptionLists: [
+            {
+                title: 'Options',
+                list: [
+                    {
+                        description: "Don't check if working tree is clean",
+                        name: '--no-git-checks',
+                    },
+                    {
+                        description: 'Sets the prerelease identifier (e.g. alpha, beta, rc)',
+                        name: '--preid <preid>',
+                    },
+                    {
+                        description: 'Sets the tag prefix (default: v)',
+                        name: '--tag-version-prefix <prefix>',
+                    },
+                    {
+                        description: 'Allow bumping to the same version',
+                        name: '--allow-same-version',
+                    },
+                    {
+                        description: 'Skip running commit hooks',
+                        name: '--no-commit-hooks',
+                    },
+                    {
+                        description: 'Filter packages by name (glob pattern)',
+                        name: '--filter <pattern>',
+                    },
+                    {
+                        description: 'Show information in JSON format',
+                        name: '--json',
+                    },
+                    {
+                        description: 'Apply command to all packages in workspace',
+                        name: '--recursive',
+                    },
+                ],
+            },
+        ],
+    });
+}
+export async function handler(opts, params) {
+    const bumpType = params[0];
+    if (!bumpType || !['major', 'minor', 'patch', 'premajor', 'preminor', 'prepatch', 'prerelease'].includes(bumpType)) {
+        throw new PnpmError('INVALID_VERSION_BUMP', 'Invalid version bump type. Must be one of: major, minor, patch, premajor, preminor, prepatch, prerelease');
+    }
+    // Check git status if needed
+    if (!opts.noGitChecks && await isGitRepo()) {
+        if (!await isWorkingTreeClean()) {
+            throw new PnpmError('UNCLEAN_WORKING_TREE', 'Working tree is not clean. Commit or stash your changes.');
+        }
+    }
+    const changes = [];
+    if (opts.recursive) {
+        // Handle workspace versioning
+        const workspaceDir = opts.workspaceDir || opts.dir;
+        const filters = [];
+        if (opts.filter && opts.filter.length > 0) {
+            opts.filter.forEach(filterPattern => {
+                filters.push({
+                    filter: filterPattern,
+                    followProdDepsOnly: !!opts.filterProd && opts.filterProd.length > 0,
+                });
+            });
+        }
+        const result = await filterProjectsFromDir(workspaceDir, filters, {
+            workspaceDir,
+            prefix: opts.dir,
+        });
+        const pkgDirs = Object.keys(result.selectedProjectsGraph);
+        const bumpResults = await Promise.all(pkgDirs.map(pkgDir => bumpPackageVersion(pkgDir, bumpType, opts)));
+        for (const change of bumpResults) {
+            if (change) {
+                changes.push(change);
+            }
+        }
+    }
+    else {
+        // Handle single package versioning
+        const change = await bumpPackageVersion(opts.dir, bumpType, opts);
+        if (change) {
+            changes.push(change);
+        }
+    }
+    if (changes.length === 0) {
+        throw new PnpmError('NO_PACKAGES_TO_VERSION', 'No packages to version');
+    }
+    // Output results
+    if (opts.json) {
+        return JSON.stringify(changes, null, 2);
+    }
+    let output = 'Version bumped successfully:\n';
+    for (const change of changes) {
+        output += `${change.name}: ${change.currentVersion} → ${change.newVersion}\n`;
+    }
+    return output;
+}
+async function bumpPackageVersion(pkgDir, bumpType, opts) {
+    const { manifest, writeProjectManifest } = await readProjectManifest(pkgDir);
+    if (!manifest.name || !manifest.version) {
+        return null;
+    }
+    const currentVersion = manifest.version;
+    if (!valid(currentVersion)) {
+        throw new PnpmError('INVALID_VERSION', `Invalid version in ${pkgDir}: ${currentVersion}`);
+    }
+    const newVersion = inc(currentVersion, bumpType, false, opts.preid);
+    if (!newVersion) {
+        throw new PnpmError('VERSION_BUMP_FAILED', `Failed to bump version from ${currentVersion} using ${bumpType}`);
+    }
+    if (newVersion === currentVersion && !opts.allowSameVersion) {
+        throw new PnpmError('VERSION_NOT_CHANGED', `Version was not changed: ${currentVersion}`);
+    }
+    manifest.version = newVersion;
+    await writeProjectManifest(manifest);
+    return {
+        name: manifest.name,
+        currentVersion,
+        newVersion,
+        path: pkgDir,
+    };
+}
+export const version = {
+    handler,
+    help,
+    commandNames,
+    cliOptionsTypes,
+    rcOptionsTypes,
+};
+//# sourceMappingURL=index.js.map

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pnpm/releasing.commands",
-  "version": "1000.0.0",
+  "version": "1100.0.1",
   "description": "Commands for deploy, pack, and publish",
   "keywords": [
     "pnpm",
@@ -24,6 +24,7 @@
     "!*.map"
   ],
   "dependencies": {
+    "@pnpm/npm-package-arg": "^2.0.0",
     "@types/normalize-path": "^3.0.2",
     "@zkochan/rimraf": "^4.0.0",
     "chalk": "^5.6.0",
@@ -35,56 +36,58 @@
     "normalize-registry-url": "2.0.1",
     "p-filter": "^4.1.0",
     "p-limit": "^7.1.0",
-    "qrcode-terminal": "^0.12.0",
     "ramda": "npm:@pnpm/ramda@0.28.1",
     "realpath-missing": "^2.0.0",
     "render-help": "^2.0.0",
+    "semver": "^7.7.2",
     "tar-stream": "^3.1.7",
     "tempy": "3.0.0",
     "tinyglobby": "^0.2.14",
     "validate-npm-package-name": "7.0.2",
     "write-json-file": "^7.0.0",
     "write-yaml-file": "^6.0.0",
-    "@pnpm/bins.resolver": "1000.0.11",
-    "@pnpm/catalogs.types": "1000.0.0",
-    "@pnpm/cli.utils": "1001.2.8",
-    "@pnpm/cli.common-cli-options-help": "1000.0.1",
-    "@pnpm/config.pick-registry-for-package": "1000.0.11",
-    "@pnpm/config.reader": "1004.4.2",
-    "@pnpm/constants": "1001.3.1",
-    "@pnpm/error": "1000.0.5",
-    "@pnpm/deps.path": "1001.1.3",
-    "@pnpm/exec.lifecycle": "1001.0.25",
-    "@pnpm/fetching.directory-fetcher": "1000.1.14",
-    "@pnpm/fs.indexed-pkg-importer": "1000.1.14",
-    "@pnpm/engine.runtime.commands": "1000.0.0-0",
-    "@pnpm/fs.is-empty-dir-or-nothing": "1000.0.0",
-    "@pnpm/fs.packlist": "1000.0.0",
-    "@pnpm/installing.commands": "1004.6.10",
-    "@pnpm/lockfile.fs": "1001.1.21",
-    "@pnpm/lockfile.types": "1002.0.2",
-    "@pnpm/network.fetch": "1000.2.6",
-    "@pnpm/network.git-utils": "1000.0.0",
-    "@pnpm/releasing.exportable-manifest": "1000.1.7",
-    "@pnpm/types": "1000.9.0",
-    "@pnpm/workspace.projects-sorter": "1000.0.11",
-    "@pnpm/installing.client": "1001.1.4",
-    "@pnpm/resolving.resolver-base": "1005.1.0"
+    "@pnpm/bins.resolver": "1100.0.1",
+    "@pnpm/cli.common-cli-options-help": "1100.0.0",
+    "@pnpm/catalogs.types": "1100.0.0",
+    "@pnpm/cli.utils": "1100.0.1",
+    "@pnpm/config.reader": "1100.0.1",
+    "@pnpm/config.pick-registry-for-package": "1100.0.1",
+    "@pnpm/deps.path": "1100.0.1",
+    "@pnpm/constants": "1100.0.0",
+    "@pnpm/error": "1100.0.0",
+    "@pnpm/fetching.directory-fetcher": "1100.0.1",
+    "@pnpm/exec.lifecycle": "1100.0.1",
+    "@pnpm/fs.indexed-pkg-importer": "1100.0.1",
+    "@pnpm/engine.runtime.commands": "1100.0.1",
+    "@pnpm/fs.is-empty-dir-or-nothing": "1100.0.0",
+    "@pnpm/installing.client": "1100.0.1",
+    "@pnpm/fs.packlist": "1100.0.0",
+    "@pnpm/installing.commands": "1100.0.1",
+    "@pnpm/lockfile.types": "1100.0.1",
+    "@pnpm/network.fetch": "1100.0.1",
+    "@pnpm/lockfile.fs": "1100.0.1",
+    "@pnpm/network.git-utils": "1100.0.0",
+    "@pnpm/network.web-auth": "1101.0.0",
+    "@pnpm/releasing.exportable-manifest": "1100.0.1",
+    "@pnpm/types": "1101.0.0",
+    "@pnpm/resolving.resolver-base": "1100.0.1",
+    "@pnpm/workspace.projects-filter": "1100.0.1",
+    "@pnpm/workspace.projects-sorter": "1100.0.1"
   },
   "peerDependencies": {
     "@pnpm/logger": ">=1001.0.0 <1002.0.0"
   },
   "devDependencies": {
-    "@jest/globals": "30.0.5",
-    "@pnpm/registry-mock": "5.2.4",
+    "@jest/globals": "30.3.0",
+    "@pnpm/registry-mock": "6.0.0",
     "@types/cross-spawn": "^6.0.6",
     "@types/is-windows": "^1.0.2",
     "@types/libnpmpublish": "^9.0.1",
     "@types/proxyquire": "^1.3.31",
-    "@types/qrcode-terminal": "^0.12.2",
-    "@types/ramda": "0.29.12",
-    "@types/tar": "^6.1.13",
-    "@types/tar-stream": "^2.2.3",
+    "@types/ramda": "0.31.1",
+    "@types/semver": "7.7.1",
+    "@types/tar": "^7.0.87",
+    "@types/tar-stream": "^3.1.4",
     "@types/validate-npm-package-name": "^4.0.2",
     "ci-info": "^4.3.0",
     "cross-spawn": "^7.0.6",
@@ -92,15 +95,15 @@
     "load-json-file": "^7.0.1",
     "tar": "^7.5.10",
     "write-yaml-file": "^6.0.0",
-    "@pnpm/catalogs.config": "1000.0.5",
-    "@pnpm/hooks.pnpmfile": "1002.1.3",
-    "@pnpm/assert-project": "1000.0.4",
-    "@pnpm/logger": "1001.0.1",
-    "@pnpm/releasing.commands": "1000.0.0",
-    "@pnpm/test-fixtures": "1000.0.0",
-    "@pnpm/prepare": "1000.0.4",
-    "@pnpm/test-ipc-server": "1000.0.0",
-    "@pnpm/workspace.projects-filter": "1000.0.43"
+    "@pnpm/assert-project": "1100.0.1",
+    "@pnpm/catalogs.config": "1100.0.0",
+    "@pnpm/hooks.pnpmfile": "1100.0.1",
+    "@pnpm/logger": "1100.0.0",
+    "@pnpm/prepare": "1100.0.1",
+    "@pnpm/releasing.commands": "1100.0.1",
+    "@pnpm/test-fixtures": "1100.0.0",
+    "@pnpm/test-ipc-server": "1100.0.0",
+    "@pnpm/testing.command-defaults": "1100.0.0"
   },
   "engines": {
     "node": ">=22.13"
@@ -111,8 +114,8 @@
   "scripts": {
     "start": "tsgo --watch",
     "lint": "eslint \"src/**/*.ts\" \"test/**/*.ts\"",
-    "_test": "cross-env NODE_OPTIONS=\"$NODE_OPTIONS --experimental-vm-modules --disable-warning=ExperimentalWarning --disable-warning=DEP0169\" jest",
-    "test": "pnpm run compile && pnpm run _test",
-    "compile": "tsgo --build && pnpm run lint --fix"
+    "test": "pn compile && pn --filter=pnpm compile && pn .test",
+    "compile": "tsgo --build && pn lint --fix",
+    ".test": "cross-env NODE_OPTIONS=\"$NODE_OPTIONS --experimental-vm-modules --disable-warning=ExperimentalWarning --disable-warning=DEP0169\" jest"
   }
 }