Grep the cache for a pattern

A special constant version number/string that points to a "bleeding edge"/master/HEAD version of a particular software would be nice to have. :-)

When you call npm without any arguments, it should drop into a repl where you can issue commands just like you would to the cli, and maybe also have some facilities to inspect things, etc.

If the user has set a local $NODE_PATH, use that instead of $HOME/.node_libraries for installing modules. This will make npm play nicely with nvm.

so that if some wacko changes the binroot, it'll still know where it left stuff.

If you do npm cache add ./my-tarball.tgz it re-writes the tarball with a different root folder name, which changes the filesize and md5.

It'd be better to extract the tarball into the tmp folder, read the package.json, then copy and extract the original tarball to where it belongs, so that you end up with the same thing at the end.

Use abbrev for commands, so that you can do npm inst foo

Pull in abbrev by just adding it to the dependency in package.json.

It seems when you moved install-docs.js, you didn't update the require() paths.

Incoming patch/pull request.

There's some error that's being thrown if the install-docs.js isn't sudo-ed.

Don't throw that error.

Also, the logging around activate sucks. Put back the log message that lists out every lifecycle event.

Put the maintainer in the ls

Provide a hash of packages that conflict with a given version of a package. This is a very unlikely scenario, but it could occur if something puts stuff in the root directly.

Fetch data from the registry, and keep it locally.

Also, any time data is retrieved from the registry, it should be stored.

Put it in .npm/.cache/pkgname.json, and whenever it's read, stat it to see when it was last updated, and go get the new one if it's too old.

Each of these should just run the associated commands specified in the "scripts" section of the package.json. If any of these scripts are missing, then just auto-success.

• start: run scripts.prestart, scripts.start
• stop: run scripts.prestop, scripts.stop
• restart: stop, then start
• test run scripts.test

If the acting user doesn't own the target bin folder (ie, node's installPrefix), then some weird things happen. It just silently fails to link/activate the bins, so the initial npm install fails.

If you sudo, then odd things happen with setting up ~/.node_libraries.

Proposed solution:

Detect this state. If the --root is user-owned, but the {installPrefix}/bin is root-owned, then require npm to be run as root and default the --root config to {installPrefix}/lib.

Put a http server in npm. Then add an "npm registry start" command or something to start up the http server that is a registry. Read data to/from the .cache and serve it up.

really need a better help menu, ideally something that supports:

$ npm help activate

also, when exceptions are thrown before any other actions print the help menu should be thrown for the command that was tried because this is almost always do to improper use of a command.

do this by default

Need a way to:

1. Uninstall ALL versions of a package.
2. Uninstall a package and also uninstall anything that depends on it.
3. Uninstall a package that is active, by deactivating it first.

Add a ".npmignore" file to tell npm not to bundle specific files when publishing or installing a folder.

I'm running node under nvm (~/.nvm/HEAD/bin/node) The npm install fails at the step of activating the docs. The paths are all wrong and it can't find them. I tried removing the scripts entry in package.json so it would stop trying to load the docs, but then I get errors in reading the package.json file. Here's the full output from make install. http://gist.github.com/394607

Be able to specify outside dependencies. Like, maybe specific libraries or executables that must be available.

Maybe a package requires git, or libgd.h or something.

Remove a dist-tag.

Remove a version from the registry

Add a command to add or remove maintainers to a published package.

When publishing, check for the existing maintainers and don't blow them away. Also, if the current user is not in the maintainer list, then raise the error locally rather than waiting for the PUT to fail.

Download tarballs to a sane location, rather than a garbage filename in .tmp.

To do this, whenever a tarball is added to the install list from a package@version thing, put it in a list so that I know which tarball url is related to which package.

Then, if the tarball contains a package that doesn't match the expected package@version, we can fail, and it can be moved/unpacked to a sane spot.

npm update [pkg]

Does the following:

1. check for a new version of pkg
2. if not found, then quit
3. install new version of pkg
4. For each other version of pkg, for each dependent in other version's dependents folder, if the new version would satisfy the dependency as well, update other version's dependent's dependency links to point at the new version
5. If no dependents are left, then remove old version

If no packages are specified, then run for all installed packages.

Depending on config value, update-dependents, run steps 4-5 after installation

• always - Run an update after every install, so as to minimize the different number of versions of things.
• true - Default, run if newly installed version is the highest version number (that is, don't downgrade by default)
• false - Don't run "update" automatically after installation.

NB: The actual updating should be part of the build command, run after dependencies have been linked, and npm update should be implemented thusly:

1. If the args length is 0, then get the list of installed package names, and use that as the args.
2. npm.config.set("auto-update", "always")
3. npm.commands.install(args, cb)

rip:uki :09:02 PM: [~/src] jlilly@argon; npm install irc
npm configfile /home/jlilly/.npmrc
npm sudo false
npm cli [ 'install', 'irc' ]
npm install pkg irc
npm fetch data irc
npm GET irc
npm install pkg irc
npm install pkg [email protected]
npm readJson /home/jlilly/.node_libraries/.npm/.cache/irc/0.1.2/package.json
npm GET irc/0.1.2
npm fetch http://registry.npmjs.org/irc/-/irc-0.1.2.tgz to /home/jlilly/.node_libraries/.npm/.cache/irc/0.1.2/package.tgz
npm fetch http://registry.npmjs.org/irc/-/irc-0.1.2.tgz
npm fetch 1202 bytes
npm fetch 2650 bytes
npm fetch 3869 bytes
npm fetch 5311 bytes
npm fetch 6759 bytes
npm fetch 8207 bytes
npm fetch 9655 bytes
npm fetch 11103 bytes
npm fetch 12061 bytes
npm fetch 12543 bytes
npm fetch 13991 bytes
npm fetch 15439 bytes
npm fetch 16157 bytes
npm fetch 16880 bytes
npm fetch 18328 bytes
npm fetch 18825 bytes
npm fetch finished
npm exec tar "xzf" "/home/jlilly/.node_libraries/.npm/.cache/irc/0.1.2/package.tgz" "--strip" "1" "-C" "/home/jlilly/.node_libraries/.npm/.cache/irc/0.1.2/package"

gzip: stdin: not in gzip format
tar: Child returned status 1
tar: Exiting with failure status due to previous errors
npm fail Error installing [email protected]

npm ! Error: tar failed with 2
at ChildProcess. (/home/jlilly/.node_libraries/.npm/npm/0.1.11/package/lib/utils/exec.js:23:18)
at ChildProcess.emit (events:32:26)
at Stream. (child_process:108:12)
at Stream.emit (events:25:26)
at net:879:12
at EventEmitter._tickCallback (node.js:48:25)
at node.js:204:9

npm failure try running: 'npm help install'
npm failure Report this entire log at http://github.com/isaacs/npm/issues
npm failure or email it to [email protected]
rip:uki :09:02 PM: [~/src] jlilly@argon;

When uploading tarballs to the registry, don't send them to the https url. Change it to http, since it's betterer.

Yeah. Weird one.

Maybe try using fs.read and stream each chunk rather thna fs.readFile and send the whole thing in one go.

The default registry url is https, but when you don't have tls support in node, you get this error:

SyntaxError: Unexpected token ILLEGAL

emopop:~% node -v
0.1.91

using nvm

emopop:~% uname -a
Darwin emopop 9.8.0 Darwin Kernel Version 9.8.0: Wed Jul 15 16:55:01 PDT 2009; root:xnu-1228.15.4~1/RELEASE_I386 i386 i386

emopop:~% node npm/install-npm.js                                        
*
* Warning: Cipher unavailable in this nodejs version (0.1.91)
* Username/password stored in the clear
* To rectify the situation, do this:
* npm install http://github.com/waveto/node-crypto/tarball/v0.0.5
*
npm configfile /Users/jdewey/.npmrc
npm sudo false
npm install pkg npm
npm fetch data npm
npm response

Fail!

SyntaxError: Unexpected token ILLEGAL
<html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>nginx/0.7.62</center>
</body>
</html>

    at Object.parse (native)
    at IncomingMessage.<anonymous> (/Users/jdewey/npm/lib/utils/registry.js:111:21)
    at HTTPParser.onMessageComplete (http:102:23)
    at Client.ondata (http:601:30)
    at IOWatcher.callback (net:307:31)
    at node.js:748:9

Add the ability to talk to more than one registry, so that it'll work even if one is down, or if packages only exist in certain registries.

Sometimes node isn't actually sitting at {installPrefix}/bin

Verify this before assuming it. Throw with a noisy warning if it's not there.

Maybe it has something to do with the "binary" encoding? Try using buffers directly.

Document all the different bits of how npm handles the json into json.md.

Include anything relevant from the Packages/1.1 spec, insteda of just the deviations.

Because of the way the bin is sym linked from another directory and executed directly it cannot perform imports relative to the actual location of the file.

test ::

lib/bin.js

!/usr/bin/env node

require('./stub')

lib/stub.js
exports.nothing = 'asdf'

Run npm install or link, now execute the named bin and see the failure.

Create a bash-completion script for npm

Use path.relative so that the whole root can be picked up and moved easily, instead of using absolute paths everywhere.

Log:

fidalgo:~/Sites/git/npm (master) $ make
./cli.js --auto-activate always install npm@stable
npm configfile /Users/dand/.npmrc
npm sudo false
npm cli [ '--auto-activate', 'always', 'install', 'npm@stable' ]
npm install pkg npm@stable
npm fetch data npm
npm GET npm
npm install pkg npm@stable
npm install pkg [email protected]
npm readJson /Users/dand/.node_libraries/.npm/.cache/npm/0.1.11/package.json
npm GET npm/0.1.11
npm fetch http://registry.npmjs.org/npm/-/npm-0.1.11.tgz to /Users/dand/.node_libraries/.npm/.cache/npm/0.1.11/package.tgz
npm fetch http://registry.npmjs.org/npm/-/npm-0.1.11.tgz
npm fetch 1201 bytes
npm fetch 3868 bytes
npm fetch 5310 bytes
npm fetch 6758 bytes
npm fetch 8206 bytes
npm fetch 11102 bytes
npm fetch 12060 bytes
npm fetch 13990 bytes
npm fetch 16886 bytes
npm fetch 19782 bytes
npm fetch 20252 bytes
npm fetch 21222 bytes
npm fetch 22670 bytes
npm fetch 24118 bytes
npm fetch 25566 bytes
npm fetch 27014 bytes
npm fetch 28444 bytes
npm fetch 28454 bytes
npm fetch 29902 bytes
npm fetch 30171 bytes
npm fetch 31350 bytes
npm fetch 32798 bytes
npm fetch 34246 bytes
npm fetch 36636 bytes
npm fetch 38582 bytes
npm fetch 41478 bytes
npm fetch 44374 bytes
npm fetch 44828 bytes
npm fetch 47262 bytes
npm fetch 50158 bytes
npm fetch 51606 bytes
npm fetch 53020 bytes
npm fetch 53046 bytes
npm fetch 54494 bytes
npm fetch 55942 bytes
npm fetch 57116 bytes
npm fetch 59879 bytes
npm fetch finished
npm exec tar "xzf" "/Users/dand/.node_libraries/.npm/.cache/npm/0.1.11/package.tgz" "--strip" "1" "-C" "/Users/dand/.node_libraries/.npm/.cache/npm/0.1.11/package"
tar: Unrecognized archive format: Inappropriate file type or format
tar: Error exit delayed from previous errors.
npm fail Error installing [email protected]

npm ! Error: `tar` failed with 1
    at ChildProcess.<anonymous> (/Users/dand/Sites/git/npm/lib/utils/exec.js:23:18)
    at ChildProcess.emit (events:32:26)
    at ChildProcess.onexit (child_process:125:12)
    at node.js:204:9

npm failure try running: 'npm help install'
npm failure Report this *entire* log at <http://github.com/isaacs/npm/issues>
npm failure or email it to <[email protected]>

List remote packages with a special version-ish things.

npm list @remote  # lists all remote packages
npm list @stable # lists remote packages on the stable version
npm list @active # list all local active packages
npm list foo@remote # list remote versions of foo

When I ran "npm adduser" it seemed to create a record on the server, but then failed unable to find my ssh key (because I call it something different to be difficult).

It would be nice to:
a) If it can't find the key, don't create a user on the server
b) Have an option to specify an alternate location for the ssh private key

Search the cache for a specific file

People keep running it directly, and it's not intended to be used that way.

Move it out of the way.

Even though you can have lots of versions of the same npm package, they might require different node versions.

When doing dependency resolution, make sure that all the packages being installed will work with the running version of node.

Be able to set a config option to automatically set a tag on a version when it's published, similar to how you can automatically activate on install.

The option should be --publish-tag, which can be either:

• false: (default) don't tag on publish
• true: same as "stable"
• any other string: give newly published packages this tag.

Bin is documented as:

{ "bin" : { "npm" : "./cli" } }

But using this I actually get a file not found exception. Changing to this:

{ "bin" : { "npm" : "./cli.js" } }

I no longer get the exception. This is either a code bug or a doc bug, I don't know which way you actually intended it to work.

When a command fails, it must be possible to roll back all the changes and leave the system in the state that it was initially.

This is not trivial. Here are some ideas for approaches to this problem, which involve varying tradeoffs.

1. do builds in a "temp root", and then commit by moving it into place at the end.
2. keep track of all changes to the file system, so that they can be restored.
3. make a deep-copy backup of the root, and restore it if the command fails.

Write a script that will:

1. For each version of each package in the repository,
2. If it has a "test" script,
3. For each release version of node that it claims to work on,
4. Use that version of node, install the package, and run its test script

Create a local data store of which versions of packages work on which versions of node.

Need a way to prune inactive packages that are not depended on by anything else.

Change the registry so that it keeps the tarball as a couchdb attachment.

(That's more a change to js-registry, not to npm, but they are related.)

Right now, there's a lot of typing involved in pushing a package.

1. git tag v1.2.3
2. git push --tags
3. npm publish http://github.com/username/project/tarball/v1.2.3

It'd be better to do something like this that would do each of these steps, as necessary:

npm githpub publish v1.2.3

It'd mean probably having to put the github username in the config, or maybe figure it out smartly from the git configs.