groupId doesn't work in NPM 7 and 8 #395

amclin · 2022-01-11T16:30:51Z

Describe the bug
NPM package setting configurations don't work with Node 8. GroupId is no longer passed through from package.json to the generated package

To Reproduce
Steps to reproduce the behavior:

Set the groupId in package.json
Run aem-packager
Observe the contents of the generated package

Expected behavior
GroupId is passed through

Screenshots and Logs

Environment (please complete the following information):

OS: OSX
Version: Monterey
NodeJS Version: v16.13.0
NPM Version: v8.1.0

Additional context
Starting in NPM 8 (possibly NPM 7? but that's not a LTS version) the variables in process.env that are namespaced npm_package_ are no longer available. The only one passed through is npm_package_version. Other expected ones like npm_package_aem-packager_groupId are no longer available, presumably for security reasons. See #385

Needs some research to identify the preferred method of passing these variables in newer NPM and if this breaks the various methods currently supported for providing configurations to aem-packager
npm/cli#2609
https://github.com/npm/rfcs/blob/main/implemented/0021-reduce-lifecycle-script-environment.md

The text was updated successfully, but these errors were encountered:

amclin · 2022-01-11T17:25:25Z

From some initial reading, NPM 7/8 provides two solutions for this:

Using the npm_package_config_ namespace instead of npm_package_. From how the documentation is worded, this seems like a special case for backwards compatibility, implying it may not be supported in the future
Provides the path to the package.json as a variable in process.env so the consuming script can do its own loading and parsing. This seems a bit messy to me, as now the consuming script has to do the heavy lifting of reading from the filesystem and parsing JSON, but I get why they want to reduce the size of the overall object being passed around. This might be the more future-proof approach.

Approach #2 could allow for supporting the current configurations on NPM 8 without making a breaking change in this package, but would still require adding version detection and continuing to supporting logic for NPM 4-6. Approach #1 could be done in a non-breaking way, would also introduce version detection logic, but the old config locations would never work in NPM 7 and above. Having two potential structures for configuration will cause consumer confusion, and thus potentially far more bug reports for as long as both configuration specifications are supported.

Need to decide if this will be implemented as a breaking change.

Fixes #395

# [3.1.0](v3.0.0...v3.1.0) (2022-07-09) ### Features * support for NPM v7 and later ([688a958](688a958)), closes [#395](#395)

amclin · 2022-07-09T02:05:40Z

🎉 This issue has been resolved in version 3.1.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

# 1.0.0 (2024-05-23) ### Bug Fixes * **ci:** improve release versioning ([c6f5f67](c6f5f67)) * config merge fix ([e31e2a1](e31e2a1)), closes [amclin#486](https://github.com/friendlymahi/aem-packager/issues/486) * configs were not loading from package.json ([00b5501](00b5501)) * **deps-dev:** [security] bump minimist and semantic-release ([63db0cc](63db0cc)) * **deps:** [security] bump acorn from 7.0.0 to 7.1.1 ([1699dd0](1699dd0)) * **deps:** [security] bump glob-parent from 5.1.0 to 5.1.2 ([81e0bfa](81e0bfa)) * **deps:** [security] bump hosted-git-info from 2.7.1 to 2.8.9 ([50fb816](50fb816)) * **deps:** [security] bump ini from 1.3.5 to 1.3.7 ([3420d61](3420d61)) * **deps:** [security] bump lodash from 4.17.19 to 4.17.21 ([a015813](a015813)) * **deps:** [security] bump minimist from 1.2.0 to 1.2.5 ([15c5974](15c5974)) * **deps:** [security] bump npm from 6.13.0 to 6.13.4 ([090745e](090745e)) * **deps:** [security] bump npm-registry-fetch from 4.0.3 to 4.0.5 ([35b29a6](35b29a6)) * **deps:** [security] bump npm-user-validate from 1.0.0 to 1.0.1 ([2c163c2](2c163c2)) * **deps:** [security] bump npm-user-validate from 1.0.0 to 1.0.1 ([21014ec](21014ec)) * **deps:** [security] bump trim-newlines from 3.0.0 to 3.0.1 ([a4aec8f](a4aec8f)) * **deps:** [security] bump y18n from 4.0.0 to 4.0.1 ([25ef707](25ef707)) * **deps:** adopt Husky 5 syntax for automating checks ([57fcedd](57fcedd)) * **deps:** auto-bump version numbers when dependencies update ([427003e](427003e)) * **deps:** bump ansi-regex from 5.0.0 to 5.0.1 ([e809384](e809384)) * **deps:** bump command-line-args from 5.1.1 to 5.1.3 ([eb1edf4](eb1edf4)) * **deps:** bump command-line-args from 5.1.3 to 5.2.0 ([bb4eb3f](bb4eb3f)) * **deps:** bump command-line-args from 5.2.0 to 5.2.1 ([90cd173](90cd173)) * **deps:** bump json5 from 1.0.1 to 1.0.2 ([0377874](0377874)) * **deps:** bump maven from 4.7.0 to 5.0.0 ([ada25d3](ada25d3)) * **deps:** bump minimist from 1.2.5 to 1.2.6 ([27910f2](27910f2)) * **deps:** bump node-fetch from 2.6.6 to 2.6.7 ([b9705fa](b9705fa)) * **deps:** bump npm from 8.8.0 to 8.11.0 ([d745e7b](d745e7b)) * **deps:** bump path-parse from 1.0.6 to 1.0.7 ([fe35624](fe35624)) * **deps:** bump read-config-file from 5.0.0 to 5.0.1 ([9d85306](9d85306)) * **deps:** bump read-config-file from 5.0.1 to 5.0.2 ([3ed6c0d](3ed6c0d)) * **deps:** bump read-config-file from 5.0.2 to 6.0.0 ([3887115](3887115)) * **deps:** bump read-config-file from 6.0.0 to 6.1.0 ([e8f1506](e8f1506)) * **deps:** bump read-config-file from 6.1.0 to 6.2.0 ([969258d](969258d)) * **deps:** bump read-config-file from 6.2.0 to 6.3.2 ([869ea07](869ea07)) * **deps:** bump shell-quote from 1.6.1 to 1.7.3 ([cbc3cde](cbc3cde)) * **deps:** bump yaml, cosmiconfig and semantic-release ([952eb2f](952eb2f)) * **deps:** bump yargs-parser and yargs ([7d98d22](7d98d22)) * **deps:** resolve dependency changes in package.json ([8500be4](8500be4)) * **deps:** update eslint dev dependencies ([f5728ba](f5728ba)) * husky was preventing package from being installable ([b15f019](b15f019)) * jcrPath option not working fixes [amclin#40](https://github.com/friendlymahi/aem-packager/issues/40) ([a7a0fb6](a7a0fb6)) * maven failing to resolve Adobe vault plugin ([6611718](6611718)) * options mapped properly ([ac170b8](ac170b8)) * **package:** update read-config-file to version 4.0.0 ([237ea6a](237ea6a)) * **package:** update read-config-file to version 5.0.0 ([841a755](841a755)) * updated docs instead of var def ([a1a39e1](a1a39e1)) ### Continuous Integration * specify node versions by keyword ([ad10b13](ad10b13)) ### Features * bump minimum Node from v12 to v14 ([e67c5e5](e67c5e5)) * **deps:** enforce minimum Node v12 ([1273dac](1273dac)), closes [amclin#222](https://github.com/friendlymahi/aem-packager/issues/222) * **deps:** remove lodash dependency ([3775405](3775405)) * jackrabbit package plugin ([d331897](d331897)), closes [amclin#488](https://github.com/friendlymahi/aem-packager/issues/488) * jackrabbit package plugin ([4b64ecf](4b64ecf)), closes [amclin#488](https://github.com/friendlymahi/aem-packager/issues/488) * jackrabbit package plugin ([84a7a87](84a7a87)), closes [amclin#488](https://github.com/friendlymahi/aem-packager/issues/488) * jackrabbit package plugin ([61ed2da](61ed2da)) * jackrabbit package plugin ([f9f1f14](f9f1f14)), closes [amclin#488](https://github.com/friendlymahi/aem-packager/issues/488) * support for NPM v7 and later ([688a958](688a958)), closes [amclin#395](https://github.com/friendlymahi/aem-packager/issues/395) * switch to jackrabbit for content packaging ([2b2e7ca](2b2e7ca)) * verify maven is available when installing ([4447b30](4447b30)) * version bump for breaking change ([0b11cb8](0b11cb8)) ### BREAKING CHANGES * no longer contains the necessary maven plugins for CRX deployment functionalitty. To add legacy CRX support on top of Jackrabbit, set the new option `legacyCRXSupport` to true. To restore the old `aem-packager` functionality entirely, set the new option `packager` to `jcrvault` * drop support for Node v12 No explicit functional changes or library dependencies currently need v14, so technically it may still work on v12, but is unsupported and no longer tested. * drop support for Node 12 * now requires Node v12

# 1.0.0 (2024-05-23) ### Bug Fixes * **ci:** improve release versioning ([c6f5f67](c6f5f67)) * config merge fix ([e31e2a1](e31e2a1)), closes [amclin#486](https://github.com/friendlymahi/aem-packager/issues/486) * configs were not loading from package.json ([00b5501](00b5501)) * **deps-dev:** [security] bump minimist and semantic-release ([63db0cc](63db0cc)) * **deps:** [security] bump acorn from 7.0.0 to 7.1.1 ([1699dd0](1699dd0)) * **deps:** [security] bump glob-parent from 5.1.0 to 5.1.2 ([81e0bfa](81e0bfa)) * **deps:** [security] bump hosted-git-info from 2.7.1 to 2.8.9 ([50fb816](50fb816)) * **deps:** [security] bump ini from 1.3.5 to 1.3.7 ([3420d61](3420d61)) * **deps:** [security] bump lodash from 4.17.19 to 4.17.21 ([a015813](a015813)) * **deps:** [security] bump minimist from 1.2.0 to 1.2.5 ([15c5974](15c5974)) * **deps:** [security] bump npm from 6.13.0 to 6.13.4 ([090745e](090745e)) * **deps:** [security] bump npm-registry-fetch from 4.0.3 to 4.0.5 ([35b29a6](35b29a6)) * **deps:** [security] bump npm-user-validate from 1.0.0 to 1.0.1 ([2c163c2](2c163c2)) * **deps:** [security] bump npm-user-validate from 1.0.0 to 1.0.1 ([21014ec](21014ec)) * **deps:** [security] bump trim-newlines from 3.0.0 to 3.0.1 ([a4aec8f](a4aec8f)) * **deps:** [security] bump y18n from 4.0.0 to 4.0.1 ([25ef707](25ef707)) * **deps:** adopt Husky 5 syntax for automating checks ([57fcedd](57fcedd)) * **deps:** auto-bump version numbers when dependencies update ([427003e](427003e)) * **deps:** bump ansi-regex from 5.0.0 to 5.0.1 ([e809384](e809384)) * **deps:** bump command-line-args from 5.1.1 to 5.1.3 ([eb1edf4](eb1edf4)) * **deps:** bump command-line-args from 5.1.3 to 5.2.0 ([bb4eb3f](bb4eb3f)) * **deps:** bump command-line-args from 5.2.0 to 5.2.1 ([90cd173](90cd173)) * **deps:** bump json5 from 1.0.1 to 1.0.2 ([0377874](0377874)) * **deps:** bump maven from 4.7.0 to 5.0.0 ([ada25d3](ada25d3)) * **deps:** bump minimist from 1.2.5 to 1.2.6 ([27910f2](27910f2)) * **deps:** bump node-fetch from 2.6.6 to 2.6.7 ([b9705fa](b9705fa)) * **deps:** bump npm from 8.8.0 to 8.11.0 ([d745e7b](d745e7b)) * **deps:** bump path-parse from 1.0.6 to 1.0.7 ([fe35624](fe35624)) * **deps:** bump read-config-file from 5.0.0 to 5.0.1 ([9d85306](9d85306)) * **deps:** bump read-config-file from 5.0.1 to 5.0.2 ([3ed6c0d](3ed6c0d)) * **deps:** bump read-config-file from 5.0.2 to 6.0.0 ([3887115](3887115)) * **deps:** bump read-config-file from 6.0.0 to 6.1.0 ([e8f1506](e8f1506)) * **deps:** bump read-config-file from 6.1.0 to 6.2.0 ([969258d](969258d)) * **deps:** bump read-config-file from 6.2.0 to 6.3.2 ([869ea07](869ea07)) * **deps:** bump shell-quote from 1.6.1 to 1.7.3 ([cbc3cde](cbc3cde)) * **deps:** bump yaml, cosmiconfig and semantic-release ([952eb2f](952eb2f)) * **deps:** bump yargs-parser and yargs ([7d98d22](7d98d22)) * **deps:** resolve dependency changes in package.json ([8500be4](8500be4)) * **deps:** update eslint dev dependencies ([f5728ba](f5728ba)) * husky was preventing package from being installable ([b15f019](b15f019)) * jcrPath option not working fixes [amclin#40](https://github.com/friendlymahi/aem-packager/issues/40) ([a7a0fb6](a7a0fb6)) * maven failing to resolve Adobe vault plugin ([6611718](6611718)) * options mapped properly ([ac170b8](ac170b8)) * **package:** update read-config-file to version 4.0.0 ([237ea6a](237ea6a)) * **package:** update read-config-file to version 5.0.0 ([841a755](841a755)) * updated docs instead of var def ([a1a39e1](a1a39e1)) ### Continuous Integration * specify node versions by keyword ([ad10b13](ad10b13)) ### Features * bump minimum Node from v12 to v14 ([e67c5e5](e67c5e5)) * **deps:** enforce minimum Node v12 ([1273dac](1273dac)), closes [amclin#222](https://github.com/friendlymahi/aem-packager/issues/222) * **deps:** remove lodash dependency ([3775405](3775405)) * jackrabbit package plugin ([d331897](d331897)), closes [amclin#488](https://github.com/friendlymahi/aem-packager/issues/488) * jackrabbit package plugin ([4b64ecf](4b64ecf)), closes [amclin#488](https://github.com/friendlymahi/aem-packager/issues/488) * jackrabbit package plugin ([84a7a87](84a7a87)), closes [amclin#488](https://github.com/friendlymahi/aem-packager/issues/488) * jackrabbit package plugin ([61ed2da](61ed2da)) * jackrabbit package plugin ([f9f1f14](f9f1f14)), closes [amclin#488](https://github.com/friendlymahi/aem-packager/issues/488) * npm publish ([6b26724](6b26724)) * support for NPM v7 and later ([688a958](688a958)), closes [amclin#395](https://github.com/friendlymahi/aem-packager/issues/395) * switch to jackrabbit for content packaging ([2b2e7ca](2b2e7ca)) * verify maven is available when installing ([4447b30](4447b30)) * version bump for breaking change ([0b11cb8](0b11cb8)) ### BREAKING CHANGES * no longer contains the necessary maven plugins for CRX deployment functionalitty. To add legacy CRX support on top of Jackrabbit, set the new option `legacyCRXSupport` to true. To restore the old `aem-packager` functionality entirely, set the new option `packager` to `jcrvault` * drop support for Node v12 No explicit functional changes or library dependencies currently need v14, so technically it may still work on v12, but is unsupported and no longer tested. * drop support for Node 12 * now requires Node v12

# 1.0.0 (2024-05-23) ### Bug Fixes * **ci:** improve release versioning ([c6f5f67](c6f5f67)) * config merge fix ([e31e2a1](e31e2a1)), closes [amclin#486](https://github.com/friendlymahi/aem-packager/issues/486) * configs were not loading from package.json ([00b5501](00b5501)) * **deps-dev:** [security] bump minimist and semantic-release ([63db0cc](63db0cc)) * **deps:** [security] bump acorn from 7.0.0 to 7.1.1 ([1699dd0](1699dd0)) * **deps:** [security] bump glob-parent from 5.1.0 to 5.1.2 ([81e0bfa](81e0bfa)) * **deps:** [security] bump hosted-git-info from 2.7.1 to 2.8.9 ([50fb816](50fb816)) * **deps:** [security] bump ini from 1.3.5 to 1.3.7 ([3420d61](3420d61)) * **deps:** [security] bump lodash from 4.17.19 to 4.17.21 ([a015813](a015813)) * **deps:** [security] bump minimist from 1.2.0 to 1.2.5 ([15c5974](15c5974)) * **deps:** [security] bump npm from 6.13.0 to 6.13.4 ([090745e](090745e)) * **deps:** [security] bump npm-registry-fetch from 4.0.3 to 4.0.5 ([35b29a6](35b29a6)) * **deps:** [security] bump npm-user-validate from 1.0.0 to 1.0.1 ([2c163c2](2c163c2)) * **deps:** [security] bump npm-user-validate from 1.0.0 to 1.0.1 ([21014ec](21014ec)) * **deps:** [security] bump trim-newlines from 3.0.0 to 3.0.1 ([a4aec8f](a4aec8f)) * **deps:** [security] bump y18n from 4.0.0 to 4.0.1 ([25ef707](25ef707)) * **deps:** adopt Husky 5 syntax for automating checks ([57fcedd](57fcedd)) * **deps:** auto-bump version numbers when dependencies update ([427003e](427003e)) * **deps:** bump ansi-regex from 5.0.0 to 5.0.1 ([e809384](e809384)) * **deps:** bump command-line-args from 5.1.1 to 5.1.3 ([eb1edf4](eb1edf4)) * **deps:** bump command-line-args from 5.1.3 to 5.2.0 ([bb4eb3f](bb4eb3f)) * **deps:** bump command-line-args from 5.2.0 to 5.2.1 ([90cd173](90cd173)) * **deps:** bump json5 from 1.0.1 to 1.0.2 ([0377874](0377874)) * **deps:** bump maven from 4.7.0 to 5.0.0 ([ada25d3](ada25d3)) * **deps:** bump minimist from 1.2.5 to 1.2.6 ([27910f2](27910f2)) * **deps:** bump node-fetch from 2.6.6 to 2.6.7 ([b9705fa](b9705fa)) * **deps:** bump npm from 8.8.0 to 8.11.0 ([d745e7b](d745e7b)) * **deps:** bump path-parse from 1.0.6 to 1.0.7 ([fe35624](fe35624)) * **deps:** bump read-config-file from 5.0.0 to 5.0.1 ([9d85306](9d85306)) * **deps:** bump read-config-file from 5.0.1 to 5.0.2 ([3ed6c0d](3ed6c0d)) * **deps:** bump read-config-file from 5.0.2 to 6.0.0 ([3887115](3887115)) * **deps:** bump read-config-file from 6.0.0 to 6.1.0 ([e8f1506](e8f1506)) * **deps:** bump read-config-file from 6.1.0 to 6.2.0 ([969258d](969258d)) * **deps:** bump read-config-file from 6.2.0 to 6.3.2 ([869ea07](869ea07)) * **deps:** bump shell-quote from 1.6.1 to 1.7.3 ([cbc3cde](cbc3cde)) * **deps:** bump yaml, cosmiconfig and semantic-release ([952eb2f](952eb2f)) * **deps:** bump yargs-parser and yargs ([7d98d22](7d98d22)) * **deps:** resolve dependency changes in package.json ([8500be4](8500be4)) * **deps:** update eslint dev dependencies ([f5728ba](f5728ba)) * husky was preventing package from being installable ([b15f019](b15f019)) * jcrPath option not working fixes [amclin#40](https://github.com/friendlymahi/aem-packager/issues/40) ([a7a0fb6](a7a0fb6)) * maven failing to resolve Adobe vault plugin ([6611718](6611718)) * options mapped properly ([ac170b8](ac170b8)) * **package:** update read-config-file to version 4.0.0 ([237ea6a](237ea6a)) * **package:** update read-config-file to version 5.0.0 ([841a755](841a755)) * updated docs instead of var def ([a1a39e1](a1a39e1)) ### Continuous Integration * specify node versions by keyword ([ad10b13](ad10b13)) ### Features * bump minimum Node from v12 to v14 ([e67c5e5](e67c5e5)) * **deps:** enforce minimum Node v12 ([1273dac](1273dac)), closes [amclin#222](https://github.com/friendlymahi/aem-packager/issues/222) * **deps:** remove lodash dependency ([3775405](3775405)) * jackrabbit package plugin ([d331897](d331897)), closes [amclin#488](https://github.com/friendlymahi/aem-packager/issues/488) * jackrabbit package plugin ([4b64ecf](4b64ecf)), closes [amclin#488](https://github.com/friendlymahi/aem-packager/issues/488) * jackrabbit package plugin ([84a7a87](84a7a87)), closes [amclin#488](https://github.com/friendlymahi/aem-packager/issues/488) * jackrabbit package plugin ([61ed2da](61ed2da)) * jackrabbit package plugin ([f9f1f14](f9f1f14)), closes [amclin#488](https://github.com/friendlymahi/aem-packager/issues/488) * npm publish ([799f936](799f936)) * npm publish ([6b26724](6b26724)) * support for NPM v7 and later ([688a958](688a958)), closes [amclin#395](https://github.com/friendlymahi/aem-packager/issues/395) * switch to jackrabbit for content packaging ([2b2e7ca](2b2e7ca)) * verify maven is available when installing ([4447b30](4447b30)) * version bump for breaking change ([0b11cb8](0b11cb8)) ### BREAKING CHANGES * no longer contains the necessary maven plugins for CRX deployment functionalitty. To add legacy CRX support on top of Jackrabbit, set the new option `legacyCRXSupport` to true. To restore the old `aem-packager` functionality entirely, set the new option `packager` to `jcrvault` * drop support for Node v12 No explicit functional changes or library dependencies currently need v14, so technically it may still work on v12, but is unsupported and no longer tested. * drop support for Node 12 * now requires Node v12

amclin added the bug Something isn't working label Jan 11, 2022

amclin self-assigned this Jan 11, 2022

amclin mentioned this issue Jan 11, 2022

Package.json "defines > groupId" field is not being honoured #385

Closed

amclin changed the title ~~groupId doesn't work in NPM 8~~ groupId doesn't work in NPM 7 and 8 Jan 11, 2022

amclin added a commit that referenced this issue Jul 9, 2022

feat: support for NPM v7 and later

688a958

Fixes #395

amclin mentioned this issue Jul 9, 2022

feat: support for NPM v7 and later #433

Merged

amclin closed this as completed in #433 Jul 9, 2022

amclin pushed a commit that referenced this issue Jul 9, 2022

chore(release): 3.1.0 [skip ci]

d7b386d

# [3.1.0](v3.0.0...v3.1.0) (2022-07-09) ### Features * support for NPM v7 and later ([688a958](688a958)), closes [#395](#395)

amclin added the released label Jul 9, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

groupId doesn't work in NPM 7 and 8 #395

groupId doesn't work in NPM 7 and 8 #395

amclin commented Jan 11, 2022 •

edited

Loading

amclin commented Jan 11, 2022 •

edited

Loading

amclin commented Jul 9, 2022

groupId doesn't work in NPM 7 and 8 #395

groupId doesn't work in NPM 7 and 8 #395

Comments

amclin commented Jan 11, 2022 • edited Loading

amclin commented Jan 11, 2022 • edited Loading

amclin commented Jul 9, 2022

amclin commented Jan 11, 2022 •

edited

Loading

amclin commented Jan 11, 2022 •

edited

Loading