deps: @npmcli/[email protected], @npmcli/[email protected]

These dependency updates fix the issue found in `9.7.0` that was the
reason for its deprecation. Specifically `npm` will now use `bin` before
`directories.bin` when looking for bin scripts. This matches the
behavior of `[email protected]`.

DEPENDENCIES.md

@@ -218,6 +218,8 @@ graph LR;
   npmcli-package-json-->json-parse-even-better-errors;
   npmcli-package-json-->normalize-package-data;
   npmcli-package-json-->npm-normalize-package-bin;
+  npmcli-package-json-->npmcli-git["@npmcli/git"];
+  npmcli-package-json-->proc-log;
   npmcli-run-script-->npmcli-node-gyp["@npmcli/node-gyp"];
   npmcli-run-script-->npmcli-promise-spawn["@npmcli/promise-spawn"];
   npmcli-run-script-->read-package-json-fast;
@@ -704,6 +706,8 @@ graph LR;
   npmcli-package-json-->json-parse-even-better-errors;
   npmcli-package-json-->normalize-package-data;
   npmcli-package-json-->npm-normalize-package-bin;
+  npmcli-package-json-->npmcli-git["@npmcli/git"];
+  npmcli-package-json-->proc-log;
   npmcli-promise-spawn-->which;
   npmcli-query-->postcss-selector-parser;
   npmcli-run-script-->node-gyp;
@@ -822,8 +826,8 @@ packages higher up the chain.
  - @npmcli/arborist
  - @npmcli/metavuln-calculator
  - pacote, libnpmhook, libnpmorg, libnpmsearch, libnpmteam, npm-profile
- - npm-registry-fetch, libnpmversion
+ - npm-registry-fetch, @npmcli/package-json, libnpmversion
  - @npmcli/git, make-fetch-happen, @npmcli/config, init-package-json
- - @npmcli/installed-package-contents, @npmcli/map-workspaces, cacache, npm-pick-manifest, @npmcli/run-script, read-package-json, @npmcli/package-json, promzard
+ - @npmcli/installed-package-contents, @npmcli/map-workspaces, cacache, npm-pick-manifest, @npmcli/run-script, read-package-json, promzard
  - @npmcli/docs, @npmcli/fs, npm-bundled, read-package-json-fast, unique-filename, npm-install-checks, npm-package-arg, npm-packlist, normalize-package-data, bin-links, nopt, npmlog, parse-conflict-json, @npmcli/mock-globals, read
  - @npmcli/eslint-config, @npmcli/template-oss, ignore-walk, semver, npm-normalize-package-bin, @npmcli/name-from-folder, json-parse-even-better-errors, fs-minipass, ssri, unique-slug, @npmcli/promise-spawn, hosted-git-info, proc-log, validate-npm-package-name, @npmcli/node-gyp, minipass-fetch, @npmcli/query, cmd-shim, read-cmd-shim, write-file-atomic, abbrev, are-we-there-yet, gauge, minify-registry-metadata, ini, @npmcli/disparity-colors, mute-stream, npm-audit-report, npm-user-validate

node_modules/@npmcli/git/lib/find.js

@@ -1,15 +1,15 @@
 const is = require('./is.js')
 const { dirname } = require('path')
 
-module.exports = async ({ cwd = process.cwd() } = {}) => {
-  if (await is({ cwd })) {
-    return cwd
-  }
-  while (cwd !== dirname(cwd)) {
-    cwd = dirname(cwd)
+module.exports = async ({ cwd = process.cwd(), root } = {}) => {
+  while (true) {
     if (await is({ cwd })) {
       return cwd
     }
+    const next = dirname(cwd)
+    if (cwd === root || cwd === next) {
+      return null
+    }
+    cwd = next
   }
-  return null
 }

node_modules/@npmcli/git/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@npmcli/git",
-  "version": "4.0.4",
+  "version": "4.1.0",
   "main": "lib/index.js",
   "files": [
     "bin/",
@@ -23,16 +23,15 @@
     "template-oss-apply": "template-oss-apply --force"
   },
   "tap": {
-    "check-coverage": true,
-    "coverage-map": "map.js",
+    "timeout": 600,
     "nyc-arg": [
       "--exclude",
       "tap-snapshots/**"
     ]
   },
   "devDependencies": {
     "@npmcli/eslint-config": "^4.0.0",
-    "@npmcli/template-oss": "4.12.0",
+    "@npmcli/template-oss": "4.15.1",
     "npm-package-arg": "^10.0.0",
     "slash": "^3.0.0",
     "tap": "^16.0.1"
@@ -52,7 +51,7 @@
   },
   "templateOSS": {
     "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
-    "windowsCI": false,
-    "version": "4.12.0"
+    "version": "4.15.1",
+    "publish": true
   }
 }

node_modules/@npmcli/package-json/lib/index.js

@@ -38,6 +38,7 @@ class PackageJson {
     '_attributes',
     'bundledDependencies',
     'bundleDependencies',
+    'bundleDependenciesDeleteFalse',
     'gypfile',
     'serverjs',
     'scriptpath',

node_modules/@npmcli/package-json/lib/normalize.js

@@ -3,10 +3,13 @@ const { glob } = require('glob')
 const normalizePackageBin = require('npm-normalize-package-bin')
 const normalizePackageData = require('normalize-package-data')
 const path = require('path')
+const log = require('proc-log')
+const git = require('@npmcli/git')
 
-const normalize = async (pkg, { strict, steps }) => {
+const normalize = async (pkg, { strict, steps, root }) => {
   const data = pkg.content
   const scripts = data.scripts || {}
+  const pkgId = `${data.name ?? ''}@${data.version ?? ''}`
 
   // remove attributes that start with "_"
   if (steps.includes('_attributes')) {
@@ -20,7 +23,7 @@ const normalize = async (pkg, { strict, steps }) => {
   // build the "_id" attribute
   if (steps.includes('_id')) {
     if (data.name && data.version) {
-      data._id = `${data.name}@${data.version}`
+      data._id = pkgId
     }
   }
 
@@ -34,7 +37,9 @@ const normalize = async (pkg, { strict, steps }) => {
   // expand "bundleDependencies: true or translate from object"
   if (steps.includes('bundleDependencies')) {
     const bd = data.bundleDependencies
-    if (bd === true) {
+    if (bd === false && !steps.includes('bundleDependenciesDeleteFalse')) {
+      data.bundleDependencies = []
+    } else if (bd === true) {
       data.bundleDependencies = Object.keys(data.dependencies || {})
     } else if (bd && typeof bd === 'object') {
       if (!Array.isArray(bd)) {
@@ -158,7 +163,7 @@ const normalize = async (pkg, { strict, steps }) => {
   }
 
   // expand "directories.bin"
-  if (steps.includes('binDir') && data.directories?.bin) {
+  if (steps.includes('binDir') && data.directories?.bin && !data.bin) {
     const binsDir = path.resolve(pkg.path, path.join('.', path.join('/', data.directories.bin)))
     const bins = await glob('**', { cwd: binsDir })
     data.bin = bins.reduce((acc, binFile) => {
@@ -174,25 +179,28 @@ const normalize = async (pkg, { strict, steps }) => {
 
   // populate "gitHead" attribute
   if (steps.includes('gitHead') && !data.gitHead) {
+    const gitRoot = await git.find({ cwd: pkg.path, root })
     let head
-    try {
-      head = await fs.readFile(path.resolve(pkg.path, '.git/HEAD'), 'utf8')
-    } catch (err) {
+    if (gitRoot) {
+      try {
+        head = await fs.readFile(path.resolve(gitRoot, '.git/HEAD'), 'utf8')
+      } catch (err) {
       // do nothing
+      }
     }
     let headData
     if (head) {
       if (head.startsWith('ref: ')) {
         const headRef = head.replace(/^ref: /, '').trim()
-        const headFile = path.resolve(pkg.path, '.git', headRef)
+        const headFile = path.resolve(gitRoot, '.git', headRef)
         try {
           headData = await fs.readFile(headFile, 'utf8')
           headData = headData.replace(/^ref: /, '').trim()
         } catch (err) {
           // do nothing
         }
         if (!headData) {
-          const packFile = path.resolve(pkg.path, '.git/packed-refs')
+          const packFile = path.resolve(gitRoot, '.git/packed-refs')
           try {
             let refs = await fs.readFile(packFile, 'utf8')
             if (refs) {
@@ -271,11 +279,11 @@ const normalize = async (pkg, { strict, steps }) => {
   // in normalize-package-data if it had access to the file path.
   if (steps.includes('binRefs') && data.bin instanceof Object) {
     for (const key in data.bin) {
-      const binPath = path.resolve(pkg.path, data.bin[key])
       try {
-        await fs.access(binPath)
+        await fs.access(path.resolve(pkg.path, data.bin[key]))
       } catch {
-        delete data.bin[key]
+        log.warn('package-json', pkgId, `No bin file found at ${data.bin[key]}`)
+        // XXX: should a future breaking change delete bin entries that cannot be accessed?
       }
     }
   }

node_modules/@npmcli/package-json/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@npmcli/package-json",
-  "version": "3.1.0",
+  "version": "3.1.1",
   "description": "Programmatic API to update package.json",
   "main": "lib/index.js",
   "files": [
@@ -26,13 +26,17 @@
   "devDependencies": {
     "@npmcli/eslint-config": "^4.0.0",
     "@npmcli/template-oss": "4.15.1",
+    "read-package-json": "^6.0.4",
+    "read-package-json-fast": "^3.0.2",
     "tap": "^16.0.1"
   },
   "dependencies": {
+    "@npmcli/git": "^4.1.0",
     "glob": "^10.2.2",
     "json-parse-even-better-errors": "^3.0.0",
     "normalize-package-data": "^5.0.0",
-    "npm-normalize-package-bin": "^3.0.1"
+    "npm-normalize-package-bin": "^3.0.1",
+    "proc-log": "^3.0.0"
   },
   "repository": {
     "type": "git",

package-lock.json

@@ -87,7 +87,7 @@
         "@npmcli/arborist": "^6.2.9",
         "@npmcli/config": "^6.2.0",
         "@npmcli/map-workspaces": "^3.0.4",
-        "@npmcli/package-json": "^3.1.0",
+        "@npmcli/package-json": "^3.1.1",
         "@npmcli/run-script": "^6.0.2",
         "abbrev": "^2.0.0",
         "archy": "~1.0.0",
@@ -157,7 +157,7 @@
         "@npmcli/docs": "^1.0.0",
         "@npmcli/eslint-config": "^4.0.0",
         "@npmcli/fs": "^3.1.0",
-        "@npmcli/git": "^4.0.4",
+        "@npmcli/git": "^4.1.0",
         "@npmcli/mock-globals": "^1.0.0",
         "@npmcli/mock-registry": "^1.0.0",
         "@npmcli/promise-spawn": "^6.0.2",
@@ -2290,9 +2290,9 @@
       }
     },
     "node_modules/@npmcli/git": {
-      "version": "4.0.4",
-      "resolved": "https://registry.npmjs.org/@npmcli/git/-/git-4.0.4.tgz",
-      "integrity": "sha512-5yZghx+u5M47LghaybLCkdSyFzV/w4OuH12d96HO389Ik9CDsLaDZJVynSGGVJOLn6gy/k7Dz5XYcplM3uxXRg==",
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/@npmcli/git/-/git-4.1.0.tgz",
+      "integrity": "sha512-9hwoB3gStVfa0N31ymBmrX+GuDGdVA/QWShZVqE0HK2Af+7QGGrCTbZia/SW0ImUTjTne7SP91qxDmtXvDHRPQ==",
       "inBundle": true,
       "dependencies": {
         "@npmcli/promise-spawn": "^6.0.0",
@@ -2394,15 +2394,17 @@
       }
     },
     "node_modules/@npmcli/package-json": {
-      "version": "3.1.0",
-      "resolved": "https://registry.npmjs.org/@npmcli/package-json/-/package-json-3.1.0.tgz",
-      "integrity": "sha512-qNPy6Yf9ruFST99xcrl5EWAvrb7qFrwgVbwdzcTJlIgxbArKOq5e/bgZ6rTL1X9hDgAdPbvL8RWx/OTLSB0ToA==",
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/@npmcli/package-json/-/package-json-3.1.1.tgz",
+      "integrity": "sha512-+UW0UWOYFKCkvszLoTwrYGrjNrT8tI5Ckeb/h+Z1y1fsNJEctl7HmerA5j2FgmoqFaLI2gsA1X9KgMFqx/bRmA==",
       "inBundle": true,
       "dependencies": {
+        "@npmcli/git": "^4.1.0",
         "glob": "^10.2.2",
         "json-parse-even-better-errors": "^3.0.0",
         "normalize-package-data": "^5.0.0",
-        "npm-normalize-package-bin": "^3.0.1"
+        "npm-normalize-package-bin": "^3.0.1",
+        "proc-log": "^3.0.0"
       },
       "engines": {
         "node": "^14.17.0 || ^16.13.0 || >=18.0.0"

package.json

@@ -57,7 +57,7 @@
     "@npmcli/arborist": "^6.2.9",
     "@npmcli/config": "^6.2.0",
     "@npmcli/map-workspaces": "^3.0.4",
-    "@npmcli/package-json": "^3.1.0",
+    "@npmcli/package-json": "^3.1.1",
     "@npmcli/run-script": "^6.0.2",
     "abbrev": "^2.0.0",
     "archy": "~1.0.0",
@@ -190,7 +190,7 @@
     "@npmcli/docs": "^1.0.0",
     "@npmcli/eslint-config": "^4.0.0",
     "@npmcli/fs": "^3.1.0",
-    "@npmcli/git": "^4.0.4",
+    "@npmcli/git": "^4.1.0",
     "@npmcli/mock-globals": "^1.0.0",
     "@npmcli/mock-registry": "^1.0.0",
     "@npmcli/promise-spawn": "^6.0.2",