Update pacote, @npmcli/package-json, @npmcli/installed-package-contents

DEPENDENCIES.md

@@ -242,18 +242,14 @@ graph LR;
   pacote-->npm-registry-fetch;
   pacote-->npmcli-git["@npmcli/git"];
   pacote-->npmcli-installed-package-contents["@npmcli/installed-package-contents"];
+  pacote-->npmcli-package-json["@npmcli/package-json"];
   pacote-->npmcli-promise-spawn["@npmcli/promise-spawn"];
   pacote-->npmcli-run-script["@npmcli/run-script"];
   pacote-->proc-log;
-  pacote-->read-package-json-fast;
-  pacote-->read-package-json;
   pacote-->ssri;
   parse-conflict-json-->json-parse-even-better-errors;
   promzard-->read;
   read-->mute-stream;
-  read-package-json-->json-parse-even-better-errors;
-  read-package-json-->normalize-package-data;
-  read-package-json-->npm-normalize-package-bin;
   read-package-json-fast-->json-parse-even-better-errors;
   read-package-json-fast-->npm-normalize-package-bin;
   unique-filename-->unique-slug;
@@ -713,12 +709,11 @@ graph LR;
   pacote-->npm-registry-fetch;
   pacote-->npmcli-git["@npmcli/git"];
   pacote-->npmcli-installed-package-contents["@npmcli/installed-package-contents"];
+  pacote-->npmcli-package-json["@npmcli/package-json"];
   pacote-->npmcli-promise-spawn["@npmcli/promise-spawn"];
   pacote-->npmcli-run-script["@npmcli/run-script"];
   pacote-->proc-log;
   pacote-->promise-retry;
-  pacote-->read-package-json-fast;
-  pacote-->read-package-json;
   pacote-->sigstore;
   pacote-->ssri;
   pacote-->tar;
@@ -733,10 +728,6 @@ graph LR;
   promise-retry-->retry;
   promzard-->read;
   read-->mute-stream;
-  read-package-json-->glob;
-  read-package-json-->json-parse-even-better-errors;
-  read-package-json-->normalize-package-data;
-  read-package-json-->npm-normalize-package-bin;
   read-package-json-fast-->json-parse-even-better-errors;
   read-package-json-fast-->npm-normalize-package-bin;
   semver-->lru-cache;
@@ -811,6 +802,6 @@ packages higher up the chain.
  - @npmcli/run-script, libnpmhook, libnpmorg, libnpmsearch, libnpmteam, init-package-json, npm-profile
  - @npmcli/package-json, npm-registry-fetch
  - @npmcli/git, make-fetch-happen, @npmcli/config
- - @npmcli/installed-package-contents, @npmcli/map-workspaces, cacache, npm-pick-manifest, read-package-json, promzard
+ - @npmcli/installed-package-contents, @npmcli/map-workspaces, cacache, npm-pick-manifest, promzard
  - @npmcli/docs, @npmcli/fs, npm-bundled, read-package-json-fast, unique-filename, npm-install-checks, npm-package-arg, normalize-package-data, npm-packlist, bin-links, nopt, parse-conflict-json, @npmcli/mock-globals, read
  - @npmcli/eslint-config, @npmcli/template-oss, ignore-walk, semver, npm-normalize-package-bin, @npmcli/name-from-folder, json-parse-even-better-errors, fs-minipass, ssri, unique-slug, @npmcli/promise-spawn, hosted-git-info, proc-log, validate-npm-package-name, @npmcli/node-gyp, @npmcli/redact, @npmcli/agent, minipass-fetch, @npmcli/query, cmd-shim, read-cmd-shim, write-file-atomic, abbrev, proggy, minify-registry-metadata, ini, mute-stream, npm-audit-report, npm-user-validate

mock-registry/package.json

@@ -51,7 +51,7 @@
     "json-stringify-safe": "^5.0.1",
     "nock": "^13.3.3",
     "npm-package-arg": "^11.0.2",
-    "pacote": "^18.0.0",
+    "pacote": "^18.0.1",
     "tap": "^16.3.8"
   }
 }

node_modules/.gitignore

@@ -178,7 +178,6 @@
 !/qrcode-terminal
 !/read-cmd-shim
 !/read-package-json-fast
-!/read-package-json
 !/read
 !/retry
 !/safer-buffer

node_modules/@npmcli/installed-package-contents/bin/index.js

@@ -0,0 +1,44 @@
+#! /usr/bin/env node
+
+const { relative } = require('path')
+const pkgContents = require('../')
+
+const usage = `Usage:
+  installed-package-contents <path> [-d<n> --depth=<n>]
+
+Lists the files installed for a package specified by <path>.
+
+Options:
+  -d<n> --depth=<n>   Provide a numeric value ("Infinity" is allowed)
+                      to specify how deep in the file tree to traverse.
+                      Default=1
+  -h --help           Show this usage information`
+
+const options = {}
+
+process.argv.slice(2).forEach(arg => {
+  let match
+  if ((match = arg.match(/^(?:--depth=|-d)([0-9]+|Infinity)/))) {
+    options.depth = +match[1]
+  } else if (arg === '-h' || arg === '--help') {
+    console.log(usage)
+    process.exit(0)
+  } else {
+    options.path = arg
+  }
+})
+
+if (!options.path) {
+  console.error('ERROR: no path provided')
+  console.error(usage)
+  process.exit(1)
+}
+
+const cwd = process.cwd()
+
+pkgContents(options)
+  .then(list => list.sort().forEach(p => console.log(relative(cwd, p))))
+  .catch(/* istanbul ignore next - pretty unusual */ er => {
+    console.error(er)
+    process.exit(1)
+  })

node_modules/@npmcli/installed-package-contents/lib/index.js

@@ -1,5 +1,3 @@
-#! /usr/bin/env node
-
 // to GET CONTENTS for folder at PATH (which may be a PACKAGE):
 // - if PACKAGE, read path/package.json
 //   - if bins in ../node_modules/.bin, add those to result
@@ -19,53 +17,46 @@
 //     - add GET CONTENTS of bundled deps, PACKAGE=true, depth + 1
 
 const bundled = require('npm-bundled')
-const { promisify } = require('util')
-const fs = require('fs')
-const readFile = promisify(fs.readFile)
-const readdir = promisify(fs.readdir)
-const stat = promisify(fs.stat)
-const lstat = promisify(fs.lstat)
-const { relative, resolve, basename, dirname } = require('path')
+const { readFile, readdir, stat } = require('fs/promises')
+const { resolve, basename, dirname } = require('path')
 const normalizePackageBin = require('npm-normalize-package-bin')
 
-const readPackage = ({ path, packageJsonCache }) =>
-  packageJsonCache.has(path) ? Promise.resolve(packageJsonCache.get(path))
+const readPackage = ({ path, packageJsonCache }) => packageJsonCache.has(path)
+  ? Promise.resolve(packageJsonCache.get(path))
   : readFile(path).then(json => {
     const pkg = normalizePackageBin(JSON.parse(json))
     packageJsonCache.set(path, pkg)
     return pkg
-  })
-    .catch(er => null)
+  }).catch(() => null)
 
 // just normalize bundle deps and bin, that's all we care about here.
 const normalized = Symbol('package data has been normalized')
-const rpj = ({ path, packageJsonCache }) =>
-  readPackage({ path, packageJsonCache })
-    .then(pkg => {
-      if (!pkg || pkg[normalized]) {
-        return pkg
-      }
-      if (pkg.bundledDependencies && !pkg.bundleDependencies) {
-        pkg.bundleDependencies = pkg.bundledDependencies
-        delete pkg.bundledDependencies
-      }
-      const bd = pkg.bundleDependencies
-      if (bd === true) {
-        pkg.bundleDependencies = [
-          ...Object.keys(pkg.dependencies || {}),
-          ...Object.keys(pkg.optionalDependencies || {}),
-        ]
-      }
-      if (typeof bd === 'object' && !Array.isArray(bd)) {
-        pkg.bundleDependencies = Object.keys(bd)
-      }
-      pkg[normalized] = true
+const rpj = ({ path, packageJsonCache }) => readPackage({ path, packageJsonCache })
+  .then(pkg => {
+    if (!pkg || pkg[normalized]) {
       return pkg
-    })
+    }
+    if (pkg.bundledDependencies && !pkg.bundleDependencies) {
+      pkg.bundleDependencies = pkg.bundledDependencies
+      delete pkg.bundledDependencies
+    }
+    const bd = pkg.bundleDependencies
+    if (bd === true) {
+      pkg.bundleDependencies = [
+        ...Object.keys(pkg.dependencies || {}),
+        ...Object.keys(pkg.optionalDependencies || {}),
+      ]
+    }
+    if (typeof bd === 'object' && !Array.isArray(bd)) {
+      pkg.bundleDependencies = Object.keys(bd)
+    }
+    pkg[normalized] = true
+    return pkg
+  })
 
 const pkgContents = async ({
   path,
-  depth,
+  depth = 1,
   currentDepth = 0,
   pkg = null,
   result = null,
@@ -105,7 +96,7 @@ const pkgContents = async ({
       })
 
       const bins = await Promise.all(
-        binFiles.map(b => stat(b).then(() => b).catch((er) => null))
+        binFiles.map(b => stat(b).then(() => b).catch(() => null))
       )
       bins.filter(b => b).forEach(b => result.add(b))
     }
@@ -136,18 +127,6 @@ const pkgContents = async ({
 
   const recursePromises = []
 
-  // if we didn't get withFileTypes support, tack that on
-  if (typeof dirEntries[0] === 'string') {
-    // use a map so we can return a promise, but we mutate dirEntries in place
-    // this is much slower than getting the entries from the readdir call,
-    // but polyfills support for node versions before 10.10
-    await Promise.all(dirEntries.map(async (name, index) => {
-      const p = resolve(path, name)
-      const st = await lstat(p)
-      dirEntries[index] = Object.assign(st, { name })
-    }))
-  }
-
   for (const entry of dirEntries) {
     const p = resolve(path, entry.name)
     if (entry.isDirectory() === false) {
@@ -195,48 +174,8 @@ const pkgContents = async ({
   return result
 }
 
-module.exports = ({ path, depth = 1, packageJsonCache }) => pkgContents({
+module.exports = ({ path, ...opts }) => pkgContents({
   path: resolve(path),
-  depth,
+  ...opts,
   pkg: true,
-  packageJsonCache,
 }).then(results => [...results])
-
-if (require.main === module) {
-  const options = { path: null, depth: 1 }
-  const usage = `Usage:
-  installed-package-contents <path> [-d<n> --depth=<n>]
-
-Lists the files installed for a package specified by <path>.
-
-Options:
-  -d<n> --depth=<n>   Provide a numeric value ("Infinity" is allowed)
-                      to specify how deep in the file tree to traverse.
-                      Default=1
-  -h --help           Show this usage information`
-
-  process.argv.slice(2).forEach(arg => {
-    let match
-    if ((match = arg.match(/^--depth=([0-9]+|Infinity)/)) ||
-        (match = arg.match(/^-d([0-9]+|Infinity)/))) {
-      options.depth = +match[1]
-    } else if (arg === '-h' || arg === '--help') {
-      console.log(usage)
-      process.exit(0)
-    } else {
-      options.path = arg
-    }
-  })
-  if (!options.path) {
-    console.error('ERROR: no path provided')
-    console.error(usage)
-    process.exit(1)
-  }
-  const cwd = process.cwd()
-  module.exports(options)
-    .then(list => list.sort().forEach(p => console.log(relative(cwd, p))))
-    .catch(/* istanbul ignore next - pretty unusual */ er => {
-      console.error(er)
-      process.exit(1)
-    })
-}

node_modules/@npmcli/installed-package-contents/package.json

@@ -1,26 +1,25 @@
 {
   "name": "@npmcli/installed-package-contents",
-  "version": "2.0.2",
+  "version": "2.1.0",
   "description": "Get the list of files installed in a package in node_modules, including bundled dependencies",
   "author": "GitHub Inc.",
   "main": "lib/index.js",
   "bin": {
-    "installed-package-contents": "lib/index.js"
+    "installed-package-contents": "bin/index.js"
   },
   "license": "ISC",
   "scripts": {
     "test": "tap",
     "snap": "tap",
-    "lint": "eslint \"**/*.js\"",
+    "lint": "eslint \"**/*.{js,cjs,ts,mjs,jsx,tsx}\"",
     "postlint": "template-oss-check",
     "template-oss-apply": "template-oss-apply --force",
     "lintfix": "npm run lint -- --fix",
     "posttest": "npm run lint"
   },
   "devDependencies": {
     "@npmcli/eslint-config": "^4.0.0",
-    "@npmcli/template-oss": "4.11.4",
-    "require-inject": "^1.4.4",
+    "@npmcli/template-oss": "4.21.4",
     "tap": "^16.3.0"
   },
   "dependencies": {
@@ -40,7 +39,8 @@
   },
   "templateOSS": {
     "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
-    "version": "4.11.4"
+    "version": "4.21.4",
+    "publish": true
   },
   "tap": {
     "nyc-arg": [

node_modules/@npmcli/package-json/lib/index.js

@@ -167,6 +167,12 @@ class PackageJson {
     return this
   }
 
+  fromContent (data) {
+    this.#manifest = data
+    this.#canSave = false
+    return this
+  }
+
   // Load data from a comment
   // /**package { "name": "foo", "version": "1.2.3", ... } **/
   fromComment (data) {

node_modules/@npmcli/package-json/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@npmcli/package-json",
-  "version": "5.0.3",
+  "version": "5.1.0",
   "description": "Programmatic API to update package.json",
   "main": "lib/index.js",
   "files": [
@@ -25,7 +25,7 @@
   "license": "ISC",
   "devDependencies": {
     "@npmcli/eslint-config": "^4.0.0",
-    "@npmcli/template-oss": "4.21.3",
+    "@npmcli/template-oss": "4.21.4",
     "read-package-json": "^7.0.0",
     "read-package-json-fast": "^3.0.2",
     "tap": "^16.0.1"
@@ -48,7 +48,7 @@
   },
   "templateOSS": {
     "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
-    "version": "4.21.3",
+    "version": "4.21.4",
     "publish": "true"
   },
   "tap": {

node_modules/pacote/lib/dir.js

@@ -87,7 +87,7 @@ class DirFetcher extends Fetcher {
       return Promise.resolve(this.package)
     }
 
-    return this[_readPackageJson](this.resolved + '/package.json')
+    return this[_readPackageJson](this.resolved)
       .then(mani => this.package = {
         ...mani,
         _integrity: this.integrity && String(this.integrity),

package.json

@@ -56,7 +56,7 @@
     "@npmcli/config": "^8.0.2",
     "@npmcli/fs": "^3.1.0",
     "@npmcli/map-workspaces": "^3.0.6",
-    "@npmcli/package-json": "^5.0.3",
+    "@npmcli/package-json": "^5.1.0",
     "@npmcli/promise-spawn": "^7.0.1",
     "@npmcli/redact": "^1.1.0",
     "@npmcli/run-script": "^8.0.0",
@@ -103,7 +103,7 @@
     "npm-registry-fetch": "^16.2.1",
     "npm-user-validate": "^2.0.0",
     "p-map": "^4.0.0",
-    "pacote": "^18.0.0",
+    "pacote": "^18.0.2",
     "parse-conflict-json": "^3.0.1",
     "proc-log": "^4.2.0",
     "proggy": "^2.0.0",

workspaces/arborist/package.json

@@ -5,12 +5,12 @@
   "dependencies": {
     "@isaacs/string-locale-compare": "^1.1.0",
     "@npmcli/fs": "^3.1.0",
-    "@npmcli/installed-package-contents": "^2.0.2",
+    "@npmcli/installed-package-contents": "^2.1.0",
     "@npmcli/map-workspaces": "^3.0.2",
     "@npmcli/metavuln-calculator": "^7.1.0",
     "@npmcli/name-from-folder": "^2.0.0",
     "@npmcli/node-gyp": "^3.0.0",
-    "@npmcli/package-json": "^5.0.3",
+    "@npmcli/package-json": "^5.1.0",
     "@npmcli/query": "^3.1.0",
     "@npmcli/redact": "^1.1.0",
     "@npmcli/run-script": "^8.0.0",
@@ -26,7 +26,7 @@
     "npm-package-arg": "^11.0.2",
     "npm-pick-manifest": "^9.0.0",
     "npm-registry-fetch": "^16.2.1",
-    "pacote": "^18.0.0",
+    "pacote": "^18.0.1",
     "parse-conflict-json": "^3.0.0",
     "proc-log": "^4.2.0",
     "proggy": "^2.0.0",

workspaces/libnpmdiff/package.json

@@ -47,12 +47,12 @@
   },
   "dependencies": {
     "@npmcli/arborist": "^7.2.1",
-    "@npmcli/installed-package-contents": "^2.0.2",
+    "@npmcli/installed-package-contents": "^2.1.0",
     "binary-extensions": "^2.3.0",
     "diff": "^5.1.0",
     "minimatch": "^9.0.4",
     "npm-package-arg": "^11.0.2",
-    "pacote": "^18.0.0",
+    "pacote": "^18.0.1",
     "tar": "^6.2.1"
   },
   "templateOSS": {

workspaces/libnpmexec/package.json

@@ -63,7 +63,7 @@
     "@npmcli/run-script": "^8.0.0",
     "ci-info": "^4.0.0",
     "npm-package-arg": "^11.0.2",
-    "pacote": "^18.0.0",
+    "pacote": "^18.0.1",
     "proc-log": "^4.2.0",
     "read": "^3.0.1",
     "read-package-json-fast": "^3.0.2",

workspaces/libnpmpack/package.json

@@ -39,7 +39,7 @@
     "@npmcli/arborist": "^7.2.1",
     "@npmcli/run-script": "^8.0.0",
     "npm-package-arg": "^11.0.2",
-    "pacote": "^18.0.0"
+    "pacote": "^18.0.1"
   },
   "engines": {
     "node": "^16.14.0 || >=18.0.0"