@pnpm/releasing.commands 1100.2.17 → 1100.3.0

package/lib/deploy/deploy.js

@@ -240,6 +240,7 @@ async function deployFromSharedLockfile(opts, selectedProject, deployDir) {
             injectWorkspacePackages: undefined, // the effects of injecting workspace packages should already be part of the package snapshots
             overrides: undefined, // the effects of the overrides should already be part of the package snapshots
             packageExtensions: undefined, // the effects of the package extensions should already be part of the package snapshots
+            configDependencies: undefined, // configDependencies (e.g. pacquet) are not installed into the deploy dir, so the install engine they designate isn't on disk to invoke
             hooks: {
                 ...opts.hooks,
                 readPackage: [

package/lib/index.d.ts

@@ -1,4 +1,5 @@
 export { deploy } from './deploy/index.js';
 export { packApp } from './pack-app/index.js';
 export { pack, publish } from './publish/index.js';
+export * as stage from './stage/index.js';
 export { version } from './version/index.js';

package/lib/index.js

@@ -1,5 +1,6 @@
 export { deploy } from './deploy/index.js';
 export { packApp } from './pack-app/index.js';
 export { pack, publish } from './publish/index.js';
+export * as stage from './stage/index.js';
 export { version } from './version/index.js';
 //# sourceMappingURL=index.js.map

package/lib/publish/otp.d.ts

@@ -6,6 +6,8 @@ export interface OtpPublishResponse {
     readonly status: number;
     readonly statusText: string;
     readonly text: () => Promise<string>;
+    /** Set by the registry only when the publish was staged (i.e. `stage: true` was sent). */
+    readonly stageId?: string;
 }
 export type OtpPublishFn = (manifest: ExportedManifest, tarballData: Buffer, options: PublishOptions) => Promise<OtpPublishResponse>;
 export interface OtpContext extends BaseOtpContext {

package/lib/publish/pack.d.ts

@@ -4,7 +4,7 @@ export declare function rcOptionsTypes(): Record<string, unknown>;
 export declare function cliOptionsTypes(): Record<string, unknown>;
 export declare const commandNames: string[];
 export declare function help(): string;
-export type PackOptions = Pick<UniversalOptions, 'dir'> & Pick<Config, 'catalogs' | 'ignoreScripts' | 'embedReadme' | 'packGzipLevel' | 'nodeLinker' | 'userAgent'> & Partial<Pick<Config, 'extraBinPaths' | 'extraEnv' | 'recursive' | 'workspaceConcurrency' | 'workspaceDir'>> & Partial<Pick<ConfigContext, 'hooks' | 'selectedProjectsGraph'>> & {
+export type PackOptions = Pick<UniversalOptions, 'dir'> & Pick<Config, 'catalogs' | 'ignoreScripts' | 'embedReadme' | 'packGzipLevel' | 'nodeLinker' | 'skipManifestObfuscation' | 'userAgent'> & Partial<Pick<Config, 'extraBinPaths' | 'extraEnv' | 'recursive' | 'workspaceConcurrency' | 'workspaceDir'>> & Partial<Pick<ConfigContext, 'hooks' | 'selectedProjectsGraph'>> & {
     argv: {
         original: string[];
     };

package/lib/publish/pack.js

@@ -25,6 +25,7 @@ export function rcOptionsTypes() {
         ...cliOptionsTypes(),
         ...pick([
             'npm-path',
+            'skip-manifest-obfuscation',
         ], allTypes),
     };
 }
@@ -37,6 +38,7 @@ export function cliOptionsTypes() {
             'pack-destination',
             'pack-gzip-level',
             'json',
+            'skip-manifest-obfuscation',
             'workspace-concurrency',
         ], allTypes),
     };
@@ -71,6 +73,10 @@ export function help() {
                         name: '--recursive',
                         shortAlias: '-r',
                     },
+                    {
+                        description: 'Skip pnpm\'s manifest obfuscation: keep the original `packageManager` field and publish lifecycle scripts in the packed manifest instead of stripping them. The pnpm-specific `pnpm` field is still omitted.',
+                        name: '--skip-manifest-obfuscation',
+                    },
                     {
                         description: `Set the maximum number of concurrency. Default is ${getDefaultWorkspaceConcurrency()}. For unlimited concurrency use Infinity.`,
                         name: '--workspace-concurrency <number>',
@@ -178,6 +184,7 @@ export async function api(opts) {
         embedReadme: opts.embedReadme,
         catalogs: opts.catalogs ?? {},
         hooks: opts.hooks,
+        skipManifestObfuscation: opts.skipManifestObfuscation,
     });
     // Strip semver build metadata (the `+<build>` segment) from the published version so that
     // the tarball, the manifest packed inside it, and the metadata sent to the registry all agree.
@@ -309,13 +316,14 @@ async function packPkg(opts) {
     });
 }
 async function createPublishManifest(opts) {
-    const { projectDir, embedReadme, modulesDir, manifest, catalogs, hooks } = opts;
+    const { projectDir, embedReadme, modulesDir, manifest, catalogs, hooks, skipManifestObfuscation } = opts;
     const readmeFile = embedReadme ? await readReadmeFile(projectDir) : undefined;
     return createExportableManifest(projectDir, manifest, {
         catalogs,
         hooks,
         readmeFile,
         modulesDir,
+        skipManifestObfuscation,
     });
 }
 function toPackResultJson(packResult) {

package/lib/publish/publish.d.ts

@@ -16,7 +16,7 @@ export declare function handler(opts: Omit<PublishRecursiveOpts, 'workspaceDir'>
     json?: boolean;
     recursive?: boolean;
     workspaceDir?: string;
-} & Pick<Config, 'bin' | 'gitChecks' | 'ignoreScripts' | 'pnpmHomeDir' | 'publishBranch' | 'embedReadme'> & Pick<ConfigContext, 'allProjects'>, params: string[]): Promise<{
+} & Pick<Config, 'bin' | 'gitChecks' | 'ignoreScripts' | 'pnpmHomeDir' | 'publishBranch' | 'embedReadme' | 'skipManifestObfuscation'> & Pick<ConfigContext, 'allProjects'>, params: string[]): Promise<{
     exitCode?: number;
     output?: string;
 } | undefined>;
@@ -36,5 +36,5 @@ export declare function publish(opts: Omit<PublishRecursiveOpts, 'workspaceDir'>
     engineStrict?: boolean;
     recursive?: boolean;
     workspaceDir?: string;
-} & Pick<Config, 'bin' | 'gitChecks' | 'ignoreScripts' | 'pnpmHomeDir' | 'publishBranch' | 'embedReadme' | 'packGzipLevel'> & Pick<ConfigContext, 'allProjects'>, params: string[]): Promise<PublishResult>;
+} & Pick<Config, 'bin' | 'gitChecks' | 'ignoreScripts' | 'pnpmHomeDir' | 'publishBranch' | 'embedReadme' | 'packGzipLevel' | 'skipManifestObfuscation'> & Pick<ConfigContext, 'allProjects'>, params: string[]): Promise<PublishResult>;
 export declare function runScriptsIfPresent(opts: RunLifecycleHookOptions, scriptNames: string[], manifest: ProjectManifest): Promise<void>;

package/lib/publish/publish.js

@@ -21,6 +21,7 @@ export function rcOptionsTypes() {
         'access',
         'git-checks',
         'ignore-scripts',
+        'skip-manifest-obfuscation',
         'provenance',
         'npm-path',
         'otp',
@@ -78,6 +79,10 @@ export function help() {
                         description: 'Ignores any publish related lifecycle scripts (prepublishOnly, postpublish, and the like)',
                         name: '--ignore-scripts',
                     },
+                    {
+                        description: 'Skip pnpm\'s manifest obfuscation: keep the original `packageManager` field and publish lifecycle scripts in the published manifest instead of stripping them. The pnpm-specific `pnpm` field is still omitted.',
+                        name: '--skip-manifest-obfuscation',
+                    },
                     {
                         description: 'Packages are proceeded to be published even if their current version is already in the registry. This is useful when a "prepublishOnly" script bumps the version of the package before it is published',
                         name: '--force',

package/lib/publish/publishPackedPkg.d.ts

@@ -2,43 +2,18 @@ import type { Config } from '@pnpm/config.reader';
 import { PnpmError } from '@pnpm/error';
 import type { ExportedManifest } from '@pnpm/releasing.exportable-manifest';
 import type { PublishOptions } from 'libnpmpublish';
+import { type PublishSummary } from '../tarball/publishSummary.js';
 import { type OtpContext } from './otp.js';
 import type { PackResult } from './pack.js';
+export type { PublishSummary };
 export type PublishPackedPkgOptions = Pick<Config, 'configByUri' | 'dryRun' | 'fetchRetries' | 'fetchRetryFactor' | 'fetchRetryMaxtimeout' | 'fetchRetryMintimeout' | 'fetchTimeout' | 'registries' | 'tag' | 'userAgent'> & Partial<Pick<Config, 'ca' | 'cert' | 'httpProxy' | 'httpsProxy' | 'key' | 'localAddress' | 'noProxy' | 'strictSsl'>> & {
     access?: 'public' | 'restricted';
     ci?: boolean;
     otp?: string;
     provenance?: boolean;
     provenanceFile?: string;
+    stage?: boolean;
 };
-/**
- * Per-package summary describing a successful publish, modeled after `npm publish --json`.
- * Returned to callers and serialized to stdout when `pnpm publish --json` is used.
- */
-export interface PublishSummary {
-    /** Human-readable identifier `${name}@${version}`. */
-    id: string;
-    name: string;
-    version: string;
-    /** Compressed tarball size in bytes. */
-    size: number;
-    /** Total uncompressed size of all files in the tarball, in bytes. */
-    unpackedSize: number;
-    /** Lowercase hex SHA-1 digest of the tarball. */
-    shasum: string;
-    /** SRI-formatted SHA-512 digest of the tarball (e.g. `sha512-...`). */
-    integrity: string;
-    /** Tarball file basename (e.g. `pkg-1.0.0.tgz`). */
-    filename: string;
-    /** Files inside the tarball, in the same shape `pnpm pack --json` emits. */
-    files: Array<{
-        path: string;
-    }>;
-    /** Number of files inside the tarball. */
-    entryCount: number;
-    /** Names of bundled dependencies included in the tarball (typically empty). */
-    bundled: string[];
-}
 export declare function publishPackedPkg(packResult: Pick<PackResult, 'publishedManifest' | 'tarballPath' | 'contents' | 'unpackedSize'>, opts: PublishPackedPkgOptions): Promise<PublishSummary>;
 /**
  * Builds the {@link OtpContext} used to drive the publish. The default fetch
@@ -76,4 +51,3 @@ interface OidcTokenProvenanceResult {
  *   public API.
  */
 export declare function fetchTokenAndProvenanceByOidc(packageName: string, registry: string, options: PublishPackedPkgOptions): Promise<OidcTokenProvenanceResult | undefined>;
-export {};

package/lib/publish/publishPackedPkg.js

@@ -4,6 +4,7 @@ import path from 'node:path';
 import { PnpmError } from '@pnpm/error';
 import { globalInfo, globalWarn } from '@pnpm/logger';
 import { createDispatchedFetch } from '@pnpm/network.fetch';
+import { extractBundledDependencies } from '../tarball/publishSummary.js';
 import { displayError } from './displayError.js';
 import { executeTokenHelper } from './executeTokenHelper.js';
 import { createFailedToPublishError } from './FailedToPublishError.js';
@@ -19,6 +20,7 @@ export async function publishPackedPkg(packResult, opts) {
     const publishOptions = await createPublishOptions(publishedManifest, opts);
     const { name, version } = publishedManifest;
     const { registry } = publishOptions;
+    const isStage = opts.stage === true;
     globalInfo(`📦 ${name}@${version} → ${registry ?? 'the default registry'}`);
     const summary = {
         id: `${name}@${version}`,
@@ -36,17 +38,21 @@ export async function publishPackedPkg(packResult, opts) {
         bundled: extractBundledDependencies(publishedManifest),
     };
     if (opts.dryRun) {
-        globalWarn(`Skip publishing ${name}@${version} (dry run)`);
+        globalWarn(`Skip ${isStage ? 'staging' : 'publishing'} ${name}@${version} (dry run)`);
         return summary;
     }
+    const context = createPublishContext(opts);
     const response = await publishWithOtpHandling({
-        context: createPublishContext(opts),
+        context,
         manifest: publishedManifest,
         publishOptions,
         tarballData,
     });
     if (response.ok) {
-        globalInfo(`✅ Published package ${name}@${version}`);
+        if (isStage && response.stageId) {
+            summary.stageId = response.stageId;
+        }
+        globalInfo(`✅ ${isStage ? 'Staged' : 'Published'} package ${name}@${version}`);
         return summary;
     }
     throw await createFailedToPublishError(packResult, response);
@@ -64,21 +70,6 @@ export function createPublishContext(opts) {
         fetch: createDispatchedFetch({ ...opts, timeout: opts.fetchTimeout }),
     };
 }
-/**
- * npm accepts both `bundledDependencies` and `bundleDependencies` in package.json and normalizes
- * to a list of dependency names. We mirror that normalization so consumers see a consistent array.
- */
-function extractBundledDependencies(manifest) {
-    const raw = manifest.bundledDependencies ?? manifest.bundleDependencies;
-    if (!raw)
-        return [];
-    if (Array.isArray(raw))
-        return raw;
-    // `true` means "bundle every dependency" per npm's semantics; expand it to the dependency names.
-    if (raw === true)
-        return Object.keys(manifest.dependencies ?? {});
-    return [];
-}
 /**
  * @internal Exported for unit testing of the access / registry / auth fallback rules. Not part of the package's
  *   public API.
@@ -92,9 +83,10 @@ export async function createPublishOptions(manifest, options) {
     const publishConfigAccess = manifest.publishConfig?.access;
     const access = options.access ?? (isPublishAccess(publishConfigAccess) ? publishConfigAccess : undefined);
     const { ci: isFromCI, fetchRetries, fetchRetryFactor, fetchRetryMaxtimeout, fetchRetryMintimeout, fetchTimeout: timeout, otp, provenance, provenanceFile, tag: defaultTag, userAgent, } = options;
+    const npmCommand = options.stage === true ? 'stage' : 'publish';
     const headers = {
         'npm-auth-type': 'web',
-        'npm-command': 'publish',
+        'npm-command': npmCommand,
     };
     const publishOptions = {
         access,
@@ -119,11 +111,15 @@ export async function createPublishOptions(manifest, options) {
         ca: tls?.ca,
         cert: tls?.cert,
         key: tls?.key,
-        npmCommand: 'publish',
+        npmCommand,
         token: creds && extractToken(creds),
         username: creds?.basicAuth?.username,
         password: creds?.basicAuth?.password,
     };
+    if (options.stage === true) {
+        publishOptions.command = 'stage';
+        publishOptions.stage = true;
+    }
     if (registry) {
         // OIDC takes precedence over a configured static `_authToken`, mirroring the npm CLI's
         // behavior (see https://github.com/npm/cli/blob/7d900c46/lib/utils/oidc.js). Trusted

package/lib/publish/recursivePublish.js

@@ -56,6 +56,7 @@ export async function recursivePublish(opts) {
         }
         const chunks = sortProjects(opts.selectedProjectsGraph);
         const tag = opts.tag ?? 'latest';
+        const commandArgs = opts.stage ? ['stage', 'publish'] : ['publish'];
         for (const chunk of chunks) {
             // We can't run publish concurrently due to the npm CLI asking for OTP.
             // NOTE: If we solve the OTP issue, we still need to limit packages concurrency.
@@ -72,7 +73,7 @@ export async function recursivePublish(opts) {
                     dir: pkg.rootDir,
                     argv: {
                         original: [
-                            'publish',
+                            ...commandArgs,
                             '--tag',
                             tag,
                             '--registry',

package/lib/stage/approve.d.ts

@@ -0,0 +1,2 @@
+import type { StageOptions } from './types.js';
+export declare function stageApprove(opts: StageOptions, params: string[]): Promise<string>;

package/lib/stage/approve.js

@@ -0,0 +1,14 @@
+import { createStageContext } from './context.js';
+import { requireStageId } from './parsing.js';
+import { stageRequestWithOtp } from './request.js';
+export async function stageApprove(opts, params) {
+    const stageId = requireStageId(params, 'approve');
+    const context = createStageContext(opts);
+    await stageRequestWithOtp(context, {
+        url: new URL(`-/stage/${stageId}/approve`, context.registry).href,
+        init: { method: 'POST' },
+        action: `approve staged package ${stageId}`,
+    });
+    return `Staged package ${stageId} approved and published successfully.`;
+}
+//# sourceMappingURL=approve.js.map

package/lib/stage/context.d.ts

@@ -0,0 +1,14 @@
+import { createFetchFromRegistry } from '@pnpm/network.fetch';
+import type { StageOptions } from './types.js';
+/**
+ * Shared per-subcommand request context. Created once at the entry of each stage
+ * subcommand so that paginated calls (e.g. `stageList`) reuse a single
+ * `fetchFromRegistry` instance and a precomputed auth header.
+ */
+export interface StageContext {
+    opts: StageOptions;
+    registry: string;
+    authHeaderValue: string | undefined;
+    fetchFromRegistry: ReturnType<typeof createFetchFromRegistry>;
+}
+export declare function createStageContext(opts: StageOptions, packageName?: string): StageContext;

package/lib/stage/context.js

@@ -0,0 +1,25 @@
+import { pickRegistryForPackage } from '@pnpm/config.pick-registry-for-package';
+import { createGetAuthHeaderByURI } from '@pnpm/network.auth-header';
+import { createFetchFromRegistry } from '@pnpm/network.fetch';
+const DEFAULT_REGISTRY = 'https://registry.npmjs.org/';
+export function createStageContext(opts, packageName) {
+    const registry = getStageRegistry(opts, packageName);
+    const getAuthHeaderByUri = createGetAuthHeaderByURI(opts.configByUri ?? {}, registry);
+    return {
+        opts,
+        registry,
+        authHeaderValue: getAuthHeaderByUri(registry),
+        fetchFromRegistry: createFetchFromRegistry(opts),
+    };
+}
+function getStageRegistry(opts, packageName) {
+    const registries = getRegistries(opts);
+    const registry = packageName
+        ? pickRegistryForPackage(registries, packageName)
+        : registries.default;
+    return registry.endsWith('/') ? registry : `${registry}/`;
+}
+function getRegistries(opts) {
+    return opts.registries ?? { default: opts.registry ?? DEFAULT_REGISTRY };
+}
+//# sourceMappingURL=context.js.map

package/lib/stage/download.d.ts

@@ -0,0 +1,2 @@
+import type { StageOptions } from './types.js';
+export declare function stageDownload(opts: StageOptions, params: string[]): Promise<string>;

package/lib/stage/download.js

@@ -0,0 +1,25 @@
+import fs from 'node:fs/promises';
+import path from 'node:path';
+import { summarizeTarball } from '../tarball/summarizeTarball.js';
+import { createStageContext } from './context.js';
+import { requireStageId } from './parsing.js';
+import { normalizePackageName, renderTarballSummary } from './rendering.js';
+import { stageRequest } from './request.js';
+export async function stageDownload(opts, params) {
+    const stageId = requireStageId(params, 'download');
+    const context = createStageContext(opts);
+    const response = await stageRequest(context, {
+        url: new URL(`-/stage/${stageId}/tarball`, context.registry).href,
+        init: { method: 'GET' },
+        action: `download staged package ${stageId}`,
+    });
+    const tarballData = Buffer.from(await response.arrayBuffer());
+    const summary = await summarizeTarball(tarballData);
+    const filename = `${normalizePackageName(summary.name)}-${summary.version}-${stageId}.tgz`;
+    const downloadedSummary = { ...summary, filename };
+    await fs.writeFile(path.resolve(opts.dir ?? process.cwd(), filename), tarballData);
+    if (opts.json)
+        return JSON.stringify({ [summary.name]: downloadedSummary }, null, 2);
+    return `${renderTarballSummary(downloadedSummary)}\n${filename}`;
+}
+//# sourceMappingURL=download.js.map

package/lib/stage/errors.d.ts

@@ -0,0 +1,15 @@
+import { PnpmError } from '@pnpm/error';
+interface StageRegistryErrorProperties {
+    readonly action: string;
+    readonly status: number;
+    readonly statusText: string;
+    readonly text: string;
+}
+export declare class StageRegistryError extends PnpmError implements StageRegistryErrorProperties {
+    readonly action: string;
+    readonly status: number;
+    readonly statusText: string;
+    readonly text: string;
+    constructor(opts: StageRegistryErrorProperties);
+}
+export {};

package/lib/stage/errors.js

@@ -0,0 +1,17 @@
+import { PnpmError } from '@pnpm/error';
+export class StageRegistryError extends PnpmError {
+    action;
+    status;
+    statusText;
+    text;
+    constructor(opts) {
+        const statusDisplay = opts.statusText ? `${opts.status} ${opts.statusText}` : opts.status.toString();
+        const trimmedText = opts.text.trim();
+        super('STAGE_REGISTRY_ERROR', `Failed to ${opts.action} (status ${statusDisplay})${trimmedText ? `: ${trimmedText}` : ''}`);
+        this.action = opts.action;
+        this.status = opts.status;
+        this.statusText = opts.statusText;
+        this.text = opts.text;
+    }
+}
+//# sourceMappingURL=errors.js.map

package/lib/stage/help.d.ts

@@ -0,0 +1 @@
+export declare function help(): string;

package/lib/stage/help.js

@@ -0,0 +1,84 @@
+import { FILTERING } from '@pnpm/cli.common-cli-options-help';
+import { docsUrl } from '@pnpm/cli.utils';
+import { renderHelp } from 'render-help';
+export function help() {
+    return renderHelp({
+        description: 'Stage packages for publishing, deferring proof-of-presence (2FA) to a later point in time.',
+        descriptionLists: [
+            {
+                title: 'Subcommands',
+                list: [
+                    {
+                        description: 'Stage a package for publishing.',
+                        name: 'publish',
+                    },
+                    {
+                        description: 'List all staged package versions.',
+                        name: 'list',
+                    },
+                    {
+                        description: 'View details of a specific staged package.',
+                        name: 'view',
+                    },
+                    {
+                        description: 'Approve a staged package, publishing it to the npm registry.',
+                        name: 'approve',
+                    },
+                    {
+                        description: 'Reject a staged package, removing it from the registry.',
+                        name: 'reject',
+                    },
+                    {
+                        description: 'Download the tarball of a staged package for inspection.',
+                        name: 'download',
+                    },
+                ],
+            },
+            {
+                title: 'Options',
+                list: [
+                    {
+                        description: 'The base URL of the npm registry.',
+                        name: '--registry <url>',
+                    },
+                    {
+                        description: 'Show information in JSON format for list, view, publish, and download.',
+                        name: '--json',
+                    },
+                    {
+                        description: 'Registers the staged package with the given tag. By default, the "latest" tag is used.',
+                        name: '--tag <tag>',
+                    },
+                    {
+                        description: 'Tells the registry whether the staged package should be public or restricted.',
+                        name: '--access <public|restricted>',
+                    },
+                    {
+                        description: 'Does everything stage publish would do except uploading to the registry.',
+                        name: '--dry-run',
+                    },
+                    {
+                        description: 'One-time password for approve and reject.',
+                        name: '--otp',
+                    },
+                    {
+                        description: 'Stage all publishable packages from the workspace.',
+                        name: '--recursive',
+                        shortAlias: '-r',
+                    },
+                ],
+            },
+            FILTERING,
+        ],
+        url: docsUrl('stage'),
+        usages: [
+            'pnpm stage publish [<tarball>|<dir>] [--tag <tag>] [--access <public|restricted>] [options]',
+            'pnpm stage list [<package-spec>]',
+            'pnpm stage view <stage-id>',
+            'pnpm stage approve <stage-id>',
+            'pnpm stage reject <stage-id>',
+            'pnpm stage download <stage-id>',
+        ],
+    });
+}
+//# sourceMappingURL=help.js.map

package/lib/stage/index.d.ts

@@ -0,0 +1,13 @@
+import { help } from './help.js';
+import { type StageOptions } from './types.js';
+export { help };
+export declare function rcOptionsTypes(): Record<string, unknown>;
+export declare function cliOptionsTypes(): Record<string, unknown>;
+export declare const commandNames: string[];
+export declare const completion: (_cliOpts: Record<string, unknown>, params: string[]) => Promise<Array<{
+    name: string;
+}>>;
+export declare function handler(opts: StageOptions, params: string[]): Promise<{
+    exitCode?: number;
+    output?: string;
+} | string | undefined>;

package/lib/stage/index.js

@@ -0,0 +1,57 @@
+import { types as allTypes } from '@pnpm/config.reader';
+import { PnpmError } from '@pnpm/error';
+import { pick } from 'ramda';
+import * as publishCommand from '../publish/publish.js';
+import { stageApprove } from './approve.js';
+import { stageDownload } from './download.js';
+import { help } from './help.js';
+import { stageList } from './list.js';
+import { stagePublish } from './publish.js';
+import { stageReject } from './reject.js';
+import { STAGE_SUBCOMMANDS } from './types.js';
+import { stageView } from './view.js';
+export { help };
+export function rcOptionsTypes() {
+    return {
+        ...publishCommand.rcOptionsTypes(),
+        ...pick([
+            'registry',
+        ], allTypes),
+    };
+}
+export function cliOptionsTypes() {
+    return publishCommand.cliOptionsTypes();
+}
+export const commandNames = ['stage'];
+export const completion = async (_cliOpts, params) => {
+    if (params.length > 0)
+        return [];
+    return STAGE_SUBCOMMANDS.map((name) => ({ name }));
+};
+export async function handler(opts, params) {
+    const subcommand = params[0];
+    const subcommandParams = params.slice(1);
+    switch (subcommand) {
+        case 'publish':
+            return stagePublish(opts, subcommandParams);
+        case 'list':
+            return stageList(opts, subcommandParams);
+        case 'view':
+            return stageView(opts, subcommandParams);
+        case 'approve':
+            return stageApprove(opts, subcommandParams);
+        case 'reject':
+            return stageReject(opts, subcommandParams);
+        case 'download':
+            return stageDownload(opts, subcommandParams);
+        case undefined:
+            throw new PnpmError('STAGE_SUBCOMMAND_REQUIRED', 'Stage subcommand is required', {
+                hint: `Use one of: ${STAGE_SUBCOMMANDS.join(', ')}`,
+            });
+        default:
+            throw new PnpmError('STAGE_UNKNOWN_SUBCOMMAND', `Unknown stage subcommand "${subcommand}"`, {
+                hint: `Use one of: ${STAGE_SUBCOMMANDS.join(', ')}`,
+            });
+    }
+}
+//# sourceMappingURL=index.js.map

package/lib/stage/list.d.ts

@@ -0,0 +1,2 @@
+import type { StageOptions } from './types.js';
+export declare function stageList(opts: StageOptions, params: string[]): Promise<string>;

package/lib/stage/list.js

@@ -0,0 +1,44 @@
+import { PnpmError } from '@pnpm/error';
+import { createStageContext } from './context.js';
+import { parseStagePackageSpec } from './parsing.js';
+import { renderStageItem } from './rendering.js';
+import { stageJsonRequest } from './request.js';
+const PER_PAGE = 100;
+export async function stageList(opts, params) {
+    const packageFilter = parsePackageFilter(params[0]);
+    const context = createStageContext(opts, packageFilter);
+    const items = [];
+    let page = 0;
+    while (true) {
+        const url = new URL('-/stage', context.registry);
+        url.searchParams.set('page', page.toString());
+        url.searchParams.set('perPage', PER_PAGE.toString());
+        if (packageFilter) {
+            url.searchParams.set('package', packageFilter);
+        }
+        // eslint-disable-next-line no-await-in-loop
+        const res = await stageJsonRequest(context, { url: url.href, action: 'list staged packages' });
+        items.push(...res.items);
+        if (items.length >= res.total || res.items.length < PER_PAGE)
+            break;
+        page++;
+    }
+    if (opts.json)
+        return JSON.stringify(items, null, 2);
+    if (items.length === 0) {
+        return packageFilter
+            ? `No staged versions of package name "${packageFilter}".`
+            : 'No staged packages found.';
+    }
+    return items.map(renderStageItem).join('\n\n');
+}
+function parsePackageFilter(rawSpec) {
+    if (!rawSpec)
+        return undefined;
+    const spec = parseStagePackageSpec(rawSpec);
+    if (spec.rawSpec !== '' && spec.rawSpec !== '*') {
+        throw new PnpmError('STAGE_VERSION_SPECIFIER_UNSUPPORTED', 'Version specifiers are not supported for listing staged packages');
+    }
+    return spec.name;
+}
+//# sourceMappingURL=list.js.map

package/lib/stage/parsing.d.ts

@@ -0,0 +1,6 @@
+import type { StageSubcommand } from './types.js';
+export declare function parseStagePackageSpec(rawSpec: string): {
+    name: string;
+    rawSpec: string;
+};
+export declare function requireStageId(params: string[], subcommand: StageSubcommand): string;