- Notifications
You must be signed in to change notification settings - Fork123
feat: Use npm v7#304
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
feat: Use npm v7#304
Uh oh!
There was an error while loading.Please reload this page.
Conversation
danez commentedDec 8, 2020 • edited by heartsbot
Loading Uh oh!
There was an error while loading.Please reload this page.
edited by heartsbot
Uh oh!
There was an error while loading.Please reload this page.
 Not sure why the integration tests fail with 403 errors. |
gr2m commentedDec 8, 2020 • edited by heartsbot
Loading Uh oh!
There was an error while loading.Please reload this page.
edited by heartsbot
Uh oh!
There was an error while loading.Please reload this page.
 Thanks a lot Daniel, I really want us to upgrade to |
ext commentedFeb 13, 2021 • edited by heartsbot
Loading Uh oh!
There was an error while loading.Please reload this page.
edited by heartsbot
Uh oh!
There was an error while loading.Please reload this page.
 Possible a bit off-topic but I am a bit curious as to why it has to be a dependency at all, is not not possible to use system npm? |
gr2m commentedFeb 17, 2021 • edited by heartsbot
Loading Uh oh!
There was an error while loading.Please reload this page.
edited by heartsbot
Uh oh!
There was an error while loading.Please reload this page.
the problem is compatibility. WE don't know what system npm version you have and making sure that the code is compatible with all current and future version is a maintenance nightmare |
ext commentedFeb 17, 2021 • edited by heartsbot
Loading Uh oh!
There was an error while loading.Please reload this page.
edited by heartsbot
Uh oh!
There was an error while loading.Please reload this page.
But it is also a bit nightmare-ish for users? It pulls many extra dependencies (some with security vulnerabilities) and it also causes incompatibilities in run scripts, e.g. system with npm 7 uses npm 6 (or vice versa after this PR) when using But I get your point, I was mostly curious about the reasoning. |
lattwood commentedMar 29, 2021 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
Expect this issue to have more activity in the coming days, we received this notification two hours ago from dependabot. edit: Link to GHSA:GHSA-vx3p-948g-6vhq /
|
@gr2m I figured out why the integration tests fail, It is only because npm v7 does not set themaintainers field anymore on publish, butnpm-registry-couchapp requires it to be set. To fix this I switched to the proper npm registryverdaccio instead of the docker image fromhere. Now all the test seems to work :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
great work! Thank you so much! Just one question
| // Verify the logger has been called with the version updated | ||
| t.deepEqual(t.context.log.args[0],['Write version %s to package.json in %s','1.0.0',cwd]); | ||
| }); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Why did you remove this test?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Because it was testing npm internal stuff. Npm v7 does not formatpackage.json files anymore, so this test failed because no newlines were present in the expectedpackage.json.
I could have "fixed" the test and adjusted the expected output, but the test before this one (Preserve indentation and newline) does exactly the same thing then and the testname would have not really described anymore what it is testing. So I decided to remove it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
got it, thanks 👍🏼
🎉 This PR is included in version 7.1.0 🎉 The release is available on: Yoursemantic-release bot 📦🚀 |
wyardley commentedMar 31, 2021
This won't result in projects still using the old format publishing with the new This may not technically be breaking, but it is causing issues for some of our tooling that was calling npm and expecting the v6 output. |
Is the |
weaintplastic commentedApr 1, 2021 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
Hey@danez. 👋 Hope you are doing well. We've updated semantic-release/npm from 7.0.10 to 7.1.0 and since then our release flow isn't able to pubish packages anymore to our private repository due to an authentification error. The release is performed inside a Github action providing an -name:Releaseenv:GITHUB_TOKEN:${{ secrets.GITHUB_TOKEN }}NPM_TOKEN:${{ secrets.NPM_TOKEN }}run:npm run release -- --debug The error we're receiving is Reverting the dependency update made our releases to finish successfully again. Do you have any advice where to look for a fix? |
hey@weaintplastic, That is odd as this error only appears if no credentials are found for the registry.https://github.com/npm/cli/blob/latest/lib/publish.js#L99-L109 what is the npm version that is now installed in your project? |
weaintplastic commentedApr 1, 2021
@danez we are using node 15 and npm 7. we have a |
which required swapping the registry from the integration tests to verdaccio, similar to the changeinsemantic-release/npm#304for#2055
# 1.0.0 (2025-06-15)### Bug Fixes* add `preferLocal` option to allow execa to use local npm version ([semantic-release#445](https://github.com/electroluxcode/npm/issues/445)) ([002439e](002439e))* add dist-tag to publish and add-channel logs ([db6ccd2](db6ccd2))* add dist-tag to publish log ([2de37a1](2de37a1))* add message if no gitHead found ([9cde647](9cde647))* add missed `preferLocal` option for execa call ([semantic-release#458](https://github.com/electroluxcode/npm/issues/458)) ([c817a88](c817a88))* **aggregate-error:** upgraded to the latest version ([7285e05](7285e05))* always attempt to set the legacy token env var ([2432eb0](2432eb0))* avoid adding unnecessary new line to `.npmrc` ([6189ee7](6189ee7))* check publish props only in verify ones are undefined ([dc9f08c](dc9f08c))* ci ([0892bf4](0892bf4))* ci ([47078ee](47078ee))* **deps:** raised the minimum accepted range of npm to v10.5.0 ([semantic-release#759](https://github.com/electroluxcode/npm/issues/759)) ([a0313f8](a0313f8)), closes [semantic-release/semantic-release#3202](semantic-release/semantic-release#3202)* **deps:** update dependency @semantic-release/error to v3 ([semantic-release#402](https://github.com/electroluxcode/npm/issues/402)) ([60832fb](60832fb))* **deps:** update dependency @semantic-release/error to v4 ([semantic-release#628](https://github.com/electroluxcode/npm/issues/628)) ([53a1012](53a1012))* **deps:** update dependency aggregate-error to v5 ([semantic-release#676](https://github.com/electroluxcode/npm/issues/676)) ([f2bc9e7](f2bc9e7))* **deps:** update dependency execa to v5 ([semantic-release#299](https://github.com/electroluxcode/npm/issues/299)) ([d4e5bb2](d4e5bb2))* **deps:** update dependency execa to v7 ([semantic-release#575](https://github.com/electroluxcode/npm/issues/575)) ([4c11706](4c11706))* **deps:** update dependency execa to v8 ([semantic-release#659](https://github.com/electroluxcode/npm/issues/659)) ([502d5ba](502d5ba))* **deps:** update dependency execa to v9 ([9ac5ed0](9ac5ed0))* **deps:** update dependency fs-extra to v10 ([80fde1e](80fde1e))* **deps:** update dependency fs-extra to v11 ([7157d76](7157d76))* **deps:** update dependency fs-extra to v11.1.1 ([semantic-release#591](https://github.com/electroluxcode/npm/issues/591)) ([31e0e27](31e0e27))* **deps:** update dependency normalize-url to v6 ([97ca719](97ca719))* **deps:** update dependency npm to v10 ([819f257](819f257))* **deps:** update dependency npm to v10.2.5 ([42b5dec](42b5dec))* **deps:** update dependency npm to v9 ([28265ec](28265ec))* **deps:** update dependency read-pkg to v8 ([semantic-release#602](https://github.com/electroluxcode/npm/issues/602)) ([aaddc5c](aaddc5c))* **deps:** update dependency read-pkg to v9 ([semantic-release#703](https://github.com/electroluxcode/npm/issues/703)) ([6e84013](6e84013))* **deps:** update dependency registry-auth-token to v5 ([187671f](187671f))* **deps:** update dependency tempy to ^0.7.0 ([semantic-release#287](https://github.com/electroluxcode/npm/issues/287)) ([dd25707](dd25707))* **deps:** update dependency tempy to v1 ([semantic-release#289](https://github.com/electroluxcode/npm/issues/289)) ([5a1dbb8](5a1dbb8))* **deps:** upgraded npm to v9 ([2a79f80](2a79f80))* do not make `package.json`'s version mandatory ([eda41f0](eda41f0))* do not use `execa.stdout.pipe` as it closes the stream ([544d4c7](544d4c7))* **execa:** upgraded to the latest version ([7c74660](7c74660))* factorise the verification code in a function ([8e28af9](8e28af9))* fix error handling when no npm token is defined ([a548415](a548415))* fix typo in error message ([18a4d64](18a4d64))* format `package.json` and `npm-shrinkwrap.json` as `npm` ([da718a3](da718a3))* get tarball name as last line from stdout ([cec8078](cec8078))* Honor NPM_CONFIG_USERCONFIG setting ([932ea5e](932ea5e))* Honor NPM_CONFIG_USERCONFIG setting ([1395b18](1395b18))* improve error message text for npm tokens ([semantic-release#323](https://github.com/electroluxcode/npm/issues/323)) ([88e5862](88e5862))* include version in npm release URL ([827fcb3](827fcb3))* log the output of `npm whoami` command ([cd1ecaa](cd1ecaa))* log the path of existing `.npmrc` files ([a0120d2](a0120d2))* **normalize-url:** upgraded to the latest version ([b55bb01](b55bb01))* **package:** pin npm to 6.5.0 ([ddab7b7](ddab7b7))* **package:** pin npm to 6.5.0 ([d506b9a](d506b9a))* **package:** update aggregate-error to version 2.0.0 ([df53298](df53298))* **package:** update aggregate-error to version 2.0.0 ([8386664](8386664))* **package:** update aggregate-error to version 3.0.0 ([3e0d5d0](3e0d5d0))* **package:** update aggregate-error to version 3.0.0 ([46ec5ee](46ec5ee))* **package:** update execa to version 0.10.0 ([f92254f](f92254f))* **package:** update execa to version 0.11.0 ([b2dd3d7](b2dd3d7))* **package:** update execa to version 0.9.0 ([a39db0e](a39db0e))* **package:** update execa to version 1.0.0 ([746f734](746f734))* **package:** update execa to version 2.0.0 ([9498e21](9498e21))* **package:** update execa to version 2.0.2 ([d2932ba](d2932ba))* **package:** update execa to version 2.0.2 ([2a45e25](2a45e25))* **package:** update execa to version 3.0.0 ([b1780c1](b1780c1))* **package:** update execa to version 3.2.0 ([7db019f](7db019f))* **package:** update execa to version 4.0.0 ([d97dee5](d97dee5))* **package:** update fs-extra to version 5.0.0 ([78c201f](78c201f))* **package:** update fs-extra to version 6.0.0 ([e9d0db5](e9d0db5))* **package:** update fs-extra to version 7.0.0 ([14f9d11](14f9d11))* **package:** update fs-extra to version 8.0.0 ([bf603e5](bf603e5))* **package:** update fs-extra to version 8.0.0 ([8288c24](8288c24))* **package:** update fs-extra to version 9.0.0 ([67a3109](67a3109))* **package:** update node requirement to 8.3 ([c2c59ab](c2c59ab))* **package:** update normalize-url to version 3.0.0 ([d12b00b](d12b00b))* **package:** update normalize-url to version 4.0.0 ([ee787b4](ee787b4))* **package:** update normalize-url to version 5.0.0 ([a554580](a554580))* **package:** update npm to version 6.8.0 ([2b0492e](2b0492e))* **package:** update npm to version 6.8.0 ([62b27c5](62b27c5))* **package:** update read-pkg to version 4.0.0 ([1e21691](1e21691))* **package:** update read-pkg to version 5.0.0 ([877ce40](877ce40))* **package:** update read-pkg to version 5.0.0 ([d03aff2](d03aff2))* **package:** update registry-auth-token to version 4.0.0 ([2868b2c](2868b2c))* **package:** update registry-auth-token to version 4.0.0 ([9a6176d](9a6176d))* **package:** update semver to version 6.3.0 ([c515862](c515862))* **package:** update semver to version 7.1.2 ([a58b30b](a58b30b))* **package:** update tempy to version 0.4.0 ([4874bf6](4874bf6))* **package:** update tempy to version 0.5.0 ([6ffff19](6ffff19))* **package:** update vulnerable dependencies ([semantic-release#185](https://github.com/electroluxcode/npm/issues/185)) ([a96c6da](a96c6da))* **package:** update vulnerable dependencies ([semantic-release#185](https://github.com/electroluxcode/npm/issues/185)) ([c663276](c663276))* Pass registry URL to `npm` CLI with `--registry` ([187b823](187b823))* preserve `package.json` and `npm-shrinkwrap.json` formatting ([abcc70b](abcc70b))* preserve config in both home and local `.npmrc` ([de677ea](de677ea))* **README:** correct docs on authentication ([semantic-release#413](https://github.com/electroluxcode/npm/issues/413)) ([f089d9d](f089d9d))* remove support for legacy auth ([51ab3c8](51ab3c8))* remove unecessary `Buffer.from` in `lib/set-npmrc-auth.js` ([d79b865](d79b865))* require Node.js >=8.16 ([fce3a67](fce3a67))* return `false` if the npm publish is skipped ([4a41228](4a41228))* return `false` if the npm publish is skipped ([45890fd](45890fd))* return `false` in `addChannel` if package is not published on npm ([5434bab](5434bab))* Return `undefined` when no version is found ([b78535e](b78535e))* revert to execa `^1.0.0` ([6f40669](6f40669))* **revert): "fix(deps:** update dependency npm to v9" ([semantic-release#561](https://github.com/electroluxcode/npm/issues/561)) ([c28a848](c28a848))* skip auth verification when skipping publish to registry ([1e612b6](1e612b6))* skip npm auth verification if npmPublish is false ([4cd5cd7](4cd5cd7))* skip tarball move if config is `cwd` ([a224497](a224497))* skip tarball move if config is `cwd` ([a457fdc](a457fdc))* stream command output to `stdout` and `stderr` ([5951b30](5951b30))* **tempy:** upgraded to the latest version of tempy ([f1992a5](f1992a5))* update required node and npm version ([semantic-release#273](https://github.com/electroluxcode/npm/issues/273)) ([493fbad](493fbad))* updated the peer requirement for `semantic-release` to the new stable version ([575a5a4](575a5a4))* updated the peer requirement on `semantic-release` to a version matching the engines definition of this package ([2d1f5f2](2d1f5f2))* upgrade npm dependency to v8 ([a12d6e5](a12d6e5))* use `logger` instead of writing on `stdout` ([0b9688a](0b9688a))* use correct peerDependencies for semantic-release ([8b47e7b](8b47e7b))* use NPM_CONFIG_USERCONFIG in get-registry to match auth ([semantic-release#362](https://github.com/electroluxcode/npm/issues/362)) ([13200ca](13200ca))* validate only known options ([648b21b](648b21b))* verify authentication for default npm registry only ([8cb4c04](8cb4c04))### chore* require Node.js >=10.18 ([8140f0f](8140f0f))### Code Refactoring* **esm:** converted the package to esm ([2d8ff15](2d8ff15))### Features* add `addChannel` plugin step ([fb96126](fb96126))* add `details` to error messages ([b14d34d](b14d34d))* Add `npmPublish` and `tarballDir` options ([d04a9b0](d04a9b0))* add `pkgRoot` option to publish a sub-directory ([e36a56b](e36a56b))* add dependency to `npm` ([b180a95](b180a95))* add npm version hook ([8f3d6f9](8f3d6f9))* allow to configure the registry via `NPM_CONFIG_REGISTRY` ([0126704](0126704))* branch trigger ([2e2c0a7](2e2c0a7))* ci ([1238cd9](1238cd9))* **exports:** defined `exports` to point at ./index.js ([9e193c2](9e193c2))* Initial release ([55c1014](55c1014))* log npm CLI output to `stdout`/`stderr` ([c8e2ba4](c8e2ba4))* **node-version:** raised the minimum required version to v14.17 ([semantic-release#387](https://github.com/electroluxcode/npm/issues/387)) ([semantic-release#399](https://github.com/electroluxcode/npm/issues/399)) ([f65e49d](f65e49d))* **node-versions:** dropped support for node v18 and v19 ([2df962b](2df962b))* **node-versions:** dropped support for node versions below v18 ([aff3574](aff3574))* **node-versions:** raised the minimum required node version to v18.17 and dropped v19 support ([6413130](6413130))* preserve indetentation and newline type of package.json ([bd74f54](bd74f54))* preserve local `.npmrc` file ([8726eff](8726eff))* Read package.json file instead using the one passed by semantic-release ([8565d9d](8565d9d))* remove `getLastRelease` hook ([9383a98](9383a98))* require Node.js >=10.13 ([6426458](6426458))* require Node.js >=8.15 ([4caf538](4caf538))* retrieve gitHead from git tag if it's missing from the npm metadata ([cf039fd](cf039fd))* return all errors ([e611dad](e611dad))* Return async functions ([2058e9e](2058e9e))* return release informations from `publish` hook ([755356b](755356b))* **semantic-release-peer:** raised the minimum peer requirement to the first version that supports loading esm plugins ([22e70ad](22e70ad))* skip publising if the `package.json` `private` prop is `true` ([7052c9f](7052c9f))* support `nextRelease.channel` property in `publish` step ([b8deba7](b8deba7))* Support legacy authentication ([5fb0b09](5fb0b09))* update `package.json` with `npm version` ([e8fe729](e8fe729))* update package.json and create tarball in `prepare` hook ([f7b73e5](f7b73e5))* update version in `package-lock.json` ([0f774fc](0f774fc))* url trigger ([31bdeeb](31bdeeb))* use `cwd` and `env` options passed by core ([f2e30c7](f2e30c7))* Use always-auth from .npmrc ([b0635c3](b0635c3)), closes [semantic-release#6](https://github.com/electroluxcode/npm/issues/6)* use npm v7 ([semantic-release#304](https://github.com/electroluxcode/npm/issues/304)) ([a15c017](a15c017))* verify `package.json` has a `version` property ([3c975df](3c975df))### Reverts* Revert "chore(deps): update dependency p-retry to v5 ([semantic-release#424](https://github.com/electroluxcode/npm/issues/424))" ([semantic-release#425](https://github.com/electroluxcode/npm/issues/425)) ([df11027](df11027))### BREAKING CHANGES* **exports:** `exports` has been defined, which prevents access to private apis (which arentintended for consumption anyway)* **node-versions:** node v18 and v19 are no longer supported* **node-versions:** node v18.17 is now the minimum required version and support for v19 has been dropped* **deps:** the direct dependency on npm has been upgraded to v9. details of breaking changescan be found athttps://github.com/npm/cli/releases/tag/v9.0.0* **semantic-release-peer:** the required version of semantic-release has beenraised to v20.1.0 in order to support loading of ESM plugins* **aggregate-error:** due to the aggregate-error upgrade, thrown errors are no longer iterable, but instead list the errors under an `errors` property* legacy authentication using `NPM_USERNAME` and `NPM_PASSWORD` is no longer supported. Use `NPM_TOKEN` instead.* **node-versions:** node v18 is now the minimum required node version* **esm:** `@semantic-release/npm` is now a native ES Module. Ithas named exports for each plugin hook (`verifyConditions`, `prepare`,`publish`, `addChannel`)* the minimum required peer of `semantic-release` has been raised to match the `engines.node` requirements of this package* npm v8 dropped support for node v15, so it is no longer supported in this plugin. this should be low impact since node v15 is already EOLCo-authored-by: Matt Travi <programmer@travi.org>* **node-version:** the minimum required version of node is now v14.17Co-authored-by: Matt Travi <programmer@travi.org>* Require Node.js >= 10.18* Require Node.js >= 10.13* Require Node.js => 8.15* require `semantic-release` >= `15.9.0`* require `semantic-release` >= `15.8.0`* The `getLastRelease` hook is removedThe plugin is compatible only with `semantic-release@13.0.0` and above.* Return async functions instead of functions calling a callback
Uh oh!
There was an error while loading.Please reload this page.
I updated npm from v6 to v7. Reading the blogposts there shouldn't be any breaking changes, at least not in the functionality that semantic-release uses.
One test failed, but it was testing npm internal stuff about formating of package.json, so I removed it. (npm v7 does seem to preserve whatever formatting is in the file and just replace the version.) Hope that is okay?