Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: npm/cli
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v11.0.0
Choose a base ref
...
head repository: npm/cli
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v11.1.0
Choose a head ref

Commits on Dec 16, 2024

  1. fix(search): properly display multiple search terms (#7980)

    When searching for multiple terms in npm, the highlighting code has a
    bug where it duplicates the output any time there are matching terms.
    This fixes the highlighting code.
    
    
    Before:
    ![output of "npm search gar promisify" showing the name being
    duplicated](https://github.com/user-attachments/assets/2f34ece7-7563-4db1-a540-3bb661a4c3e0)
    
    
    
    After:
    ![output of "node . search gar promisify" showing the name being
    displayed
    correctly](https://github.com/user-attachments/assets/ba31fcd9-caf3-4a08-8bbb-7f5242f0098b)
    wraithgar authored Dec 16, 2024
    Copy the full SHA
    f7da341 View commit details

Commits on Dec 20, 2024

  1. fix(sbom): deduplicate sbom dependencies (#7992)

    Certain project dependency trees may result in an SBOM with duplicate
    entries. This fix ensures that each unique dependency (identified by the
    combination of package name and version) only appears in the SBOM once.
    Applies to both SPDX and CycloneDX SBOM formats.
    
    Specific to the CycloneDX format, this change also removes the
    `cdx:npm:package:path` property from the `component` entries in the
    generated SBOM. Since the same package may be present at multiple paths
    within the project and we're now de-duplicating those packages, it no
    longer makes sense to include this in the SBOM. This does not impact the
    SPDX format as there is no equivalent property.
    
    Fixes: #6967
    
    Signed-off-by: Brian DeHamer <bdehamer@github.com>
    bdehamer authored Dec 20, 2024
    Copy the full SHA
    ab9ddc0 View commit details

Commits on Jan 6, 2025

  1. Copy the full SHA
    1764a37 View commit details
  2. Copy the full SHA
    7f6c997 View commit details

Commits on Jan 14, 2025

  1. docs: safer documentation urls, repos, packages (#8030)

    Noticed some of the resources pointed to external sites not controlled
    by npm or github and wanted to clean them up so they can't be squatted
    on.
    reggi authored Jan 14, 2025
    Copy the full SHA
    866b5ee View commit details

Commits on Jan 17, 2025

  1. Copy the full SHA
    7e7961d View commit details
  2. fix(publish): accept publishConfig.tag to override highes semver check

    Setting `tag` in `publishConfig` constitutes a "non default" scenario.
    wraithgar committed Jan 17, 2025
    Copy the full SHA
    7f72944 View commit details
  3. Copy the full SHA
    8a911ff View commit details
  4. Copy the full SHA
    dc31c1b View commit details

Commits on Jan 21, 2025

  1. docs: depth flag default value (#8051)

    documentation of `ls` command specifies that `depth` flag if not set
    defaults to `1` but as per code it uses 0 as default value.
    https://github.com/npm/cli/blob/dc31c1bdc6658ab69554adcf2988ee99a615c409/lib/commands/ls.js#L113-L116
    
    fixes: #7979
    milaninfy authored Jan 21, 2025
    Copy the full SHA
    e90c6fe View commit details
  2. Copy the full SHA
    859a71c View commit details
  3. docs: fix typos in "package-json" (#8041)

    This PR fixes small typos in the documentation for "configuring
    npm/package-json"
    maxkoryukov authored Jan 21, 2025
    Copy the full SHA
    f1af61f View commit details
  4. deps: chalk@5.4.1

    wraithgar committed Jan 21, 2025
    Copy the full SHA
    215ebe4 View commit details
  5. Copy the full SHA
    a65e5ce View commit details
  6. Copy the full SHA
    9473a86 View commit details
  7. Copy the full SHA
    18e0449 View commit details
  8. Copy the full SHA
    7ddfbad View commit details

Commits on Jan 22, 2025

  1. fix(publish): honor force for no dist tag and registry version check (#…

    …8054)
    
    Merges #7993 /
    #7994 /
    #7995
    
    - [x] adds ability to --force publish without latest check
    - [x] adds ability to --force publish of prerelease without tag
    - [x] consider equality in publish dist tag check error message
    reggi authored Jan 22, 2025
    Copy the full SHA
    31455b2 View commit details
  2. docs: update readme for Node.js versions, remove badges (#8055)

    Update the copy for "requirements" to specify that it is the Node.js
    support lifecycle that is key, not a specific version.
    
    Also removed the badges from the readme. Most of that info is already on
    the page as parsed by GitHub.
    wraithgar authored Jan 22, 2025
    Copy the full SHA
    3644e79 View commit details
  3. chore: smoke tests using a preid (#8056)

    #8054 broke the smoke test because were
    publishing the current version in a test
    reggi authored Jan 22, 2025
    Copy the full SHA
    aa202e9 View commit details
  4. Copy the full SHA
    9281ebf View commit details

Commits on Jan 27, 2025

  1. chore: stop publish smoke from check git clean (#8058)

    Im a big proponent of scripts working the same way in ci as they would
    locally. and that we should be able to run anything the ci does locally.
    The publish script is used to publish npm and ws packages, but also
    within a series of smoke tests. Making the flags clear it's either one
    of the two paths was my goal.
    reggi authored Jan 27, 2025
    Copy the full SHA
    6d0f46e View commit details

Commits on Jan 29, 2025

  1. chore: splits out smoke-tests from publish-dryrun tests (#8069)

    This removes the `publish.sh --smoke-publish` like from the current
    `smoke-publish-test.sh` (renaming it to `smoke-test.sh`) and runs both
    operations as seperete jobs within the `ci.yml` (on pr) and
    `ci-release.yml` (on merge) workflow.
    
    Why? To avoid changed files / git dirty issues from one operation to the
    next.
    
    With this PR we should have the same checks that merge has, on pr as
    well, preventing scenarios where a PR breaks a `smoke test` or `publish
    --smoke-publish` test. The only difference between merge / pr is that
    merge has more tested node versions, if PRs start to pass but fail in
    these version lets add the full matrix.
    
    ```sh
    npm i npm@latest -g && node scripts/git-dirty.js && node scripts/resetdeps.js && ./scripts/smoke-tests.sh
    ```
    
    ```sh
    npm i npm@latest -g && node scripts/git-dirty.js && node scripts/resetdeps.js && node ./scripts/publish.js --pack-destination=${pwd} --smoke-publish=true
    ```
    reggi authored Jan 29, 2025
    1
    Copy the full SHA
    61f00e3 View commit details
  2. chore: release 11.1.0

    github-actions[bot] authored and wraithgar committed Jan 29, 2025
    Copy the full SHA
    cab74ff View commit details
Loading