diff --git a/content/cli/v10/commands/npm-audit.md b/content/cli/v10/commands/npm-audit.md index dfa91d41444..e6d62c9280f 100644 --- a/content/cli/v10/commands/npm-audit.md +++ b/content/cli/v10/commands/npm-audit.md @@ -63,6 +63,13 @@ vulnerability is found. It may be useful in CI environments to include the will cause the command to fail. This option does not filter the report output, it simply changes the command's failure threshold. +### Package lock + +By default npm requires a package-lock or shrinkwrap in order to run the +audit. You can bypass the package lock with `--no-package-lock` but be +aware the results may be different with every run, since npm will +re-build the dependency tree each time. + ### Audit Signatures To ensure the integrity of packages you download from the public npm registry, or any registry that supports signatures, you can verify the registry signatures of downloaded packages using the npm CLI. @@ -352,6 +359,16 @@ For `list` this means the output will be based on the tree described by the +#### `package-lock` + +* Default: true +* Type: Boolean + +If set to false, then ignore `package-lock.json` files when installing. This +will also prevent _writing_ `package-lock.json` if `save` is true. + + + #### `omit` * Default: 'dev' if the `NODE_ENV` environment variable is set to @@ -372,6 +389,20 @@ variable will be set to `'production'` for all lifecycle scripts. +#### `include` + +* Default: +* Type: "prod", "dev", "optional", or "peer" (can be set multiple times) + +Option that allows for defining which types of dependencies to install. + +This is the inverse of `--omit=`. + +Dependency types specified in `--include` will not be omitted, regardless of +the order in which omit/include are specified on the command-line. + + + #### `foreground-scripts` * Default: false diff --git a/content/cli/v10/commands/npm-ci.md b/content/cli/v10/commands/npm-ci.md index b8de7afce02..7aee6a0a753 100644 --- a/content/cli/v10/commands/npm-ci.md +++ b/content/cli/v10/commands/npm-ci.md @@ -163,6 +163,20 @@ variable will be set to `'production'` for all lifecycle scripts. +#### `include` + +* Default: +* Type: "prod", "dev", "optional", or "peer" (can be set multiple times) + +Option that allows for defining which types of dependencies to install. + +This is the inverse of `--omit=`. + +Dependency types specified in `--include` will not be omitted, regardless of +the order in which omit/include are specified on the command-line. + + + #### `strict-peer-deps` * Default: false diff --git a/content/cli/v10/commands/npm-dedupe.md b/content/cli/v10/commands/npm-dedupe.md index 2396c53ede3..42005797793 100644 --- a/content/cli/v10/commands/npm-dedupe.md +++ b/content/cli/v10/commands/npm-dedupe.md @@ -199,6 +199,20 @@ variable will be set to `'production'` for all lifecycle scripts. +#### `include` + +* Default: +* Type: "prod", "dev", "optional", or "peer" (can be set multiple times) + +Option that allows for defining which types of dependencies to install. + +This is the inverse of `--omit=`. + +Dependency types specified in `--include` will not be omitted, regardless of +the order in which omit/include are specified on the command-line. + + + #### `ignore-scripts` * Default: false diff --git a/content/cli/v10/commands/npm-doctor.md b/content/cli/v10/commands/npm-doctor.md index 41db313286e..6f7d35f3ded 100644 --- a/content/cli/v10/commands/npm-doctor.md +++ b/content/cli/v10/commands/npm-doctor.md @@ -1,7 +1,7 @@ --- title: npm-doctor section: 1 -description: Check your npm environment +description: Check the health of your npm environment github_repo: npm/cli github_branch: latest github_path: docs/lib/content/commands/npm-doctor.md diff --git a/content/cli/v10/commands/npm-find-dupes.md b/content/cli/v10/commands/npm-find-dupes.md index 0b49c9245e8..d5541cbabb5 100644 --- a/content/cli/v10/commands/npm-find-dupes.md +++ b/content/cli/v10/commands/npm-find-dupes.md @@ -139,6 +139,20 @@ variable will be set to `'production'` for all lifecycle scripts. +#### `include` + +* Default: +* Type: "prod", "dev", "optional", or "peer" (can be set multiple times) + +Option that allows for defining which types of dependencies to install. + +This is the inverse of `--omit=`. + +Dependency types specified in `--include` will not be omitted, regardless of +the order in which omit/include are specified on the command-line. + + + #### `ignore-scripts` * Default: false diff --git a/content/cli/v10/commands/npm-init.md b/content/cli/v10/commands/npm-init.md index 78c842eb5af..75d7411dfde 100644 --- a/content/cli/v10/commands/npm-init.md +++ b/content/cli/v10/commands/npm-init.md @@ -187,6 +187,56 @@ dot to represent the current directory in that context, e.g: `react-app .`: ### Configuration +#### `init-author-name` + +* Default: "" +* Type: String + +The value `npm init` should use by default for the package author's name. + + + +#### `init-author-url` + +* Default: "" +* Type: "" or URL + +The value `npm init` should use by default for the package author's +homepage. + + + +#### `init-license` + +* Default: "ISC" +* Type: String + +The value `npm init` should use by default for the package license. + + + +#### `init-module` + +* Default: "~/.npm-init.js" +* Type: Path + +A module that will be loaded by the `npm init` command. See the +documentation for the +[init-package-json](https://github.com/npm/init-package-json) module for +more information, or [npm init](/cli/v10/commands/npm-init). + + + +#### `init-version` + +* Default: "1.0.0" +* Type: SemVer string + +The value that `npm init` should use by default for the package version +number, if not already set in package.json. + + + #### `yes` * Default: null diff --git a/content/cli/v10/commands/npm-install-ci-test.md b/content/cli/v10/commands/npm-install-ci-test.md index 1e034b79826..10c61cbb7fe 100644 --- a/content/cli/v10/commands/npm-install-ci-test.md +++ b/content/cli/v10/commands/npm-install-ci-test.md @@ -109,6 +109,20 @@ variable will be set to `'production'` for all lifecycle scripts. +#### `include` + +* Default: +* Type: "prod", "dev", "optional", or "peer" (can be set multiple times) + +Option that allows for defining which types of dependencies to install. + +This is the inverse of `--omit=`. + +Dependency types specified in `--include` will not be omitted, regardless of +the order in which omit/include are specified on the command-line. + + + #### `strict-peer-deps` * Default: false diff --git a/content/cli/v10/commands/npm-install-test.md b/content/cli/v10/commands/npm-install-test.md index 63328876df4..19c451c6e3b 100644 --- a/content/cli/v10/commands/npm-install-test.md +++ b/content/cli/v10/commands/npm-install-test.md @@ -150,6 +150,20 @@ variable will be set to `'production'` for all lifecycle scripts. +#### `include` + +* Default: +* Type: "prod", "dev", "optional", or "peer" (can be set multiple times) + +Option that allows for defining which types of dependencies to install. + +This is the inverse of `--omit=`. + +Dependency types specified in `--include` will not be omitted, regardless of +the order in which omit/include are specified on the command-line. + + + #### `strict-peer-deps` * Default: false diff --git a/content/cli/v10/commands/npm-install.md b/content/cli/v10/commands/npm-install.md index 4b23c2d9316..32ffe4c1040 100644 --- a/content/cli/v10/commands/npm-install.md +++ b/content/cli/v10/commands/npm-install.md @@ -540,6 +540,20 @@ variable will be set to `'production'` for all lifecycle scripts. +#### `include` + +* Default: +* Type: "prod", "dev", "optional", or "peer" (can be set multiple times) + +Option that allows for defining which types of dependencies to install. + +This is the inverse of `--omit=`. + +Dependency types specified in `--include` will not be omitted, regardless of +the order in which omit/include are specified on the command-line. + + + #### `strict-peer-deps` * Default: false diff --git a/content/cli/v10/commands/npm-link.md b/content/cli/v10/commands/npm-link.md index 1f825e3b178..0e1d6ef8934 100644 --- a/content/cli/v10/commands/npm-link.md +++ b/content/cli/v10/commands/npm-link.md @@ -272,6 +272,20 @@ variable will be set to `'production'` for all lifecycle scripts. +#### `include` + +* Default: +* Type: "prod", "dev", "optional", or "peer" (can be set multiple times) + +Option that allows for defining which types of dependencies to install. + +This is the inverse of `--omit=`. + +Dependency types specified in `--include` will not be omitted, regardless of +the order in which omit/include are specified on the command-line. + + + #### `ignore-scripts` * Default: false diff --git a/content/cli/v10/commands/npm-ls.md b/content/cli/v10/commands/npm-ls.md index 1395b5d4ed6..09eabeda6c9 100644 --- a/content/cli/v10/commands/npm-ls.md +++ b/content/cli/v10/commands/npm-ls.md @@ -58,7 +58,7 @@ packages will *also* show the paths to the specified packages. For example, running `npm ls promzard` in npm's source tree will show: ```bash -npm@10.1.0 /path/to/npm +npm@10.2.0 /path/to/npm └─┬ init-package-json@0.0.4 └── promzard@0.1.5 ``` @@ -196,6 +196,20 @@ variable will be set to `'production'` for all lifecycle scripts. +#### `include` + +* Default: +* Type: "prod", "dev", "optional", or "peer" (can be set multiple times) + +Option that allows for defining which types of dependencies to install. + +This is the inverse of `--omit=`. + +Dependency types specified in `--include` will not be omitted, regardless of +the order in which omit/include are specified on the command-line. + + + #### `link` * Default: false diff --git a/content/cli/v10/commands/npm-prune.md b/content/cli/v10/commands/npm-prune.md index dff3f1f2a9e..249b9db5d6e 100644 --- a/content/cli/v10/commands/npm-prune.md +++ b/content/cli/v10/commands/npm-prune.md @@ -86,6 +86,20 @@ variable will be set to `'production'` for all lifecycle scripts. +#### `include` + +* Default: +* Type: "prod", "dev", "optional", or "peer" (can be set multiple times) + +Option that allows for defining which types of dependencies to install. + +This is the inverse of `--omit=`. + +Dependency types specified in `--include` will not be omitted, regardless of +the order in which omit/include are specified on the command-line. + + + #### `dry-run` * Default: false diff --git a/content/cli/v10/commands/npm-query.md b/content/cli/v10/commands/npm-query.md index dc35d3fba4e..627a6672d55 100644 --- a/content/cli/v10/commands/npm-query.md +++ b/content/cli/v10/commands/npm-query.md @@ -166,6 +166,19 @@ npm query ":type(git)" | jq 'map(.name)' | xargs -I {} npm why {} }, ... ``` +### Package lock only mode + +If package-lock-only is enabled, only the information in the package +lock (or shrinkwrap) is loaded. This means that information from the +package.json files of your dependencies will not be included in the +result set (e.g. description, homepage, engines). + +### Package lock only mode + +If package-lock-only is enabled, only the information in the package +lock (or shrinkwrap) is loaded. This means that information from the +package.json files of your dependencies will not be included in the +result set (e.g. description, homepage, engines). ### Configuration @@ -237,6 +250,22 @@ all workspaces via the `workspaces` flag, will cause npm to operate only on the specified workspaces, and not on the root project. This value is not exported to the environment for child processes. + +#### `package-lock-only` + +* Default: false +* Type: Boolean + +If set to true, the current operation will only use the `package-lock.json`, +ignoring `node_modules`. + +For `update` this means only the `package-lock.json` will be updated, +instead of checking `node_modules` and downloading dependencies. + +For `list` this means the output will be based on the tree described by the +`package-lock.json`, rather than the contents of `node_modules`. + + ## See Also * [dependency selectors](/cli/v10/using-npm/dependency-selectors) diff --git a/content/cli/v10/commands/npm-sbom.md b/content/cli/v10/commands/npm-sbom.md new file mode 100644 index 00000000000..3bcee48dc80 --- /dev/null +++ b/content/cli/v10/commands/npm-sbom.md @@ -0,0 +1,350 @@ +--- +title: npm-sbom +section: 1 +description: Generate a Software Bill of Materials (SBOM) +github_repo: npm/cli +github_branch: latest +github_path: docs/lib/content/commands/npm-sbom.md +redirect_from: + - /cli-commands/npm-sbom + - /cli-commands/sbom + - /cli-documentation/cli-commands/npm-sbom + - /cli-documentation/cli-commands/sbom + - /cli-documentation/commands/npm-sbom + - /cli-documentation/commands/sbom + - /cli-documentation/npm-sbom + - /cli-documentation/sbom + - /cli-documentation/v10/cli-commands/npm-sbom + - /cli-documentation/v10/cli-commands/sbom + - /cli-documentation/v10/commands/npm-sbom + - /cli-documentation/v10/commands/sbom + - /cli-documentation/v10/npm-sbom + - /cli-documentation/v10/sbom + - /cli/cli-commands/npm-sbom + - /cli/cli-commands/sbom + - /cli/commands/npm-sbom + - /cli/commands/sbom + - /cli/npm-sbom + - /cli/sbom + - /cli/v10/cli-commands/npm-sbom + - /cli/v10/cli-commands/sbom + - /cli/v10/commands/sbom + - /cli/v10/npm-sbom + - /cli/v10/sbom + - /commands/npm-sbom + - /commands/sbom +--- + +### Synopsis + +```bash +npm sbom +``` + +### Description + +The `npm sbom` command generates a Software Bill of Materials (SBOM) listing the +dependencies for the current project. SBOMs can be generated in either +[SPDX](https://spdx.dev/) or [CycloneDX](https://cyclonedx.org/) format. + +### Example CycloneDX SBOM + +```json +{ + "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:09f55116-97e1-49cf-b3b8-44d0207e7730", + "version": 1, + "metadata": { + "timestamp": "2023-09-01T00:00:00.001Z", + "lifecycles": [ + { + "phase": "build" + } + ], + "tools": [ + { + "vendor": "npm", + "name": "cli", + "version": "10.1.0" + } + ], + "component": { + "bom-ref": "simple@1.0.0", + "type": "library", + "name": "simple", + "version": "1.0.0", + "scope": "required", + "author": "John Doe", + "description": "simple react app", + "purl": "pkg:npm/simple@1.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + } + ], + "externalReferences": [], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ] + } + }, + "components": [ + { + "bom-ref": "lodash@4.17.21", + "type": "library", + "name": "lodash", + "version": "4.17.21", + "scope": "required", + "author": "John-David Dalton", + "description": "Lodash modular utilities.", + "purl": "pkg:npm/lodash@4.17.21", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lodash" + } + ], + "externalReferences": [ + { + "type": "distribution", + "url": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz" + }, + { + "type": "vcs", + "url": "git+https://github.com/lodash/lodash.git" + }, + { + "type": "website", + "url": "https://lodash.com/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/lodash/lodash/issues" + } + ], + "hashes": [ + { + "alg": "SHA-512", + "content": "bf690311ee7b95e713ba568322e3533f2dd1cb880b189e99d4edef13592b81764daec43e2c54c61d5c558dc5cfb35ecb85b65519e74026ff17675b6f8f916f4a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ] + } + ], + "dependencies": [ + { + "ref": "simple@1.0.0", + "dependsOn": [ + "lodash@4.17.21" + ] + }, + { + "ref": "lodash@4.17.21", + "dependsOn": [] + } + ] +} +``` + +### Example SPDX SBOM + +```json +{ + "spdxVersion": "SPDX-2.3", + "dataLicense": "CC0-1.0", + "SPDXID": "SPDXRef-DOCUMENT", + "name": "simple@1.0.0", + "documentNamespace": "http://spdx.org/spdxdocs/simple-1.0.0-bf81090e-8bbc-459d-bec9-abeb794e096a", + "creationInfo": { + "created": "2023-09-01T00:00:00.001Z", + "creators": [ + "Tool: npm/cli-10.1.0" + ] + }, + "documentDescribes": [ + "SPDXRef-Package-simple-1.0.0" + ], + "packages": [ + { + "name": "simple", + "SPDXID": "SPDXRef-Package-simple-1.0.0", + "versionInfo": "1.0.0", + "packageFileName": "", + "description": "simple react app", + "primaryPackagePurpose": "LIBRARY", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "homepage": "NOASSERTION", + "licenseDeclared": "MIT", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:npm/simple@1.0.0" + } + ] + }, + { + "name": "lodash", + "SPDXID": "SPDXRef-Package-lodash-4.17.21", + "versionInfo": "4.17.21", + "packageFileName": "node_modules/lodash", + "description": "Lodash modular utilities.", + "downloadLocation": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", + "filesAnalyzed": false, + "homepage": "https://lodash.com/", + "licenseDeclared": "MIT", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:npm/lodash@4.17.21" + } + ], + "checksums": [ + { + "algorithm": "SHA512", + "checksumValue": "bf690311ee7b95e713ba568322e3533f2dd1cb880b189e99d4edef13592b81764daec43e2c54c61d5c558dc5cfb35ecb85b65519e74026ff17675b6f8f916f4a" + } + ] + } + ], + "relationships": [ + { + "spdxElementId": "SPDXRef-DOCUMENT", + "relatedSpdxElement": "SPDXRef-Package-simple-1.0.0", + "relationshipType": "DESCRIBES" + }, + { + "spdxElementId": "SPDXRef-Package-simple-1.0.0", + "relatedSpdxElement": "SPDXRef-Package-lodash-4.17.21", + "relationshipType": "DEPENDS_ON" + } + ] +} +``` + +### Package lock only mode + +If package-lock-only is enabled, only the information in the package +lock (or shrinkwrap) is loaded. This means that information from the +package.json files of your dependencies will not be included in the +result set (e.g. description, homepage, engines). + +### Configuration + +#### `omit` + +* Default: 'dev' if the `NODE_ENV` environment variable is set to + 'production', otherwise empty. +* Type: "dev", "optional", or "peer" (can be set multiple times) + +Dependency types to omit from the installation tree on disk. + +Note that these dependencies _are_ still resolved and added to the +`package-lock.json` or `npm-shrinkwrap.json` file. They are just not +physically installed on disk. + +If a package type appears in both the `--include` and `--omit` lists, then +it will be included. + +If the resulting omit list includes `'dev'`, then the `NODE_ENV` environment +variable will be set to `'production'` for all lifecycle scripts. + + + +#### `package-lock-only` + +* Default: false +* Type: Boolean + +If set to true, the current operation will only use the `package-lock.json`, +ignoring `node_modules`. + +For `update` this means only the `package-lock.json` will be updated, +instead of checking `node_modules` and downloading dependencies. + +For `list` this means the output will be based on the tree described by the +`package-lock.json`, rather than the contents of `node_modules`. + + + +#### `sbom-format` + +* Default: null +* Type: "cyclonedx" or "spdx" + +SBOM format to use when generating SBOMs. + + + +#### `sbom-type` + +* Default: "library" +* Type: "library", "application", or "framework" + +The type of package described by the generated SBOM. For SPDX, this is the +value for the `primaryPackagePurpose` fieled. For CycloneDX, this is the +value for the `type` field. + + + +#### `workspace` + +* Default: +* Type: String (can be set multiple times) + +Enable running a command in the context of the configured workspaces of the +current project while filtering by running only the workspaces defined by +this configuration option. + +Valid values for the `workspace` config are either: + +* Workspace names +* Path to a workspace directory +* Path to a parent workspace directory (will result in selecting all + workspaces within that folder) + +When set for the `npm init` command, this may be set to the folder of a +workspace which does not yet exist, to create the folder and set it up as a +brand new workspace within the project. + +This value is not exported to the environment for child processes. + +#### `workspaces` + +* Default: null +* Type: null or Boolean + +Set to true to run the command in the context of **all** configured +workspaces. + +Explicitly setting this to false will cause commands like `install` to +ignore workspaces altogether. When not set explicitly: + +- Commands that operate on the `node_modules` tree (install, update, etc.) +will link workspaces into the `node_modules` folder. - Commands that do +other things (test, exec, publish, etc.) will operate on the root project, +_unless_ one or more workspaces are specified in the `workspace` config. + +This value is not exported to the environment for child processes. +## See Also + +* [package spec](/cli/v10/using-npm/package-spec) +* [dependency selectors](/cli/v10/using-npm/dependency-selectors) +* [package.json](/cli/v10/configuring-npm/package-json) +* [workspaces](/cli/v10/using-npm/workspaces) + diff --git a/content/cli/v10/commands/npm-update.md b/content/cli/v10/commands/npm-update.md index 7e9eb1cfb47..3b95f296c66 100644 --- a/content/cli/v10/commands/npm-update.md +++ b/content/cli/v10/commands/npm-update.md @@ -278,6 +278,20 @@ variable will be set to `'production'` for all lifecycle scripts. +#### `include` + +* Default: +* Type: "prod", "dev", "optional", or "peer" (can be set multiple times) + +Option that allows for defining which types of dependencies to install. + +This is the inverse of `--omit=`. + +Dependency types specified in `--include` will not be omitted, regardless of +the order in which omit/include are specified on the command-line. + + + #### `strict-peer-deps` * Default: false diff --git a/content/cli/v10/commands/npm.md b/content/cli/v10/commands/npm.md index 808eafe3af4..86f74368b91 100644 --- a/content/cli/v10/commands/npm.md +++ b/content/cli/v10/commands/npm.md @@ -31,7 +31,7 @@ Note: This command is unaware of workspaces. ### Version -10.1.0 +10.2.0 ### Description diff --git a/content/cli/v10/using-npm/changelog.md b/content/cli/v10/using-npm/changelog.md index ab2e176ab21..78cea1ef2fa 100644 --- a/content/cli/v10/using-npm/changelog.md +++ b/content/cli/v10/using-npm/changelog.md @@ -17,6 +17,46 @@ redirect_from: # Changelog +## [10.2.0](https://github.com/npm/cli/compare/v10.1.0...v10.2.0) (2023-10-02) + +### Features + +* [`7c459d2`](https://github.com/npm/cli/commit/7c459d28ca987264028d4d2ca21b0825493c1537) [#6801](https://github.com/npm/cli/pull/6801) add npm sbom command (#6801) (@bdehamer) +* [`81a460f`](https://github.com/npm/cli/commit/81a460f6e6317aca2288d16cda591aa6541540c6) [#6732](https://github.com/npm/cli/pull/6732) add package-lock-only mode to npm query (@wraithgar) +* [`0d29855`](https://github.com/npm/cli/commit/0d2985535c9cc3dfc3e1f355580570c9cce37d61) [#6732](https://github.com/npm/cli/pull/6732) add no-package-lock mode to npm audit (@wraithgar) + +### Bug Fixes + +* [`2207628`](https://github.com/npm/cli/commit/22076286a46499e3d0b3f8564b7ba07008317be4) [#6823](https://github.com/npm/cli/pull/6823) use strip-ansi module instead of internal regex (#6823) (@wraithgar) +* [`d46d052`](https://github.com/npm/cli/commit/d46d0526be12eae2cd458fd08dd5c0a0320cc8bd) [#6798](https://github.com/npm/cli/pull/6798) tolerate null bugs URLs (#6798) (@vladh) +* [`fb1b674`](https://github.com/npm/cli/commit/fb1b6741bd52d865b8f8a93ad3fd6c8afa758b6a) [#6758](https://github.com/npm/cli/pull/6758) deprecate: ignore implicit workspace mode (#6758) (@wraithgar) + +### Documentation + +* [`68031f2`](https://github.com/npm/cli/commit/68031f2ae1cd5d49b0fb263da1a7eae62712ff97) [#6844](https://github.com/npm/cli/pull/6844) update `CONTRIBUTING.md` to prevent errors (#6844) (@darcyclarke) +* [`3ac703c`](https://github.com/npm/cli/commit/3ac703c95e7bb851d0f6145f1d612749ed479fef) [#6831](https://github.com/npm/cli/pull/6831) add `include `param to commands that have `omit` param (#6831) (@siemhesda) +* [`03912db`](https://github.com/npm/cli/commit/03912dbaeb92559270ab3f7df75b507b2f35a119) [#6819](https://github.com/npm/cli/pull/6819) add init-specific params to init docs/help (#6819) (@wraithgar) +* [`8088325`](https://github.com/npm/cli/commit/8088325281bc976e8a8aea4d7527b54f4e25fb5f) [#6800](https://github.com/npm/cli/pull/6800) Update npm-doctor.md (#6800) (@siemhesda) + +### Dependencies + +* [`aa6728b`](https://github.com/npm/cli/commit/aa6728b1d003f0fc620b074ba0396a3e07f2db6a) [#6859](https://github.com/npm/cli/pull/6859) `tar@6.2.0` +* [`ce9089f`](https://github.com/npm/cli/commit/ce9089f604a01297d3d2dd544283696a6297dce5) [#6859](https://github.com/npm/cli/pull/6859) `npm-package-arg@11.0.1` +* [`39d7f04`](https://github.com/npm/cli/commit/39d7f046f1c39017b398cb242ad07e874484e86c) [#6859](https://github.com/npm/cli/pull/6859) `minipass@7.0.4` +* [`0a47af5`](https://github.com/npm/cli/commit/0a47af509d66071908c7e0bf065dcf2f4c877669) [#6859](https://github.com/npm/cli/pull/6859) `hosted-git-info@7.0.1` +* [`af93130`](https://github.com/npm/cli/commit/af93130fe949f07df23891286c634c77ecf38c53) [#6859](https://github.com/npm/cli/pull/6859) `glob@10.3.10` +* [`3ebc474`](https://github.com/npm/cli/commit/3ebc4744433d906e5c491d183fc077ffe79958cf) [#6859](https://github.com/npm/cli/pull/6859) `@npmcli/query@3.0.1` +* [`284cbfd`](https://github.com/npm/cli/commit/284cbfd168879b9277c9999e8a28dad8f72ecc02) [#6858](https://github.com/npm/cli/pull/6858) `@npmcli/agent@2.2.0` +* [Workspace](https://github.com/npm/cli/releases/tag/arborist-v7.2.0): `@npmcli/arborist@7.2.0` +* [Workspace](https://github.com/npm/cli/releases/tag/config-v8.0.0): `@npmcli/config@8.0.0` +* [Workspace](https://github.com/npm/cli/releases/tag/libnpmaccess-v8.0.1): `libnpmaccess@8.0.1` +* [Workspace](https://github.com/npm/cli/releases/tag/libnpmdiff-v6.0.2): `libnpmdiff@6.0.2` +* [Workspace](https://github.com/npm/cli/releases/tag/libnpmexec-v7.0.2): `libnpmexec@7.0.2` +* [Workspace](https://github.com/npm/cli/releases/tag/libnpmfund-v5.0.0): `libnpmfund@5.0.0` +* [Workspace](https://github.com/npm/cli/releases/tag/libnpmorg-v6.0.1): `libnpmorg@6.0.1` +* [Workspace](https://github.com/npm/cli/releases/tag/libnpmpack-v6.0.2): `libnpmpack@6.0.2` +* [Workspace](https://github.com/npm/cli/releases/tag/libnpmpublish-v9.0.1): `libnpmpublish@9.0.1` + ## [10.1.0](https://github.com/npm/cli/compare/v10.0.0...v10.1.0) (2023-09-08) ### Features diff --git a/content/cli/v10/using-npm/config.md b/content/cli/v10/using-npm/config.md index 3f1d261e15c..4d21b30d22b 100644 --- a/content/cli/v10/using-npm/config.md +++ b/content/cli/v10/using-npm/config.md @@ -1371,6 +1371,26 @@ or `--save-optional` are true. +#### `sbom-format` + +* Default: null +* Type: "cyclonedx" or "spdx" + +SBOM format to use when generating SBOMs. + + + +#### `sbom-type` + +* Default: "library" +* Type: "library", "application", or "framework" + +The type of package described by the generated SBOM. For SPDX, this is the +value for the `primaryPackagePurpose` fieled. For CycloneDX, this is the +value for the `type` field. + + + #### `scope` * Default: the scope of the current project, if any, or "" diff --git a/src/theme/nav.yml b/src/theme/nav.yml index 63c2d0d6de5..948540c7712 100644 --- a/src/theme/nav.yml +++ b/src/theme/nav.yml @@ -1317,7 +1317,7 @@ - title: Changelog url: /cli/v9/using-npm/changelog description: Changelog notes for each version - - title: Version 10.1.0 (Latest Release) + - title: Version 10.2.0 (Latest Release) shortName: v10 url: /cli/v10 default: true