update

package/node_modules/libnpmaccess/LICENSE

@@ -0,0 +1,13 @@
+Copyright npm, Inc
+
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

package/node_modules/libnpmaccess/README.md

@@ -0,0 +1,93 @@
+# libnpmaccess
+
+[![npm version](https://img.shields.io/npm/v/libnpmaccess.svg)](https://npm.im/libnpmaccess)
+[![license](https://img.shields.io/npm/l/libnpmaccess.svg)](https://npm.im/libnpmaccess)
+[![CI - libnpmaccess](https://github.com/npm/cli/actions/workflows/ci-libnpmaccess.yml/badge.svg)](https://github.com/npm/cli/actions/workflows/ci-libnpmaccess.yml)
+
+[`libnpmaccess`](https://github.com/npm/libnpmaccess) is a Node.js
+library that provides programmatic access to the guts of the npm CLI's `npm
+access` command. This includes managing account mfa settings, listing
+packages and permissions, looking at package collaborators, and defining
+package permissions for users, orgs, and teams.
+
+## Example
+
+```javascript
+const access = require('libnpmaccess')
+const opts = { '//registry.npmjs.org/:_authToken: 'npm_token }
+
+// List all packages @zkat has access to on the npm registry.
+console.log(Object.keys(await access.getPackages('zkat', opts)))
+```
+
+### API
+
+#### `opts` for all `libnpmaccess` commands
+
+`libnpmaccess` uses [`npm-registry-fetch`](https://npm.im/npm-registry-fetch).
+
+All options are passed through directly to that library, so please refer
+to [its own `opts`
+documentation](https://www.npmjs.com/package/npm-registry-fetch#fetch-options)
+for options that can be passed in.
+
+#### `spec` parameter for all `libnpmaccess` commands
+
+`spec` must be an [`npm-package-arg`](https://npm.im/npm-package-arg)-compatible
+registry spec.
+
+#### `access.getCollaborators(spec, opts) -> Promise<Object>`
+
+Gets collaborators for a given package
+
+#### `access.getPackages(user|scope|team, opts) -> Promise<Object>`
+
+Gets all packages for a given user, scope, or team.
+
+Teams should be in the format `scope:team` or `@scope:team`
+
+Users and scopes can be in the format `@scope` or `scope`
+
+#### `access.getVisibility(spec, opts) -> Promise<Object>`
+
+Gets the visibility of a given package
+
+#### `access.removePermissions(team, spec, opts) -> Promise<Boolean>`
+
+Removes the access for a given team to a package.
+
+Teams should be in the format `scope:team` or `@scope:team`
+
+#### `access.setAccess(package, access, opts) -> Promise<Boolean>`
+
+Sets access level for package described by `spec`.
+
+The npm registry accepts the following `access` levels:
+
+`public`: package is public
+`private`: package is private
+
+The npm registry also only allows scoped packages to have their access
+level set.
+
+#### access.setMfa(spec, level, opts) -> Promise<Boolean>`
+
+Sets the publishing mfa requirements for a given package.  Level must be one of the
+following
+
+`none`: mfa is not required to publish this package.
+`publish`: mfa is required to publish this package, automation tokens
+cannot be used to publish.
+`automation`: mfa is required to publish this package, automation tokens
+may also be used for publishing from continuous integration workflows.
+
+#### access.setPermissions(team, spec, permssions, opts) -> Promise<Boolean>`
+
+Sets permissions levels for a given team to a package.
+
+Teams should be in the format `scope:team` or `@scope:team`
+
+The npm registry accepts the following `permissions`:
+
+`read-only`: Read only permissions
+`read-write`: Read and write (aka publish) permissions

package/node_modules/libnpmaccess/lib/index.js

@@ -0,0 +1,140 @@
+'use strict'
+
+const npa = require('npm-package-arg')
+const npmFetch = require('npm-registry-fetch')
+
+const npar = (spec) => {
+  spec = npa(spec)
+  if (!spec.registry) {
+    throw new Error('must use package name only')
+  }
+  return spec
+}
+
+const parseTeam = (scopeTeam) => {
+  let slice = 0
+  if (scopeTeam.startsWith('@')) {
+    slice = 1
+  }
+  const [scope, team] = scopeTeam.slice(slice).split(':').map(encodeURIComponent)
+  return { scope, team }
+}
+
+const getPackages = async (scopeTeam, opts) => {
+  const { scope, team } = parseTeam(scopeTeam)
+
+  let uri
+  if (team) {
+    uri = `/-/team/${scope}/${team}/package`
+  } else {
+    uri = `/-/org/${scope}/package`
+  }
+  try {
+    return await npmFetch.json(uri, opts)
+  } catch (err) {
+    if (err.code === 'E404') {
+      uri = `/-/user/${scope}/package`
+      return npmFetch.json(uri, opts)
+    }
+    throw err
+  }
+}
+
+const getCollaborators = async (pkg, opts) => {
+  const spec = npar(pkg)
+  const uri = `/-/package/${spec.escapedName}/collaborators`
+  return npmFetch.json(uri, opts)
+}
+
+const getVisibility = async (pkg, opts) => {
+  const spec = npar(pkg)
+  const uri = `/-/package/${spec.escapedName}/visibility`
+  return npmFetch.json(uri, opts)
+}
+
+const setAccess = async (pkg, access, opts) => {
+  const spec = npar(pkg)
+  const uri = `/-/package/${spec.escapedName}/access`
+  await npmFetch(uri, {
+    ...opts,
+    method: 'POST',
+    body: { access },
+    spec,
+    ignoreBody: true,
+  })
+  return true
+}
+
+const setMfa = async (pkg, level, opts) => {
+  const spec = npar(pkg)
+  const body = {}
+  switch (level) {
+    case 'none':
+      body.publish_requires_tfa = false
+      break
+    case 'publish':
+      // tfa is required, automation tokens can not override tfa
+      body.publish_requires_tfa = true
+      body.automation_token_overrides_tfa = false
+      break
+    case 'automation':
+      // tfa is required, automation tokens can override tfa
+      body.publish_requires_tfa = true
+      body.automation_token_overrides_tfa = true
+      break
+    default:
+      throw new Error(`Invalid mfa setting ${level}`)
+  }
+  const uri = `/-/package/${spec.escapedName}/access`
+  await npmFetch(uri, {
+    ...opts,
+    method: 'POST',
+    body,
+    spec,
+    ignoreBody: true,
+  })
+  return true
+}
+
+const setPermissions = async (scopeTeam, pkg, permissions, opts) => {
+  const spec = npar(pkg)
+  const { scope, team } = parseTeam(scopeTeam)
+  if (!scope || !team) {
+    throw new Error('team must be in format `scope:team`')
+  }
+  const uri = `/-/team/${scope}/${team}/package`
+  await npmFetch(uri, {
+    ...opts,
+    method: 'PUT',
+    body: { package: spec.name, permissions },
+    scope,
+    spec,
+    ignoreBody: true,
+  })
+  return true
+}
+
+const removePermissions = async (scopeTeam, pkg, opts) => {
+  const spec = npar(pkg)
+  const { scope, team } = parseTeam(scopeTeam)
+  const uri = `/-/team/${scope}/${team}/package`
+  await npmFetch(uri, {
+    ...opts,
+    method: 'DELETE',
+    body: { package: spec.name },
+    scope,
+    spec,
+    ignoreBody: true,
+  })
+  return true
+}
+
+module.exports = {
+  getCollaborators,
+  getPackages,
+  getVisibility,
+  removePermissions,
+  setAccess,
+  setMfa,
+  setPermissions,
+}

package/node_modules/libnpmaccess/package.json

@@ -0,0 +1,53 @@
+{
+  "name": "libnpmaccess",
+  "version": "8.0.6",
+  "description": "programmatic library for `npm access` commands",
+  "author": "GitHub Inc.",
+  "license": "ISC",
+  "main": "lib/index.js",
+  "scripts": {
+    "lint": "eslint \"**/*.{js,cjs,ts,mjs,jsx,tsx}\"",
+    "test": "tap",
+    "postlint": "template-oss-check",
+    "lintfix": "npm run lint -- --fix",
+    "snap": "tap",
+    "posttest": "npm run lint",
+    "template-oss-apply": "template-oss-apply --force"
+  },
+  "devDependencies": {
+    "@npmcli/eslint-config": "^4.0.0",
+    "@npmcli/mock-registry": "^1.0.0",
+    "@npmcli/template-oss": "4.22.0",
+    "nock": "^13.3.3",
+    "tap": "^16.3.8"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/npm/cli.git",
+    "directory": "workspaces/libnpmaccess"
+  },
+  "bugs": "https://github.com/npm/libnpmaccess/issues",
+  "homepage": "https://npmjs.com/package/libnpmaccess",
+  "dependencies": {
+    "npm-package-arg": "^11.0.2",
+    "npm-registry-fetch": "^17.0.1"
+  },
+  "engines": {
+    "node": "^16.14.0 || >=18.0.0"
+  },
+  "files": [
+    "bin/",
+    "lib/"
+  ],
+  "templateOSS": {
+    "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
+    "version": "4.22.0",
+    "content": "../../scripts/template-oss/index.js"
+  },
+  "tap": {
+    "nyc-arg": [
+      "--exclude",
+      "tap-snapshots/**"
+    ]
+  }
+}